March is synonymous with luck, and this March Patch Tuesday luck is on your side. There are some Critical updates. And Microsoft resolved two publicly disclosed vulnerabilities, so you'll want to patch those holes before someone turns your luck from good to bad. And of course - because they're far from as rare as a four-leaf clover - the Meltdown and Spectre updates continue to roll out. But all in all, it looks like you'll get your pot of gold this month in the form of time back to focus on core business goals.
6. In the News -
Update on Meltdown and Spectre:
https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-
own/
Updated - https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/ADV180002
Ivanti Product Related Articles:
https://community.shavlik.com/docs/DOC-24510 (Shavlik)
https://community.ivanti.com/docs/DOC-66046 (LANDESK)
https://community.ivanti.com/docs/DOC-63022 (HEAT)
7. Known Issues Things to be aware of
Windows 10 Branch Support: End of Service for 2018
Branch 1607 scheduled for April 10 (extended from March 2018)
Branch 1703 scheduled for October 9 (extended from September 2018)
Windows 10 Version 1511, 1607, 1703, and 1709 will continue to receive
security-only updates for 6 months past EOS dates
Version 1511 final update on April 10
Supported Editions
Windows 10 Education
Windows 10 Enterprise
Unsupported Editions
Windows 10 Home
Windows 10 Pro
Everyone strongly urged to update to latest version of Windows 10
Windows lifecycle fact sheet
8. Known Issues Things to be aware of
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-
2018-0886-march-13-2018
Microsoft lifted the regkey check in Windows 10 to protect additional devices
Microsoft still limits patch installation based on AV regkey in Windows 7, 8.1,
Server 2008, and Server 2012
Because of an issue that affects some versions of antivirus software, this fix applies
only to computers on which the antivirus ISV updated the ALLOW REGKEY.
Contact your antivirus manufacturer to verify that their software is compatible and
that they have set the following REGKEY on the computer:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
Multiple KBs referenced in today’s webinar slides
9. Public Disclosures
CVE-2018-0808 - ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles
web requests. An attacker who successfully exploited this vulnerability could
cause a denial of service against an ASP.NET Core web application. The
vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing
specially crafted requests to the .NET Core application.
CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook
Web Access (OWA) fails to properly sanitize links presented to users. An attacker
who successfully exploited this vulnerability could override the OWA interface
with a fake login page and attempt to trick the user into disclosing sensitive
information.
To exploit the vulnerability, an attacker could send a specially crafted email
message containing a malicious link to a user. The user would have to click the
malicious link in order to be susceptible to the vulnerability.
11. MS18-03-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 Versions 1511, 1607, 1703, 1709, Server
2016, IE 11 and Microsoft Edge
Description: This bulletin references 5 KB articles. See KBs for list of changes.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
Fixes 49 Vulnerabilities: There are no publicly disclosed or known exploited
vulnerabilities this month. See Details column of Security Update Guide for complete
list.
Restart Required: Requires restart
Known Issues: See next slide
NOTE: Education and Enterprise versions of Windows 10 will be supported 6 months
beyond EOS date. Windows 10 version 1511 support ends April 10, 2018.
12. March’s Known Issues for Windows 10
KB 4088776 - Windows 10 version 1709
Windows Update History reports that KB 4054517 failed to install because of error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the
update failed to install. Select Check for Updates to confirm that there are no additional updates
available. Recommended action is to ignore message for now as it is installing properly.
Users with Windows 10 Version 1709 Enterprise that have installed the January 2018 Delta
package may encounter failure issues when installing the February and March 2018 updates
from the Microsoft Update Catalog. Specifically, the Windows 10, version 1709 February Delta
Update may silently fail. Recommended action is to uninstall the Windows 10 version 1709
January KB 4056892 Delta Update package and install the March 2018 full latest cumulative
update, KB 4088776. Customers may resume using Delta Update packages with the April 2018
Windows 10 version 1709 monthly cumulative update.
13. MS18-03-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 9, 10 and 11
Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in Security Update for Internet Explorer KB
4089187 are also included in the March 2018 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in the cumulative update. This bulletin
references 9 KB articles.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 7 vulnerabilities: CVE-2018-0889, CVE-2018-0891, CVE-2018-0927, CVE-
2018-0929, CVE-2018-0932, CVE-2018-0935, CVE-2018-0942
Restart Required: Requires browser restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set, except IE 11 updates on Windows 10
14. MS18-03-AFP: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4088785.
Impact: Remote Code Execution
Fixes 2 Vulnerabilities: CVE-2018-4919, CVE-2018-4920
Restart Required: Requires application restart
15. APSB18-05: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities that could lead to remote code execution in Adobe Flash Player
28.0.0.161 and earlier versions. Successful exploitation could potentially allow an
attacker to take control of the affected system.
Impact: Remote Code Execution
Fixes 2 Vulnerabilities: CVE-2018-4919, CVE-2018-4920
Restart Required: Requires application restart
16. MS18-03-EX: Security Updates for Exchange Server
Maximum Severity: Important (Elevated to Critical by Ivanti)
Affected Products: Microsoft Exchange Server 2010-2016
Description: This security update resolves a vulnerability in Microsoft Exchange
Outlook Web Access (OWA). This bulletin is based on KB 4073392 and KB 4073537.
Impact: Elevation of Privilege and Information Disclosure
Fixes 3 Vulnerabilities: CVE-2018-0924, CVE-2018-0940, CVE-2018-0941
Restart Required: Requires Restart
Known Issues: See next slide
17. March’s Known Issues for Exchange Server
KB 4073392 - Exchange Server 2013 Service Pack 1, Exchange Server 2016 Enterprise
Edition, Exchange Server 2013 Enterprise
Exchange services may remain in a disabled state after you install this security update. Use
Services Manager to restore the startup type to Automatic, and then start the affected Exchange
services manually.
When you try to manually install this security update in "normal mode" (not running the update
as an administrator) and by double-clicking the update file (.msp), some files are not correctly
updated. When this issue occurs, you do not receive an error message or any indication that the
security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange
Control Panel (ECP) may stop working. This issue occurs on servers that are using UAC (user
account control). The issue occurs because the security update does not correctly stop certain
Exchange-related services. To avoid this issue, run the security update in elevated mode as an
administrator. To do this, right click the update file, and then click Run as Administrator.
KB 4073537 – Exchange Server 2010 Service Pack 3
Same disabled state as mentioned above.
In addition, the fix for KB4054456 caused an issue in which EWS impersonation may no longer
work when you try to access resource mailboxes in a different site. This issue will be fixed in a
future update in Exchange Server 2010 Service Pack 3.
18. MS18-03-MR7: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4075211 (released February 21, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4088875.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 22 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-
2018-0814, CVE-2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-
2018-0878, CVE-2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-
2018-0888, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-
2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: See upcoming slide
19. MS18-03-SO7: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Important
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Security updates to the Microsoft Graphics component, Windows Kernel,
Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This
bulletin is based on KB 4088878.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 22 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-
2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-
2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-
2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-
2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: See next slide
20. March’s Known Issues for Windows 7 and Server 2008 R2
KB 4088875 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
After installing this update, SMB servers may leak memory. Microsoft is investigating.
A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address
Extension (PAE) mode disabled. Enable PAE as workaround. Microsoft is investigating.
A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data
(SIMD) Extensions 2 (SSE2). Microsoft is investigating.
This fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.
See In the News earlier for details on setting the ALLOW REGKEY.
KB 4088878 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
Same four issues for the Security Only update as listed above for Monthly Rollup
21. MS18-03-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012 and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4075213 (released February 21, 2018). This bulletin includes updates for
IE. This bulletin is based on KB 4088877.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-
2018-0814, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-
2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-
2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-
2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
22. MS18-03-SO8: Security-only Update for Server 2012
Maximum Severity: Important
Affected Products: Microsoft Server 2012
Description: Security updates to the Microsoft Graphics component, Windows Kernel,
Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This
bulletin is based on KB 4088880.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-
2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-2018-0881, CVE-
2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE-
2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-
2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
23. MS18-03-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4075212 (released February 21, 2018). This bulletin includes updates for
IE. This bulletin is based on KB 4088876.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-
2018-0814, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-
2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-
2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-
2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
24. MS18-03-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Important
Affected Products: Microsoft Windows 8.1, Server 2012 R2
Description: Security updates to the Microsoft Graphics component, Windows Kernel,
Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This
bulletin is based on KB 4088879.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
Information Disclosure
Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-
2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-2018-0881, CVE-
2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE-
2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-
2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
25. MS18-03-OFF: Security Updates for Microsoft Office
Maximum Severity: Important
Affected Products: Office 2007-2016 and 2016 for mac, Access 2010-2016, Excel
2007-2016, Web Apps and Project Server, Word 2007-2016
Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 18 KB articles plus Release Notes for mac.
Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
Fixes 13 Vulnerabilities: CVE-2018-0903, CVE-2018-0907, CVE-2018-0909, CVE-
2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-
2018-0915, CVE-2018-0916, CVE-2018-0919, CVE-2018-0922, CVE-2018-0944
Restart Required: Requires application restart
Known Issues: None reported. You must have the latest service packs installed in
order to install many of these security patches. Example, Office 2010 SP2, Excel 2013
SP1, etc.
26. MS18-03-O365: Security Updates for Microsoft Office 365
Maximum Severity: Important
Affected Products: Access, Excel, and Word in Semi-Annual Channels 1705 and
1708
Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
Impact: Remote Code Execution, Security Feature Bypass, Information Disclosure
Fixes 3 Vulnerabilities: CVE-2018-0903, CVE-2018-0907, CVE-2018-0919
Restart Required: Requires application restart
Known Issues: None reported.
NOTE: Former Deferred channel is now called the Semi-Annual channel.
27. MS18-03-2K8: Windows Server 2008
Maximum Severity: Important
Affected Products: Microsoft Windows Server 2008
Description: Security updates to the Microsoft Graphics component, Windows Kernel,
Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This
bulletin references 8 KB articles.
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-
2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-
2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE-
2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-
2018-0900, CVE-2018-0901, CVE-2018-0904
Restart Required: Requires restart
Known Issues: 4088827 and 4073011 both only apply to Hyper-V hosts. 4089453
requires the Remote Assistance role.
28. MS18-03-SPT: Security Updates for SharePoint Server
Maximum Severity: Important
Affected Products: Microsoft Enterprise SharePoint Server 2010-2016
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on 5 KB articles.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 15 Vulnerabilities: CVE-2018-0909, CVE-2018-0910, CVE-2018-0911, CVE-
2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-
2018-0917, CVE-2018-0919, CVE-2018-0921, CVE-2018-0922, CVE-2018-0923, CVE-
2018-0944, CVE-2018-0947
Restart Required: Requires Restart
Known Issues: None reported
NOTE: In previous bulletins the SharePoint updates were bundled with the Office
updates. This has been separated out as many customers have separate desktop and
server patch teams.
29. Chrome-220: Security Update for Chrome
Maximum Severity: Critical
Affected Products: Google Chrome
Description: The stable channel has been updated to 65.0.3325.162 for Windows,
Mac and Linux.
Impact: Not reported, but the release on 3/7 resolved 27 CVEs. You want to patch up
to the latest if you did not already do the 3/7 update.
Fixes X Vulnerabilities: No CVEs disclosed
Restart Required: Requires restart
30. FF18-005: Mozilla Foundation Security Advisory 2018-06
Maximum Severity: Critical
Affected Products: Firefox 59
Description: Mozilla Foundation has released security fixes for Firefox 59
Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege
and Information Disclosure
Fixes 18 Vulnerabilities: See Advisory 2018-06 for the complete CVE list.
Restart Required: Requires Application Restart
31. FFE18-5270: Mozilla Foundation Security Advisory 2018-07
Maximum Severity: Critical
Affected Products: Firefox ESR 52.7
Description: Mozilla Foundation has released security fixes for Firefox ESR 52.7
Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure
Fixes 7 Vulnerabilities: CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-
2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
Restart Required: Requires Application Restart
32. Non-Security Updates
Maximum Severity: Recommended
Affected Products: CCleaner, TeamViewer 13.1, and Prezzi Desktop 6.22
Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.
33. Between Patch Tuesday’s
New Product Support: None
Security Updates: Adobe Creative Cloud (1), Adobe Acrobat (3), Google Chrome (2),
FileZilla (2), Notepad++ (1), Opera (3), RealTimes (1), SeaMonkey (1), Slack (1),
TortiseGit (1), Apache Tomcat (4), VLC Media Player (1), Wireshark (1)
Non-Security Updates: Audacity (1), Citrix Reciever (2), Dropbox (1), Evernote (1),
GOM Player (1), GoodSync (4), GoToMeeting (1), IrfanView (1), LogMeIn (3),
Malwarebytes (1), Microsoft (49), Oracle VirtualBox (1), PDF-Xchange Pro (1), Plex Media
Player (2), Plex Media Server (2), PeaZip (1), Royal TS (1), Skype (2), TortiseHG (2),
WinSCP (1), Cisco Webex Meeting Center (2), Webex Productivity Tools (1), XnView (1)
36. Cybersecurity Game Show
Cybersecurity trivia game show
Live attendees can play along and
win prizes
3/21 at 8am PT | 11am ET
https://go.ivanti.com/Webinar-
Security-Gameshow.html
Keep in mind that since May 9, 2017, customers running Windows 10 version 1507 are no longer receiving security and quality updates, with the exception of the Windows 10 Enterprise 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft has extended support for Enterprise and Education version of Windows 10 version 1511 until April 2018.