April Patch Tuesday Analysis 2018

Patch Tuesday Webinar
Wednesday, April 11, 2018
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 800 680 582

Agenda
April 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

In the News -
 SamSam Ransomware
 https://www.wired.com/story/atlanta-ransomware-samsam-will-strike-again/

Known Issues Things to be aware of
 Ivanti Content Changes
 Flattening Bulletin structure to create consistency across catalog
 Landesk https://community.ivanti.com/docs/DOC-62948
 Shavlik https://community.shavlik.com/docs/DOC-24561

 Windows 10 Branch Support: End of Service for 2018
 Branch 1607 scheduled for April 10 (extended from March 2018)
 Branch 1703 scheduled for October 9 (extended from September 2018)
 Windows 10 Version 1511, 1607, 1703, and 1709 will continue to receive
security-only updates for 6 months past EOS dates
 Version 1511 final update yesterday
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Everyone strongly urged to update to latest version of Windows 10
 Windows lifecycle fact sheet

Microsoft Notable March & April Out-of-Band Releases
 MS18-04-4090450 - 2018-04 Security Update for Windows Server 2008 (KB4090450)
 Bulletin: Q4090450
 Fixes 3 Vulnerabilities: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754
 MS18-0323-IE - Cumulative security update for Internet Explorer: March 23, 2018
 Fixes 7 Vulnerabilities: CVE-2018-0889, CVE-2018-0891, CVE-2018-0927, CVE-
2018-0929, CVE-2018-0932, CVE-2018-0935, CVE-2018-0942
 MS18-03-4100480 - Windows kernel update for CVE-2018-1038
 Fixes 1 Vulnerability: CVE-2018-1038 (Publicly Disclosed)
 MSNS18-03-4099950 (KB4099950) – NIC fix for VMware from March
 MSNS18-03-4091663 (KB4091663) – Intel Microcode update for Windows 10 1703
 MSNS18-03-4090007 (KB4090007) – Intel Microcode update for Windows 10 1607

 Microsoft removed the regkey check related to the Meltdown and Spectre fixes
for all operating systems
 Microsoft released security updates for
 Visual Studio 2010-2017
 XP Embedded
 Oracle’s Critical Patch Updates (CPU)
 April 17
 https://www.oracle.com/technetwork/topics/security/alerts-086861.html

Public Disclosures
 CVE-2018-1034 - Microsoft SharePoint Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists when Microsoft SharePoint Server
does not properly sanitize a specially crafted web request to an affected
SharePoint server. An authenticated attacker could exploit the vulnerability by
sending a specially crafted request to an affected SharePoint server.
 The attacker who successfully exploited the vulnerability could then perform
cross-site scripting attacks on affected systems and run script in the security
context of the current user. These attacks could allow the attacker to read
content that the attacker is not authorized to read, use the victim's identity to take
actions on the SharePoint site on behalf of the user, such as change permissions
and delete content, and inject malicious content in the browser of the user.

MS18-04-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1511, 1607, 1703, 1709, Server
2016, IE 11 and Microsoft Edge
 Description: This bulletin references 5 KB articles. See KBs for list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
 Fixes 50 Vulnerabilities: There are no publicly disclosed or known exploited
vulnerabilities this month. See Details column of Security Update Guide for complete
list.
 Restart Required: Requires restart
 Known Issues: See next slide
 NOTE: This is the final update available for Windows 10 Enterprise and Windows 10
Education editions as part of the Windows 10, version 1511 additional servicing offer.

April’s Known Issues for Windows 10
 KB 4093112 - Windows 10 version 1709
 Windows Update History reports that KB 4054517 failed to install because of error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the
update failed to install. Select Check for Updates to confirm that there are no additional updates
available. Microsoft is working on a resolution and will provide an update in an upcoming
release.

MS18-04-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer
4092946 are also included in the April 2018 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in this update. This bulletin references 9 KB articles.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 13 vulnerabilities: CVE-2018-0870, CVE-2018-0981, CVE-2018-0987, CVE-
2018-0988, CVE-2018-0989, CVE-2018-0991, CVE-2018-0996, CVE-2018-0997, CVE-
2018-1000, CVE-2018-1001, CVE-2018-1004, CVE-2018-1018, CVE-2018-1020
 Restart Required: Requires browser restart
 Known Issues: None reported

MS18-04-AFP: Security Update for Adobe Flash Player
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4093110.
 Impact: Remote Code Execution
2018-4935, CVE-2018-4936, CVE-2018-4937
 Restart Required: Requires application restart

APSB18-08: Security Update for Adobe Flash Player
 Affected Products: Adobe Flash Player
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.113 and earlier versions. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
 Impact: Remote Code Execution
2018-4935, CVE-2018-4936, CVE-2018-4937

MS18-04-2K8: Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to the Microsoft JET Database Engine, Windows Adobe
Type Manager Font Driver (ATMFD.dll), Windows font library, Windows Kernel, Remote
Desktop Protocol (RDP), and Windows SNMP Service. This bulletin references 6 KB
articles.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
2018-8116

MS18-04-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4088881 (released March 23, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4093118.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
 Fixes 20 (shown) + 13 (IE) Vulnerabilities: CVE-2018-0887, CVE-2018-0960,
CVE-2018-0967, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972,
CVE-2018-1015, CVE-2018-1016, CVE-2018-8116
 Known Issues: See upcoming slide

MS18-04-SO7: Security-only Update for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Internet Explorer, Microsoft scripting engine, Microsoft
graphics component, Windows Server, Windows datacenter networking, Windows
virtualization and kernel, and Windows app platform and frameworks. This bulletin is
based on KB 4093108.
2018-1016, CVE-2018-8116
 Known Issues: See next slide

April’s Known Issues for Windows 7 and Server 2008 R2
 KB 4093118 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 After installing this update, SMB servers may leak memory. Microsoft is investigating.
 A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data
(SIMD) Extensions 2 (SSE2). Microsoft is investigating.
 KB 4093108 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 Same two issues for this Security Only update as listed above for Monthly Rollup

MS18-04-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE
CVE-2018-1013, CVE-2018-1015, CVE-2018-1016, CVE-2018-8116

MS18-04-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012
 Description: Security updates to Microsoft scripting engine, Internet Explorer,
Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter
networking, and Windows app platform and frameworks. This bulletin is based on KB
4093122.
2018-1015, CVE-2018-1016, CVE-2018-8116

MS18-04-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
CVE-2018-8116

MS18-04-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Security updates to Microsoft scripting engine, Microsoft graphics
component, Windows Server, Windows kernel, Windows datacenter networking,
Windows Hyper-V, Windows virtualization and kernel, Windows app platform and
frameworks. This bulletin is based on KB 4093115.
2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016, CVE-2018-8116

MS18-04-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2007-2016 and 2016 for mac, Excel 2007-2016, Web Apps
Server, Word 2007-2016
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 22 KB articles plus Release Notes for mac.
2018-1030, CVE-2018-8117

MS18-04-O365: Security Updates for Microsoft Office 365
 Affected Products: Excel 2016 and Office 2016
 Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
2018-1030

MS18-04-VSxxxx: Security Updates for Visual Studio
 Affected Products: Visual Studio 2010, 2013, 2015, and 2017
 Description: An information disclosure vulnerability exists when Visual Studio
improperly discloses the contents of its memory. An attacker who exploits the
vulnerability could view uninitialized memory from the computer that is used to compile
a program database file.
 Impact: Information Disclosure
 Fixes 1 Vulnerability: CVE-2018-1037
 Restart Required: May require restart
 Known Issues: MS18-04-VS2013-4089283, the VS2013 patch, appears to hang
when there’s not an active desktop session. Visual Studio 2012 has a KB, but no patch
has been released yet.

MS18-04-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft Enterprise SharePoint Server 2010-2016
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on 4 KB articles.
 Impact: Remote Code Execution and Elevation of Privilege
2018-1032, CVE-2018-1034
 Restart Required: Requires Restart

Non-Security Updates
 Maximum Severity: Recommended
 Affected Products: Bandicut, TortoiseHg, and Tomcat
 Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.

Between Patch Tuesday’s
New Product Support: None
Security Updates: Adobe Shockwave (1), Apache Tomcat (1), Apple iCloud (1),
FileZilla (2), LibreOffice (2), Microsoft (5), Nmap (1), Notepad++ (1), Opera (3), Slack (1),
Splunk Universal Forwarder (1), Thunderbird (1), VMware Tools (1), Wireshark (1)
Non-Security Updates: AIMP (1), Apple Software Update (1), Bandicut (1), Box Sync
(1), Camtasia (1), Cisco WebEx Meeting Center (2), Dropbox (2), GOM Player (1),
GoodSync (4), GoToMeeting (2), Google Backup and Sync (2), HipChat (1), Inkscape (1),
Malwarebytes (1), Microsoft (46), PDFCreator (1), Plex Media Player (1), Plex Media
Server (1), Prezi Desktop (2), Skype (1), Snagit (1), TeamViewer (1), WinSCP (1), Webex
Productivity Tools (1)

Third Party CVE Information
 iTunes 12.7.4.76
 Bulletin AI18-002, QAI127476
2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4121,
CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-
4129, CVE-2018-4130, CVE-2018-4144, CVE-2018-4146, CVE-2018-4161, CVE-
2018-4162, CVE-2018-4163, CVE-2018-4165
 Firefox 59.0.2
 Bulletin FF18-007, QFF5902
 Firefox ESR 52.7.3
 Bulletin FFE18-5273, QFFE5273

Third Party CVE Information (cont)
 Apple iCloud 7.4.0
 Bulletin ICLOUD-010, QICLOUD740111
2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4121,
CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-
4129, CVE-2018-4130, CVE-2018-4144, CVE-2018-4146, CVE-2018-4161, CVE-
2018-4162, CVE-2018-4163, CVE-2018-4165
 Thunderbird 52.7.0
 Bulletin TB18-5270, QTB5270
2018-5144 ,CVE-2018-5145, CVE-2018-5146

https://interchange.ivanti.com/dallas
#interchange18
Boot Camps
6 Tracks
Hands-on Labs
Early Bird,
Partner & Group
Discounts
Direct Access to
Experts for All
Solutions
2018 Pricing:
Early Bird:
$1295 Jan.1 - April 6
Standard:
$1695 April 7 – May 16
Save an extra $100 by using promo code: INT18WEB100

April Patch Tuesday Analysis 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to April Patch Tuesday Analysis 2018

Similar to April Patch Tuesday Analysis 2018 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

April Patch Tuesday Analysis 2018

Editor's Notes