This document provides an agenda and overview for a webinar on the April 2018 Patch Tuesday updates. The webinar will cover an overview of the April 2018 patches, notable security issues in the news, known issues with the updates, and questions and answers. Bulletins to be discussed include updates for Windows 10, Internet Explorer, Adobe Flash Player, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8.1, and more. A number of vulnerabilities will be patched, including remote code execution flaws.
6. In the News -
SamSam Ransomware
https://www.wired.com/story/atlanta-ransomware-samsam-will-strike-again/
7. Known Issues Things to be aware of
Ivanti Content Changes
Flattening Bulletin structure to create consistency across catalog
Landesk https://community.ivanti.com/docs/DOC-62948
Shavlik https://community.shavlik.com/docs/DOC-24561
8. Known Issues Things to be aware of
Windows 10 Branch Support: End of Service for 2018
Branch 1607 scheduled for April 10 (extended from March 2018)
Branch 1703 scheduled for October 9 (extended from September 2018)
Windows 10 Version 1511, 1607, 1703, and 1709 will continue to receive
security-only updates for 6 months past EOS dates
Version 1511 final update yesterday
Supported Editions
Windows 10 Education
Windows 10 Enterprise
Unsupported Editions
Windows 10 Home
Windows 10 Pro
Everyone strongly urged to update to latest version of Windows 10
Windows lifecycle fact sheet
9. Microsoft Notable March & April Out-of-Band Releases
MS18-04-4090450 - 2018-04 Security Update for Windows Server 2008 (KB4090450)
Bulletin: Q4090450
Fixes 3 Vulnerabilities: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754
MS18-0323-IE - Cumulative security update for Internet Explorer: March 23, 2018
Bulletin: Q4096040
Fixes 7 Vulnerabilities: CVE-2018-0889, CVE-2018-0891, CVE-2018-0927, CVE-
2018-0929, CVE-2018-0932, CVE-2018-0935, CVE-2018-0942
MS18-03-4100480 - Windows kernel update for CVE-2018-1038
Bulletin: Q4100480
Fixes 1 Vulnerability: CVE-2018-1038 (Publicly Disclosed)
MSNS18-03-4099950 (KB4099950) – NIC fix for VMware from March
MSNS18-03-4091663 (KB4091663) – Intel Microcode update for Windows 10 1703
MSNS18-03-4090007 (KB4090007) – Intel Microcode update for Windows 10 1607
10. Known Issues Things to be aware of
Microsoft removed the regkey check related to the Meltdown and Spectre fixes
for all operating systems
Microsoft released security updates for
Visual Studio 2010-2017
XP Embedded
Oracle’s Critical Patch Updates (CPU)
April 17
https://www.oracle.com/technetwork/topics/security/alerts-086861.html
11. Public Disclosures
CVE-2018-1034 - Microsoft SharePoint Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft SharePoint Server
does not properly sanitize a specially crafted web request to an affected
SharePoint server. An authenticated attacker could exploit the vulnerability by
sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform
cross-site scripting attacks on affected systems and run script in the security
context of the current user. These attacks could allow the attacker to read
content that the attacker is not authorized to read, use the victim's identity to take
actions on the SharePoint site on behalf of the user, such as change permissions
and delete content, and inject malicious content in the browser of the user.
13. MS18-04-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 Versions 1511, 1607, 1703, 1709, Server
2016, IE 11 and Microsoft Edge
Description: This bulletin references 5 KB articles. See KBs for list of changes.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
Fixes 50 Vulnerabilities: There are no publicly disclosed or known exploited
vulnerabilities this month. See Details column of Security Update Guide for complete
list.
Restart Required: Requires restart
Known Issues: See next slide
NOTE: This is the final update available for Windows 10 Enterprise and Windows 10
Education editions as part of the Windows 10, version 1511 additional servicing offer.
14. April’s Known Issues for Windows 10
KB 4093112 - Windows 10 version 1709
Windows Update History reports that KB 4054517 failed to install because of error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the
update failed to install. Select Check for Updates to confirm that there are no additional updates
available. Microsoft is working on a resolution and will provide an update in an upcoming
release.
15. MS18-04-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 9, 10 and 11
Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer
4092946 are also included in the April 2018 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in this update. This bulletin references 9 KB articles.
Impact: Remote Code Execution and Information Disclosure
Fixes 13 vulnerabilities: CVE-2018-0870, CVE-2018-0981, CVE-2018-0987, CVE-
2018-0988, CVE-2018-0989, CVE-2018-0991, CVE-2018-0996, CVE-2018-0997, CVE-
2018-1000, CVE-2018-1001, CVE-2018-1004, CVE-2018-1018, CVE-2018-1020
Restart Required: Requires browser restart
Known Issues: None reported
16. MS18-04-AFP: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4093110.
Impact: Remote Code Execution
Fixes 6 Vulnerabilities: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-
2018-4935, CVE-2018-4936, CVE-2018-4937
Restart Required: Requires application restart
17. APSB18-08: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.113 and earlier versions. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
Impact: Remote Code Execution
Fixes 6 Vulnerabilities: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-
2018-4935, CVE-2018-4936, CVE-2018-4937
Restart Required: Requires application restart
18. MS18-04-2K8: Windows Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2008
Description: Security updates to the Microsoft JET Database Engine, Windows Adobe
Type Manager Font Driver (ATMFD.dll), Windows font library, Windows Kernel, Remote
Desktop Protocol (RDP), and Windows SNMP Service. This bulletin references 6 KB
articles.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
Fixes 19 Vulnerabilities: CVE-2018-0887, CVE-2018-0960, CVE-2018-0967, CVE-
2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-
2018-0974, CVE-2018-0975, CVE-2018-0976, CVE-2018-1003, CVE-2018-1008, CVE-
2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016, CVE-
2018-8116
Restart Required: Requires restart
Known Issues: None reported
19. MS18-04-MR7: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4088881 (released March 23, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4093118.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 20 (shown) + 13 (IE) Vulnerabilities: CVE-2018-0887, CVE-2018-0960,
CVE-2018-0967, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972,
CVE-2018-0973, CVE-2018-0974, CVE-2018-0975, CVE-2018-0976, CVE-2018-1003,
CVE-2018-1004, CVE-2018-1008, CVE-2018-1010, CVE-2018-1012, CVE-2018-1013,
CVE-2018-1015, CVE-2018-1016, CVE-2018-8116
Restart Required: Requires restart
Known Issues: See upcoming slide
20. MS18-04-SO7: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Security updates to Internet Explorer, Microsoft scripting engine, Microsoft
graphics component, Windows Server, Windows datacenter networking, Windows
virtualization and kernel, and Windows app platform and frameworks. This bulletin is
based on KB 4093108.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 20 Vulnerabilities: CVE-2018-0887, CVE-2018-0960, CVE-2018-0967, CVE-
2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-
2018-0974, CVE-2018-0975, CVE-2018-0976, CVE-2018-1003, CVE-2018-1004, CVE-
2018-1008, CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-
2018-1016, CVE-2018-8116
Restart Required: Requires restart
Known Issues: See next slide
21. April’s Known Issues for Windows 7 and Server 2008 R2
KB 4093118 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
After installing this update, SMB servers may leak memory. Microsoft is investigating.
A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data
(SIMD) Extensions 2 (SSE2). Microsoft is investigating.
KB 4093108 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
Same two issues for this Security Only update as listed above for Monthly Rollup
22. MS18-04-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012 and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4088883 (released March 22, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4093123.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 21 (shown) + 13 (IE) Vulnerabilities: CVE-2018-0887, CVE-2018-0960,
CVE-2018-0967, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972,
CVE-2018-0973, CVE-2018-0974, CVE-2018-0975, CVE-2018-0976, CVE-2018-1003,
CVE-2018-1004, CVE-2018-1008, CVE-2018-1009, CVE-2018-1010, CVE-2018-1012,
CVE-2018-1013, CVE-2018-1015, CVE-2018-1016, CVE-2018-8116
Restart Required: Requires restart
Known Issues: None reported
23. MS18-04-SO8: Security-only Update for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: Security updates to Microsoft scripting engine, Internet Explorer,
Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter
networking, and Windows app platform and frameworks. This bulletin is based on KB
4093122.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 21 Vulnerabilities: CVE-2018-0887, CVE-2018-0960, CVE-2018-0967, CVE-
2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-
2018-0974, CVE-2018-0975, CVE-2018-0976, CVE-2018-1003, CVE-2018-1004, CVE-
2018-1008, CVE-2018-1009, CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-
2018-1015, CVE-2018-1016, CVE-2018-8116
Restart Required: Requires restart
Known Issues: None reported
24. MS18-04-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4088882 (released March 22, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4093114.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 23 (shown) + 13 (IE) Vulnerabilities: CVE-2018-0887, CVE-2018-0957,
CVE-2018-0960, CVE-2018-0967, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970,
CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975,
CVE-2018-0976, CVE-2018-1003, CVE-2018-1004, CVE-2018-1008, CVE-2018-1009,
CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016,
CVE-2018-8116
Restart Required: Requires restart
Known Issues: None reported
25. MS18-04-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2
Description: Security updates to Microsoft scripting engine, Microsoft graphics
component, Windows Server, Windows kernel, Windows datacenter networking,
Windows Hyper-V, Windows virtualization and kernel, Windows app platform and
frameworks. This bulletin is based on KB 4093115.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 23 Vulnerabilities: CVE-2018-0887, CVE-2018-0957, CVE-2018-0960, CVE-
2018-0967, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-
2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975, CVE-2018-0976, CVE-
2018-1003, CVE-2018-1004, CVE-2018-1008, CVE-2018-1009, CVE-2018-1010, CVE-
2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016, CVE-2018-8116
Restart Required: Requires restart
Known Issues: None reported
26. MS18-04-OFF: Security Updates for Microsoft Office
Maximum Severity: Important
Affected Products: Office 2007-2016 and 2016 for mac, Excel 2007-2016, Web Apps
Server, Word 2007-2016
Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 22 KB articles plus Release Notes for mac.
Impact: Remote Code Execution and Information Disclosure
Fixes 10 Vulnerabilities: CVE-2018-0920, CVE-2018-0950, CVE-2018-1007, CVE-
2018-1011, CVE-2018-1026, CVE-2018-1027, CVE-2018-1028, CVE-2018-1029, CVE-
2018-1030, CVE-2018-8117
Restart Required: Requires application restart
Known Issues: None reported
27. MS18-04-O365: Security Updates for Microsoft Office 365
Maximum Severity: Important
Affected Products: Excel 2016 and Office 2016
Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
Impact: Remote Code Execution and Information Disclosure
Fixes 4 Vulnerabilities: CVE-2018-0950, CVE-2018-1026, CVE-2018-1029, CVE-
2018-1030
Restart Required: Requires application restart
Known Issues: None reported
28. MS18-04-VSxxxx: Security Updates for Visual Studio
Maximum Severity: Important
Affected Products: Visual Studio 2010, 2013, 2015, and 2017
Description: An information disclosure vulnerability exists when Visual Studio
improperly discloses the contents of its memory. An attacker who exploits the
vulnerability could view uninitialized memory from the computer that is used to compile
a program database file.
Impact: Information Disclosure
Fixes 1 Vulnerability: CVE-2018-1037
Restart Required: May require restart
Known Issues: MS18-04-VS2013-4089283, the VS2013 patch, appears to hang
when there’s not an active desktop session. Visual Studio 2012 has a KB, but no patch
has been released yet.
29. MS18-04-SPT: Security Updates for SharePoint Server
Maximum Severity: Important
Affected Products: Microsoft Enterprise SharePoint Server 2010-2016
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on 4 KB articles.
Impact: Remote Code Execution and Elevation of Privilege
Fixes 5 Vulnerabilities: CVE-2018-1005, CVE-2018-1014, CVE-2018-1028, CVE-
2018-1032, CVE-2018-1034
Restart Required: Requires Restart
Known Issues: None reported
30. Non-Security Updates
Maximum Severity: Recommended
Affected Products: Bandicut, TortoiseHg, and Tomcat
Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.
31. Between Patch Tuesday’s
New Product Support: None
Security Updates: Adobe Shockwave (1), Apache Tomcat (1), Apple iCloud (1),
FileZilla (2), LibreOffice (2), Microsoft (5), Nmap (1), Notepad++ (1), Opera (3), Slack (1),
Splunk Universal Forwarder (1), Thunderbird (1), VMware Tools (1), Wireshark (1)
Non-Security Updates: AIMP (1), Apple Software Update (1), Bandicut (1), Box Sync
(1), Camtasia (1), Cisco WebEx Meeting Center (2), Dropbox (2), GOM Player (1),
GoodSync (4), GoToMeeting (2), Google Backup and Sync (2), HipChat (1), Inkscape (1),
Malwarebytes (1), Microsoft (46), PDFCreator (1), Plex Media Player (1), Plex Media
Server (1), Prezi Desktop (2), Skype (1), Snagit (1), TeamViewer (1), WinSCP (1), Webex
Productivity Tools (1)