The January 2018 Patch Tuesday webinar outlined critical updates for various Microsoft products, including Windows 10, Microsoft Office, and Internet Explorer, addressing numerous vulnerabilities such as remote code execution and spoofing issues. Key noted vulnerabilities include CVE-2018-0802 in Office and ongoing concerns with AMD devices experiencing boot failures post-update. Attendees were encouraged to ensure systems are upgraded to the latest versions and to monitor for related issues with antivirus software compatibility.

1. Patch Tuesday Webinar
Wednesday, January 10, 2018
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 803 801 125

2. Agenda
January 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

3.  Overview

5.  In the News

6. In the News -
 Meltdown and Spectre:
 https://www.ivanti.com/blog/meltdown-spectre-need-know/
 Really good writup on Meltdown and Spectre.
 Spreadsheet tracking AV vendors complying with proper behavior and
placing registry key
 On Windows servers you also need to enable the fixes after applying the
updates.
 Oracle Critical Patch Updates (CPU) is January 16th
 Look for updates to Java JRE and JDK

7. Known Issues Things to be aware of
 Windows 10 Branch Support: End of Life for 2018
 Branch 1607 scheduled for March 2018
 Branch 1703 scheduled for September 2018
 Windows 10 Version 1511 will continue to receive limited, critical updates
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Everyone strongly urged to update to latest version of Windows 10

8. Public Disclosures
 CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC
 A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly
handle the encoding and display of email addresses. This improper handling and
display may cause antivirus or antispam scanning to not work as intended. To
exploit the vulnerability, an attacker could send a specially crafted email attachment
to a user in an attempt to launch a social engineering attack, such as phishing.
 CVE-2017-5715 - Branch Target Injection
 CVE-2017-5753 - Bounds Check Bypass
 CVE-2017-5754 - Rogue Data Cache Load

9. Zero Day Vulnerability
 CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability
 A remote code execution vulnerability exists in Microsoft Office software when the
software fails to properly handle objects in memory. An attacker who successfully
exploited the vulnerability could run arbitrary code in the context of the current user.
Exploitation of the vulnerability requires that a user open a specially crafted file with
an affected version of Microsoft Office or Microsoft WordPad software. In an email
attack scenario, an attacker could exploit the vulnerability by sending the specially
crafted file to the user and convincing the user to open the file. In a web-based
attack scenario, an attacker could host a website (or leverage a compromised
website that accepts or hosts user-provided content) containing a specially crafted
file designed to exploit the vulnerability. An attacker would have no way to force
users to visit the website. Instead, an attacker would have to convince users to click
a link, typically by way of an enticement in an email or instant message, and then
convince them to open the specially crafted file.
 The security update addresses the vulnerability by removing Equation Editor
functionality.

10.  Bulletins

11. MS18-01-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 1511, 1607,1703, 1709, Server 2016, IE 11
and Microsoft Edge
 Description: This bulletin references KB articles 4056888, 4056890, 4056891,
4056893 and Advisory 180002. See bulletins for list of changes.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 21 Vulnerabilities: Security Advisory 180002 addresses CVE-2017-5715,
CVE-2017-5753, CVE-2017-5754 which are publicly disclosed but not known exploited.
See Details column of Security Update Guide for complete list.
 Restart Required: Requires Restart
 Known Issues: See next slide
 NOTE: Education and Enterprise versions of Windows 10 version 1511 supported until
April 2018.

12. January’s Common Issues for Windows 10
 When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE
under certain conditions.
 When calling CoInitializeSecurity, the call may fail when passing
RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on failure is
STATUS_BAD_IMPERSONATION_LEVEL.
 Due to an issue with some versions of Anti-Virus software, this fix is only being made
applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY.
 Microsoft has reports of some customers with AMD devices getting into an unbootable
state after installing this KB. To prevent this issue, Microsoft will temporarily pause
Windows OS updates to devices with impacted AMD processors at this time.
 KB4056890 - Windows 10 Version 1607, Windows Server 2016, Windows 10 Mobile
 KB4056891 - Windows 10 Version 1703
 KB4056892 - Windows 10 Version 1709
 KB4056893 - Windows 10 Enterprise
 KB4056888 - Windows 10 Version 1511 (Education and Enterprise)

13. January’s Issues for Windows 10 (cont)
 KB4056892 - Windows 10 version 1709
 Windows Update History reports that KB4054517 failed to install because of Error
0x80070643.

14. MS18-01-OFF: Security Updates for Microsoft Office
 Maximum Severity: Critical
 Affected Products: Office 2007-2016, macOS Office 2016, Excel 2007-2016, Outlook
2007-2016, Word 2007-2016, SharePoint Enterprise Server 2010-2016. Web Apps
Server 2010 and 2013
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 36 KB articles plus Click to Run and Release
Notes.
 Impact: Remote Code Execution, Spoofing, Tampering, Information Disclosure, and
Defense in Depth
 Fixes 19 Vulnerabilities: CVE-2018-0802 has been exploited, but not publicly
disclosed. CVE-2017-0819 is publicly disclosed for macOS, but not exploited. See
Details column of Security Update Guide for complete list.
 Restart Required: Requires Restart
 Known Issues: You must have the latest service packs installed in order to install
many of these security patches. Example, Office 2010 SP2, Excel 2013 SP1, etc.

15. MS18-01-IE: Security Updates for Internet Explorer
 Maximum Severity: Critical
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer
4056568 are also included in the January 2018 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in this update. This bulletin references 9 KB
articles.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 5 vulnerabilities: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-
2018-0762, CVE-2018-0772
 Restart Required: Requires Browser Restart
 Known Issues: None reported

16. MS18-01-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4054518 (released December 12, 2017). This bulletin includes updates for
IE. This bulletin is based on KB 4056894.
 Impact: Elevation of Privilege and Information Disclosure
 Fixes 10 (shown) + 5 (IE) Vulnerabilities: CVE-2017-5715, CVE-2017-5753, CVE-
2017-5754, CVE-2018-0741, CVE-2018-0747, CVE-2018-0748, CVE-2018-0749, CVE-
2018-0750, CVE-2018-0754, CVE-2018-0788
 Restart Required: Requires Restart
 Known Issues: See next slide

17. January’s Issues for Win 7 and Server 2008 R2
 KB 4056894 - Windows Server 2008 R2 Service Pack 1, Windows 7 Service
Pack 1
 Due to an issue with some versions of Anti-Virus software, this fix is only being
made applicable to the machines where the Anti virus ISV has updated the ALLOW
REGKEY.
 Microsoft has reports of some customers with AMD devices getting into an
unbootable state after installing this KB. To prevent this issue, Microsoft will
temporarily pause Windows OS updates to devices with impacted AMD processors
at this time.

18. MS18-01-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Important
 Affected Products: Microsoft Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB4054520 (released December 12, 2017). This bulletin includes updates for
IE. This bulletin is based on KB 4056896.
 Impact: Denial of Service, Elevation of Privilege, and Information Disclosure
 Fixes 10 (shown) + 5 (IE) Vulnerabilities: CVE-2018-0744, CVE-2018-0746, CVE-
2018-0747, CVE-2018-0748, CVE-2018-0749, CVE-2018-0751, CVE-2018-0752, CVE-
2018-0753, CVE-2018-0754, CVE-2018-0788
 Restart Required: Requires Restart
 Known Issues: See next slide
 NOTE: Spectre and Meltdown are NOT addressed in this month’s rollup.

19. January’s Issues for Server 2012
 KB 4056896 - Windows Server 2012 Standard
 When calling CoInitializeSecurity, the call will fail if passing
RPC_C_IMP_LEVEL_NONE under certain conditions.
 When calling CoInitializeSecurity, the call may fail when passing
RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on
failure is STATUS_BAD_IMPERSONATION_LEVEL.

20. MS18-01-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4054519 (released December 12, 2017). This bulletin includes updates for
IE. This bulletin is based on KB 4056895.
 Impact: Denial of Service, Elevation of Privilege, and Information Disclosure
 Fixes 13 (shown) + 5 (IE) Vulnerabilities: CVE-2017-5715, CVE-2017-5753, CVE-
2017-5754, CVE-2018-0744, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-
2018-0749, CVE-2018-0751, CVE-2018-0752, CVE-2018-0753, CVE-2018-0754, CVE-
2018-0788
 Restart Required: Requires Restart
 Known Issues: See next slide

21. January’s Issues for Windows 8.1 and Server 2012 R2
 KB 4056895 - Windows 8.1, Windows Server 2012 R2 Standard
 When calling CoInitializeSecurity, the call will fail if passing
RPC_C_IMP_LEVEL_NONE under certain conditions.
 When calling CoInitializeSecurity, the call may fail when passing
RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on
failure is STATUS_BAD_IMPERSONATION_LEVEL.
 Due to an issue with some versions of Anti-Virus software, this fix is only being
made applicable to the machines where the Anti virus ISV has updated the ALLOW
REGKEY.
 Microsoft has reports of some customers with AMD devices getting into an
unbootable state after installing this KB. To prevent this issue, Microsoft will
temporarily pause Windows OS updates to devices with impacted AMD processors
at this time.

22. MS18-01-2K8: Windows Server 2008
 Maximum Severity: Important
 Affected Products: Microsoft Windows Server 2008
 Description: This security update provides several fixes including one for the
Windows kernel to prevent an attacker to retrieve information from a Kernel Address
Space Layout Randomization (ASLR) bypass; another for the Microsoft Server
Message Block (SMB) server, and several others. This bulletin references 6 KB
articles.
 Impact: Elevation of Privilege and Information Disclosure
 Fixes 7 vulnerabilities: CVE-2018-0741, CVE-2018-0747, CVE-2018-0748, CVE-
2018-0749, CVE-2018-0750, CVE-2018-0754, CVE-2018-0788
 Restart Required: Requires Restart
 Known Issues: None reported
 NOTE: Spectre and Meltdown are NOT addressed in this month’s security update.

23. MS18-01-SO7: Security-only Update for Win 7 and Server 2008 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Microsoft Graphics Component, Windows Graphics,
Windows Kernel, and Windows SMB Server. This bulletin is based on KB 4056897.
 Impact: Elevation of Privilege and Information Disclosure
 Fixes 10 Vulnerabilities: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-
2018-0741, CVE-2018-0747, CVE-2018-0748, CVE-2018-0749, CVE-2018-0750, CVE-
2018-0754, CVE-2018-0788
 Restart Required: Requires Restart
 Known Issues: See next slide

24. January’s Issues for Win 7 and Server 2008 R2
 KB 4056897 - Windows Server 2008 R2 Service Pack 1, Windows 7 Service
Pack 1
 Due to an issue with some versions of Anti-Virus software, this fix is only being
made applicable to the machines where the Anti virus ISV has updated the ALLOW
REGKEY.
 Microsoft has reports of some customers with AMD devices getting into an
unbootable state after installing this KB. To prevent this issue, Microsoft will
temporarily pause Windows OS updates to devices with impacted AMD processors
at this time.

25. MS18-01-SO8: Security-only Update for Server 2012
 Maximum Severity: Important
 Affected Products: Microsoft Server 2012
 Description: Security updates for Windows SMB Server, Windows Kernel, Windows
Datacenter Networking, and Windows Graphics. This bulletin is based on KB 4056899.
 Impact: Denial of Service, Elevation of Privilege, and Information Disclosure
 Fixes 10 Vulnerabilities: CVE-2018-0744, CVE-2018-0746, CVE-2018-0747, CVE-
2018-0748, CVE-2018-0749, CVE-2018-0751, CVE-2018-0752, CVE-2018-0753, CVE-
2018-0754, CVE-2018-0788
 Restart Required: Requires Restart
 Known Issues: See next slide
 NOTE: Spectre and Meltdown are NOT addressed in this month’s security-only
update.

26. January’s Issues for Server 2012
 KB 4056899 - Windows Server 2012 Standard
 When calling CoInitializeSecurity, the call will fail if passing
RPC_C_IMP_LEVEL_NONE under certain conditions.
 When calling CoInitializeSecurity, the call may fail when passing
RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on
failure is STATUS_BAD_IMPERSONATION_LEVEL.

27. MS18-01-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: Security updates for Windows SMB Server, Windows Kernel, Windows
Datacenter Networking, and Windows Graphics. This bulletin is based on KB 4056898.
 Impact: Denial of Service, Elevation of Privilege, and Information Disclosure
 Fixes 13 Vulnerabilities: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-
2018-0744, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-2018-0749, CVE-
2018-0751, CVE-2018-0752, CVE-2018-0753, CVE-2018-0754, CVE-2018-0788
 Restart Required: Requires Restart
 Known Issues: None reported

28. January’s Issues for Windows 8.1 and Server 2012 R2
 KB 4056898 - Windows 8.1, Windows Server 2012 R2 Standard
 When calling CoInitializeSecurity, the call will fail if passing
RPC_C_IMP_LEVEL_NONE under certain conditions.
 When calling CoInitializeSecurity, the call may fail when passing
RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on
failure is STATUS_BAD_IMPERSONATION_LEVEL.
 Due to an issue with some versions of Anti-Virus software, this fix is only being
made applicable to the machines where the Anti virus ISV has updated the ALLOW
REGKEY.
 Microsoft has reports of some customers with AMD devices getting into an
unbootable state after installing this KB. To prevent this issue, Microsoft will
temporarily pause Windows OS updates to devices with impacted AMD processors
at this time.

29. MS18-01-SQL: Security Updates for SQL Server
 Maximum Severity: Important
 Affected Products: Microsoft SQL Server 2008, 2008 R2, 2016 and 2017
 Description: This security update specifically addresses a class of vulnerabilities that
are referred to as speculative execution side-channel attacks. This bulletin references 8
KB articles.
 Impact: Information Disclosure
 Fixes 3 Vulnerabilities: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
 Restart Required: Requires Restart
 Known Issues: None reported

30. MS18-01-MRNET: Monthly Rollup for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.1
 Sub-bulletins: MS18-01-MRNET-4055532, 4055265, 4055266, 4055267
 These bulletins address associated .NET updates for each of the four legacy MS
operating systems.
 Description: This security update resolves a security feature bypass vulnerability that
exists when Microsoft .NET Framework and .NET Core components do not completely
validate certificates. Additionally, this security update resolves a denial of service
vulnerability that exists when .NET Framework and .NET core components improperly
process XML documents.
 Impact: Security Feature Bypass and Denial of service
 Fixes 2 vulnerabilities: CVE-2018-0764, CVE-2018-0786
 Restart Required: Requires Restart

31. MS18-01-SONET: Security-only Update for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.1
 Sub-bulletins: MS18-01-SONET-4055269, 4055270, 4055271, 4055272
 These bulletins address associated .NET updates for each of the four legacy MS
operating systems.
 Description: This security update resolves a security feature bypass vulnerability that
exists when Microsoft .NET Framework and .NET Core components do not completely
validate certificates. Additionally, this security update resolves a denial of service
vulnerability that exists when .NET Framework and .NET core components improperly
process XML documents.
 Impact: Security Feature Bypass and Denial of service
 Fixes 2 vulnerabilities: CVE-2018-0764, CVE-2018-0786
 Restart Required: Requires Restart

32. MS18-01-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Important
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4056877.
 Impact: Information Disclosure
 Fixes 1 Vulnerability: CVE-2018-4871
 Restart Required: Requires Application Restart

33. APSB18-01: Security Update for Adobe Flash Player
 Maximum Severity: Important (Adobe rating Priority 2)
 Affected Products: Adobe Flash Player
 Description: Adobe has released a security update for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. This update addresses a regression that
could lead to the unintended reset of the global settings preference file.
 Impact: Information Disclosure (Out of Band Read)
 Fixes 1 Vulnerability: CVE-2018-4871
 Restart Required: Requires Application Restart

34. Between Patch Tuesday’s
 New Product Support: Adobe Shockwave MSI
 Security Updates: Adobe Creative Cloud (1), iTunes (1), Chrome (2),
Firefox (3), FileZilla (1), Foxit Reader (1), Foxit PhantomPDF (1), iCloud (1),
LibreOffice (1), Microsoft (1), Notepad++ (1), Opera (3), OpenOffice (1),
Tomcat (1)
 Non-Security Updates: Aimp (3), Allway Sync (1), Apple Mobile Device
Support (1), Evernote (2), GOM Player (1), GoodSync (3), KeePass (1),
Microsoft (25), MozyHome (2), MozyPro (2), Oracle Virutal Box (1),
PDFCreator (2), PDF XChange(2), Plex Media Server (1), RealVNC Server
(1), Slack (1), Snagit (1), TortiseHG (1), TreeSize Free (1), TeamViewer (1),
WinSCP (1), WinZip (1), VMware Tools (1)

35. Patch Thursday Third Party Releases of Interest
 Mozilla FireFox 57.0.4
 Bulletin FF18-001
 Reported Vulnerabilities: Speculative execution side-channel attack ("Spectre")
 Google Chrome 63.0.3239.132
 No reported CVEs
 Chrome 64 targeted for January 23rd release will mitigate Spectre
 https://support.google.com/faqs/answer/7622138#chrome

36. Third Party CVE Information
 Thunderbird 52.5.2
 Bulletin TB17-5252, QTB5252
 Fixes 5 Vulnerabilities: CVE-2017-7829, CVE-2017-7845, CVE-2017-7846, CVE-
2017-7847, CVE-2017-7848
 VMware Tools 10.2.0
 Bulletin VMWT-022, QVMWT1020
 Fixes 1 Vulnerability: CVE-2017-4945
 Apple iCloud 7.2.0
 Bulletin ICLOUD-008, QICLOUD72067
 Fixes 6 Vulnerabilities: CVE-2017-7156, CVE-2017-7157, CVE-2017-13856,
CVE-2017-13864, CVE-2017-13866, CVE-2017-13870

38. Thank You