The document provides an overview of a webinar discussing the February 2018 patch Tuesday events, hosted by Chris Goettl and Todd Schell. It covers critical vulnerabilities across various Microsoft products including Windows, Office, and Internet Explorer, as well as updates on identified issues like the Meltdown and Spectre vulnerabilities. The document also outlines specific security updates, requirements for installations, and known issues related to antivirus software compatibility.

1. Patch Tuesday Webinar
Wednesday, February 14, 2018
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 806 175 024

2. Agenda
February 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

3.  Overview

5.  In the News

6. In the News -
 Update on Meltdown and Spectre:
 http://www.zdnet.com/article/microsoft-delivers-free-meltdown-spectre-assessment-
tool-for-it-pros/
 https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-
guidance-for-customers-and-partners/
 https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-
against-spectre-variant-2
 Ivanti Product Related Articles:
 https://community.shavlik.com/docs/DOC-24510 (Shavlik)
 https://community.ivanti.com/docs/DOC-66046 (LANDESK)
 https://community.ivanti.com/docs/DOC-63022 (HEAT)
 Other News
 Flash Zero Day Resolved February 6th
 https://krebsonsecurity.com/tag/flash-player-zero-day/

7. Known Issues Things to be aware of
 Windows 10 Branch Support: End of Life for 2018
 Branch 1607 scheduled for March 2018
 Branch 1703 scheduled for September 2018
 Windows 10 Version 1511 will continue to receive limited, critical updates
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Everyone strongly urged to update to latest version of Windows 10

8. Known Issues Things to be aware of
 Microsoft limits patch installation based on AV regkey
 Because of an issue that affects some versions of antivirus software, this fix applies
only to computers on which the antivirus ISV updated the ALLOW REGKEY.
 Contact your antivirus manufacturer to verify that their software is compatible and
that they have set the following REGKEY on the computer:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
 Multiple KBs referenced in today’s webinar slides

9. Public Disclosures
 CVE-2018-0771 - Microsoft Edge Security Feature Bypass Vulnerability
 A security feature bypass vulnerability exists when Microsoft Edge improperly
handles requests of different origins. The vulnerability allows Microsoft Edge to
bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should
otherwise be ignored. An attacker who successfully exploited the vulnerability
could force the browser to send data that would otherwise be restricted.
 In a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit the vulnerability through Microsoft Edge and
then convince a user to view the website. The attacker could also take advantage
of compromised websites, and websites that accept or host user-provided
content or advertisements. These websites could contain specially crafted
content that could exploit the vulnerability.

10. Zero Day Vulnerability
 CVE-2018-4878 - Adobe Flash Vulnerability (from National Vulnerability
Database)
 A use-after-free vulnerability was discovered in Adobe Flash Player before
28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime
SDK related to the handling of listener objects. A successful attack can lead to
arbitrary code execution. This was exploited in the wild in January and February
2018.

11.  Bulletins

12. MS18-02-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 1511, 1607,1703, 1709, Server 2016, IE 11
and Microsoft Edge
 Description: This bulletin references 5 KB articles. See bulletins for list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
 Fixes 36 Vulnerabilities: CVE-2018-0771 is publicly disclosed but not known
exploited. See Details column of Security Update Guide for complete list.
 Restart Required: Requires restart
 Known Issues: See next slide
 NOTE: Education and Enterprise versions of Windows 10 version 1511 supported until
April 2018.

13. February’s Known Issues for Windows 10
 For All Windows 10 KBs
 Due to an issue with some versions of anti-virus software, this fix is only being made applicable
to the machines where the anti virus ISV has updated the ALLOW REGKEY.
 KB 4074590 - Windows 10 Version 1607, Windows Server 2016
 After installing this update, servers where Credential Guard is enabled may experience an
unexpected restart with the error "The system process lsass.exe terminated unexpectedly with
status code -1073740791. The system will now shut down and restart.“ Recommended action is
to disable Credential Guard until fix is available.
 KB 4074588 – Windows 10 version 1709
 Windows Update History reports that KB4054517 failed to install because of error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the
update failed to install. Select Check for Updates to confirm that there are no additional updates
available. Recommended action is to ignore message for now as it is installing properly.

14. MS18-02-OFF: Security Updates for Microsoft Office
 Maximum Severity: Critical
 Affected Products: Office 2007-2016, Outlook 2007-2016, Word Viewer, and Project
Server 2013
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 13 KB articles plus Click to Run.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
 Fixes 6 Vulnerabilities: CVE-2018-0841, CVE-2018-0850, CVE-2018-0851, CVE-
2018-0852, CVE-2018-0853, CVE-2018-0864
 Restart Required: Requires application restart
 Known Issues: None reported. You must have the latest service packs installed in
order to install many of these security patches. Example, Office 2010 SP2, Excel 2013
SP1, etc.

15. MS18-02-IE: Security Updates for Internet Explorer
 Maximum Severity: Critical
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in the cumulative Security Update for Internet
Explorer KB 4074736 are also included in the February 2018 Security Monthly Quality
Rollup. Installing either the Security Update for Internet Explorer or the Security
Monthly Quality Rollup installs the fixes that are in this update. This bulletin references
9 KB articles.
 Impact: Remote Code Execution
 Fixes 2 vulnerabilities: CVE-2018-0840, CVE-2018-0866
 Restart Required: Requires browser restart
 Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.

16. MS18-02-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4057400 (released January 19, 2018) This bulletin includes updates for IE.
This bulletin is based on KB 4074598.
 Impact: Remote Code Execution, Elevation of Privilege Information Disclosure
 Fixes 15 (shown) + 2 (IE) Vulnerabilities: CVE-2018-0742, CVE-2018-0755, CVE-
2018-0757, CVE-2018-0760, CVE-2018-0761, CVE-2018-0810, CVE-2018-0820, CVE-
2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-
2018-0846, CVE-2018-0847, CVE-2018-0855
 Restart Required: Requires restart
 Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.

17. MS18-02-SO7: Security-only Update for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Windows Graphics, Windows Kernel, Common Log File
System driver, Microsoft Windows Search component, and Windows storage and file
systems. This bulletin is based on KB 4074587.
 Impact: Remote Code Execution, Elevation of Privilege Information Disclosure
 Fixes 15 Vulnerabilities: CVE-2018-0742, CVE-2018-0755, CVE-2018-0757, CVE-
2018-0760, CVE-2018-0761, CVE-2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-
2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-
2018-0847, CVE-2018-0855
 Restart Required: Requires restart
 Known Issues: These fixes can be installed only on systems that have the AV ALLOW
REGKEY properly set.

18. MS18-02-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4057402 (released January 17, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4074593.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
 Fixes 12 (shown) + 2 (IE) Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-
2018-0760, CVE-2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-
2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
 Restart Required: Requires restart
 Known Issues: None reported

19. MS18-02-SO8: Security-only Update for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012
 Description: Security updates to Windows Graphics, Windows Kernel, Common Log
File System driver, Microsoft Windows Search component, and Windows storage and
file systems. This bulletin is based on KB 4074589.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
 Fixes 12 Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-2018-0760, CVE-
2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-
2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
 Restart Required: Requires restart
 Known Issues: None reported

20. MS18-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4057401 (released January 17, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4074594.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
 Fixes 12 (shown) + 2 (IE) Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-
2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0832, CVE-
2018-0833, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
 Restart Required: Requires restart
 Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.

21. MS18-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: Security updates to Windows Kernel, Common Log File System driver,
Windows storage and file systems, Microsoft Windows Search component, and the
Windows SMB Server. This bulletin is based on KB 4074597.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
 Fixes 12 Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-2018-0820, CVE-
2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0832, CVE-2018-0833, CVE-
2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
 Restart Required: Requires restart
 Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.

22. MS18-02-2K8: Windows Server 2008
 Maximum Severity: Critical
 Affected Products: Microsoft Windows Server 2008
 Description: This security update provides several fixes for vulnerabilities where the
software fails to properly handle objects in memory. This bulletin references 7 KB
articles.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
 Fixes 11 Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-2018-0810, CVE-
2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-
2018-0844, CVE-2018-0846, CVE-2018-0847
 Restart Required: Requires restart
 Known Issues: None reported

23. MS18-02-SPT: Security Updates for SharePoint
 Maximum Severity: Important
 Affected Products: Microsoft Enterprise SharePoint Server 2016
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on KB 4011680.
 Impact: Elevation of privilege
 Fixes 2 Vulnerabilities: CVE-2018-0864, CVE-2018-0869
 Restart Required: Requires Restart
 Known Issues: None reported
 NOTE: In previous bulletins the SharePoint updates were bundled with the Office
updates. This has been separated out as many customers have separate desktop and
server patch teams.

24. APSB18-02: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical
 Affected Products: Adobe Acrobat and Reader (all current versions)
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and Macintosh. These updates address critical vulnerabilities that could
potentially allow an attacker to take control of the affected system.
 Impact: Remote Code Execution, Elevation of Privilege
 Fixes 41 Vulnerabilities: See APSB18-02 for complete list.
 Restart Required: Requires application restart

25. Chrome-216: Security Update for Chrome
 Maximum Severity: Critical
 Affected Products: Google Chrome
 Description: The stable channel has been updated to 64.0.3282.167 for Mac & Linux,
and 64.0.3282.167/168 for Windows, which will roll out over the coming days/weeks.
 Impact: Not reported
 Fixes 1 Vulnerability: CVE-2018-6056
 Restart Required: Requires restart

26. Non-Security Updates
 Maximum Severity: Recommended
 Affected Products: CCleaner and Bandicut
 Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.

27. MS18-02-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4074595.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: CVE-2018-4877, CVE-2018-4878
 Restart Required: Requires application restart
 NOTE: This bulletin was released on February 6th.

28. APSB18-03: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities that could lead to remote code execution in Adobe Flash Player
28.0.0.137 and earlier versions. Successful exploitation could potentially allow an
attacker to take control of the affected system.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: CVE-2018-4877, CVE-2018-4878
 Restart Required: Requires application restart
 NOTE: This bulletin was released on February 6th.

29. Between Patch Tuesday’s
New Product Support: Java Runtime Environment 9.0
Security Updates: 7-Zip (1), iTunes (1), CCleaner (1), Chrome (2), Firefox (3), Firefox
ESR (1), FoxitPhantomPDF (1), iCloud (1), LibreOffice (2), Opera (3), Slack Machine-Wide
Installer (2), Splunk Universal Forwarder (1), Thunderbird (1), Apache Tomcat (3),
UltraVNC (1), VLC (1), VMware Player (3), VMware Workstation (3)
Non-Security Updates: Beyond Compare (1), Citrix Reciever (2), Dropbox (2),
Evernote (1), GOM Player (1), GoodSync (4), GoToMeeting (2), Google Backup and Sync
(2), KeePass (1), LibreOffice (1), LogMeIn (1), Mozy Home (1), Mozy Pro (1), Nitro Pro (1),
VirtualBox (1), PDFCreator (1), PDF-Xchange Pro (3), Plex Media Player (1), Prezi Classic
Desktop (1), Skype (1), Snagit (1), TreeSize Free (2), TeamViewer (2), Wireshark (1),
Cisco Webex Meeting Center (1), Webex Productivity Tools (3), Xmind (1)
Security Tool: Ivanti (2)

30. Third Party CVE Information
 Foxit PhantomPDF 8.3.5
 Bulletin FIP-014, QFIP835
 Fixes 1 Vulnerability: CVE-2017-14694
 Thunderbird 52.6.0
 Bulletin TB18-5260, QTB5260
 Fixes 10 Vulnerabilities: CVE-2018-5089, CVE-2018-5095, CVE-2018-5096,
CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-
5103, CVE-2018-5104, CVE-2018-5117
 Apache Tomcat 7.0.84
 Bulletin TOMCAT-098, QTOMCAT7084
 Fixes 1 Vulnerability: CVE-2017-15706

31. Third Party CVE Information (continued)
 Apple iCloud 7.3.0
 Bulletin ICLOUD-009, QICLOUD73020
 Fixes 2 Vulnerabilities: CVE-2018-4088, CVE-2018-4096
 iTunes 12.7.3.46
 Bulletin AI18-001, QAI127346
 Fixes 2 Vulnerabilities: CVE-2018-4088, CVE-2018-4096
 Wireshark 2.4.4
 Bulletin WIRES-074, QWIRES244
 Fixes 4 Vulnerabilities: CVE-2017-5753, CVE-2018-5334, CVE-2018-5335, CVE-
2018-5336

32. Third Party CVE Information (continued)
 VMware Workstation 12.5.9 Pro
 Bulletin VMWW-011, QVMWW1259
 Fixes 3 Vulnerabilities: CVE-2017-4949, CVE-2017-4950, CVE-2017-5715
 VMware Workstation 12.5.9 Player
 Bulletin VMWP-035, QVMWP1259
 Fixes 3 Vulnerabilities: CVE-2017-4949, CVE-2017-4950, CVE-2017-5715
 VMware Workstation 14.1.1 Pro
 Bulletin VMWW-010, QVMWW1411
 Fixes 3 Vulnerabilities: CVE-2017-4949, CVE-2017-4950, CVE-2017-5715
 VMware Workstation 14.1.1 Player
 Bulletin VMWW-034, QVMWW1411
 Fixes 3 Vulnerabilities: CVE-2017-4949, CVE-2017-4950, CVE-2017-5715

33. Third Party CVE Information (continued)
 Java Runtime Environment 9.0.4
 Bulletin JRE9-003, QJRE904
 Fixes 20 Vulnerabilities: CVE-2018-2579, CVE-2018-2581, CVE-2018-2582,
CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-
2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-
2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657,
CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
 Java 8 Update 161
 Bulletin JAVA8-161, QJAVA8U161
 Fixes 15 Vulnerabilities: CVE-2018-2579, CVE-2018-2582, CVE-2018-2588,
CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-
2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-
2018-2663, CVE-2018-2677, CVE-2018-2678

35. Thank You