The document is a summary of the May 2018 Patch Tuesday webinar, detailing an overview of vulnerabilities, updates, and known issues for various Microsoft products. Key vulnerabilities include remote code execution risks in Windows components and Internet Explorer, with several critical updates released to address these security concerns. The document emphasizes the importance of updating to the latest versions of Windows 10 and notes service end dates for unsupported versions.

1. Patch Tuesday Webinar
Wednesday, May 9, 2018
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 803 616 333

2. Agenda
May 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

3.  Overview

5.  In the News

6. In the News
 Double Kill Zero Day Resolved
 https://thehackernews.com/2018/05/microsoft-patch-tuesday.html
 Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go
Wrong?
 https://thehackernews.com/2018/05/javascript-function-excel.html
 New Generation of Spectre Vulnerabilities Found in Intel CPUs
 https://www.ghacks.net/2018/05/03/spectre-next-generation-vulnerabilities/
 New SamSam Ransomware Exploiting Old JBoss Vulnerability
 https://blog.varonis.com/new-samsam-ransomware-still-exploits-old-jboss-
vulnerability/
 Windows 10 April 2018 Update
 https://www.zdnet.com/article/when-will-your-pc-get-the-latest-windows-10-
feature-update/

7. Known Exploited Vulnerabilities
 CVE-2018-8174 - Windows VBScript Engine Remote Code Execution
Vulnerability
 A remote code execution vulnerability exists in the way that the VBScript engine
handles objects in memory. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user.
 In a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit the vulnerability through Internet Explorer and
then convince a user to view the website. An attacker could also embed an
ActiveX control marked "safe for initialization" in an application or Microsoft Office
document that hosts the IE rendering engine. The attacker could also take
advantage of compromised websites and websites that accept or host user-
provided content or advertisements. These websites could contain specially
crafted content that could exploit the vulnerability

8. Known Exploited Vulnerabilities (cont)
 CVE-2018-8120 - Win32k Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in Windows when the
Win32k component fails to properly handle objects in memory. An
attacker who successfully exploited this vulnerability could run arbitrary
code in kernel mode. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
 To exploit this vulnerability, an attacker would first have to log on to the
system. An attacker could then run a specially crafted application that
could exploit the vulnerability and take control of an affected system.
 The update addresses this vulnerability by correcting how Win32k
handles objects in memory.

9. Publicly Disclosed Vulnerabilities
 CVE-2018-8141 - Windows Kernel Information Disclosure Vulnerability
 An information disclosure vulnerability exists when the Windows kernel
improperly handles objects in memory. An attacker who successfully exploited
this vulnerability could obtain information to further compromise the user’s
system. To exploit this vulnerability, an attacker would have to log on to an
affected system and run a specially crafted application. The vulnerability would
not allow an attacker to execute code or to elevate user rights directly, but it
could be used to obtain information that could be used to try to further
compromise the affected system.
 CVE-2018-8170 - Windows Image Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in the way that the Windows kernel
image handles objects in memory. An attacker who successfully exploited the
vulnerability could execute code with elevated permissions. To exploit the
vulnerability, a locally authenticated attacker could run a specially crafted
application.

10. Known Issues Things to be aware of
 Ivanti Content Changes
 Flattening Bulletin structure to create consistency across catalog
 Landesk https://community.ivanti.com/docs/DOC-62948
 Shavlik https://community.shavlik.com/docs/DOC-24561
 Ivanti Content Announcements
 A change is currently in the works. We will migrate away from the current listserv
announcement system and move toward notification through our community.
 More details coming soon.

11. Known Issues Things to be aware of
 Windows 10 Branch Support: End of Service for 2018
 Branch 1607 scheduled for April 10 (extended from March 2018)
 Branch 1703 scheduled for October 9 (extended from September 2018)
 Windows 10 Version 1607, 1703, and 1709 will continue to receive security-
only updates for 6 months past EOS dates
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Everyone strongly urged to update to latest version of Windows 10
 Windows lifecycle fact sheet

12. Microsoft Notable April Out-of-Band Releases
 MSNS18-04-4078407 (Q4078407): Update to enable mitigation against Spectre,
Variant 2
 MSNS18-04-4090007 (Q4090007): Intel microcode updates for Windows 10 Version
1709 (KB4090007) – Rerelease
 MSNS18-04-4091663 (Q4091663): Intel microcode updates for Windows 10 Version
1703 (KB4091663) – Rerelease
 MSNS18-04-4091664 (Q4091664): Intel microcode updates for Windows 10 Version
1607 (KB4091664) – Rerelease
 MSNS18-04-4091666 (Q4091666): Intel microcode updates for Windows 10 Version
1507 (KB4091666)
 MS18-04-VS2012-4089501 (Q4089501): Description of the security update for the
information disclosure vulnerability in Visual Studio 2012 Update 5: April 12, 2018

13. Known Issues Things to be aware of
 Microsoft removed the regkey check related to the Meltdown and Spectre fixes
for all operating systems
 Microsoft released security updates for
 Visual Studio 2010-2017
 XP Embedded
 Oracle’s Critical Patch Updates (CPU)
 April 17
 https://www.oracle.com/technetwork/topics/security/alerts-086861.html

14.  Bulletins

15. MS18-05-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, Server
2016, Server 1709, Server 1803, IE 11 and Microsoft Edge
 Description: This bulletin references 8 KB articles. See KBs for list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
 Fixes 43 Vulnerabilities: CVE-2018-8141 and CVE-2018-8170 are publicly
disclosed. CVE-2018-8174 is a known exploited vulnerability. See Details column of
Security Update Guide for complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide
 NOTE: Recently released Windows 10 1803 (Windows 10 April 2018 Update) already
needs to be patched.

16. May’s Known Issues for Windows 10
 KB 4103723 - Windows 10 Version 1607, Windows Server 2016
 After installing the March 13, 2018, or later cumulative update for Windows 10, version 1607,
only the most-recent Windows 10 feature update is returned as applicable. This prevents the
deployment of previously released feature updates using ConfigMgr (current branch) and
Windows 10 servicing plans.
 Workaround - Decline all feature updates on the WSUS server(s) except for the one that you
want to deploy using ConfigMgr. Run another software-update scan cycle from the ConfigMgr
control panel or wait until the client devices perform their next scan.
 KB4103727 - Windows 10 version 1709
 Some non-English platforms may display the following string in English instead of the localized
language: ”Reading scheduled jobs from file is not supported in this language mode.” This error
appears when you try to read the scheduled jobs you've created and Device Guard is enabled.
 Workaround – None. Microsoft is

17. MS18-05-IE: Security Updates for Internet Explorer
 Maximum Severity: Critical
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer
4103768 are also included in the May 2018 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in this update. This bulletin references 9 KB articles.
 Impact: Remote Code Execution, Security Bypass and Information Disclosure
 Fixes 9 vulnerabilities: CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-
2018-1025, CVE-2018-8114, CVE-2018-8122, CVE-2018-8126, CVE-2018-8145, CVE-
2018-8178
 Restart Required: Requires browser restart
 Known Issues: None reported

18. MS18-05-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server version 1803, Windows 10
version 1803, Windows Server 2016 Version 1709, Windows 10 version 1709,
Windows RT, Windows 10 Version 1703, Windows Server 2016, Windows 10 Version
1607, Windows 10 (RTM), Windows Server 2012 R2, Windows 8.1, or Windows RT
8.1. This bulletin is based on KB 4103729.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: CVE-2018-4944
 Restart Required: Requires application restart

19. APSB18-16: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.140 and earlier versions. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: CVE-2018-4944
 Restart Required: Requires application restart

20. MS18-05-2K8: Windows Server 2008
 Maximum Severity: Critical
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to fix vulnerabilities associated with Microsoft COM for
Windows, Hyper-V, Win32k component, Windows Common Log File System (CLFS)
driver and the VBScript engine. This bulletin references 5 KB articles.
 Impact: Remote Code Execution and Elevation of Privilege
 Fixes 10 Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-2018-8120, CVE-
2018-8124, CVE-2018-8136, CVE-2018-8164, CVE-2018-8166, CVE-2018-8167, CVE-
2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: None reported

21. MS18-05-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were part of
update KB 4093113 (released April 17, 2018). It includes security updates for Internet
Explorer, Windows apps, Windows kernel, Microsoft Graphics Component, Windows
storage and filesystems, HTML help, and Windows Hyper-V. This bulletin is based on
KB 4103718.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 11 (shown) + 9 (IE) Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-
2018-8120, CVE-2018-8124, CVE-2018-8127, CVE-2018-8136, CVE-2018-8164, CVE-
2018-8166, CVE-2018-8167, CVE-2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: See upcoming slide

22. MS18-05-SO7: Security-only Update for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Internet Explorer, Windows apps, Windows kernel,
Microsoft Graphics Component, Windows storage and filesystems, HTML help, and
Windows Hyper-V. This bulletin is based on KB 4103712.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 11 Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-2018-8120, CVE-
2018-8124, CVE-2018-8127, CVE-2018-8136, CVE-2018-8164, CVE-2018-8166, CVE-
2018-8167, CVE-2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: See next slide

23. May’s Known Issues for Windows 7 and Server 2008 R2
 KB 4103718 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data
(SIMD) Extensions 2 (SSE2).
 Workaround - None
 KB 4103712 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 Same issues for this Security Only update as listed above for Monthly Rollup

24. MS18-05-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012 and IE
 Description: This security update includes improvements and fixes that were part of
update KB 4093116 (released April 17, 2018). It includes security updates to Windows
app platform and frameworks, Windows apps, Windows kernel, Microsoft Graphics
Component, HTML help, and Windows storage and filesystems. This bulletin is based
on KB 4103730.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 10 (shown) + 9 (IE) Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-
2018-8124, CVE-2018-8127, CVE-2018-8136, CVE-2018-8164, CVE-2018-8166, CVE-
2018-8167, CVE-2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: None reported

25. MS18-05-SO8: Security-only Update for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012
 Description: Security updates to Windows app platform and frameworks, Windows
apps, Windows kernel, Microsoft Graphics Component, HTML help, and Windows
storage and filesystems. This bulletin is based on KB 4103726.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 10 Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-2018-8124, CVE-
2018-8127, CVE-2018-8136, CVE-2018-8164, CVE-2018-8166, CVE-2018-8167, CVE-
2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: None reported

26. MS18-05-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were part of
update KB 4093121 (released April 17, 2018). It includes security updates to Internet
Explorer, Windows apps, Windows kernel, Microsoft Graphics Component, Windows
storage and filesystems, HTML help, and Windows Hyper-V. This bulletin is based on
KB 4103725.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 11 (shown) + 9 (IE) Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-
2018-8124, CVE-2018-8127, CVE-2018-8134, CVE-2018-8136, CVE-2018-8164, CVE-
2018-8166, CVE-2018-8167, CVE-2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: None reported

27. MS18-05-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Security updates to Internet Explorer, Windows apps, Windows kernel,
Microsoft Graphics Component, Windows storage and filesystems, HTML help, and
Windows Hyper-V. This bulletin is based on KB 4103715.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 11 Vulnerabilities: CVE-2018-0824, CVE-2018-0959, CVE-2018-8124, CVE-
2018-8127, CVE-2018-8134, CVE-2018-8136, CVE-2018-8164, CVE-2018-8166, CVE-
2018-8167, CVE-2018-8174, CVE-2018-8897
 Restart Required: Requires restart
 Known Issues: None reported

28. MS18-05-EX: Security Updates for Exchange Server
 Maximum Severity: Critical
 Affected Products: Microsoft Exchange Server 2010-2016
 Description: This security update resolves a vulnerability in Microsoft Exchange
Outlook Web Access (OWA). This bulletin is based on KB 4073392 and KB 4073537.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information
Disclosure
 Fixes 5 Vulnerabilities: CVE-2018-8151, CVE-2018-8152, CVE-2018-8153, CVE-
2018-8154, CVE-2018-8159,
 Restart Required: Requires Restart
 Known Issues: None reported

29. MS18-05-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2010-2016 and 2016 for mac, Excel 2010-2016, Web Apps
Server, Project Server, Word 2010-2016
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 20 KB articles plus Release Notes for mac.
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure
 Fixes 10 Vulnerabilities: CVE-2018-8147, CVE-2018-8148, CVE-2018-8156, CVE-
2018-8157, CVE-2018-8158, CVE-2018-8160, CVE-2018-8161, CVE-2018-8162, CVE-
2018-8163, CVE-2018-8173
 Restart Required: Requires application restart
 Known Issues: None reported

30. MS18-05-O365: Security Updates for Microsoft Office 365
 Maximum Severity: Important
 Affected Products: Office 2016
 Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
 Impact: Remote Code Execution, Security Feature Bypass and Information Disclosure
 Fixes 7 Vulnerabilities: CVE-2018-8147, CVE-2018-8148, CVE-2018-8150, CVE-
2018-8157, CVE-2018-8158, CVE-2018-8162, CVE-2018-8163
 Restart Required: Requires application restart
 Known Issues: None reported

31. MS18-05-SPT: Security Updates for SharePoint Server
 Maximum Severity: Important
 Affected Products: Microsoft Enterprise SharePoint Server 2010-2016
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on 4 KB articles.
 Impact: Remote Code Execution and Elevation of Privilege
 Fixes 5 Vulnerabilities: CVE-2018-8149, CVE-2018-8155, CVE-2018-8156, CVE-
2018-8161, CVE-2018-8168
 Restart Required: Requires Restart
 Known Issues: None reported

32. MS18-05-MRNET: Monthly Rollup for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.1
 Description: This security update resolves a vulnerability in Microsoft .NET
Framework that could cause denial of service when .NET Framework and .NET core
components process XML documents incorrectly. It also resolves a security feature
bypass vulnerability in Windows that could allow an attacker to bypass Device Guard.
An attacker who successfully exploits this vulnerability could circumvent a User Mode
Code Integrity (UMCI) policy on the computer. This bulletin references 10 KB articles.
 Impact: Security Feature Bypass and Denial of service
 Fixes 2 vulnerabilities: CVE-2018-0765, CVE-2018-1039
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used

33. MS18-05-SONET: Security-only Update for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.1
 Description: This security update resolves a vulnerability in Microsoft .NET
Framework that could cause denial of service when .NET Framework and .NET core
components process XML documents incorrectly. It also resolves a security feature
bypass vulnerability in Windows that could allow an attacker to bypass Device Guard.
An attacker who successfully exploits this vulnerability could circumvent a User Mode
Code Integrity (UMCI) policy on the computer. This bulletin references 10 KB articles.
 Impact: Security Feature Bypass and Denial of service
 Fixes 2 vulnerabilities: CVE-2018-0765, CVE-2018-1039
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used

34. Non-Security Updates
 Maximum Severity: Recommended
 Affected Products: Microsoft PowerBi
 Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.

35. Between Patch Tuesday’s
New Product Support: Windows 10 1803, Java Runtime Environment 10
Security Updates: 7-Zip (1), iTunes (1), Apple Mobile Device Support (1), Adobe Digital
Editions (1), CCleaner (1), Google Chrome (2), Firefox (1), Firefox ESR (1), Foxit Reader
(1), Foxit Phantom PDF (1), FileZilla (1), GIMP (1), Java 8 (1), Java 10 (1), Java
Development Kit 8 (1), Microsoft (2), Opera (3), PeaZip (1), SeaMonkey (1), Splunk
Universal Forwarder (1), Apache Tomcat (4), TortoiseSVN (1), VLC (1), Wireshark (1)
Non-Security Updates: AIMP (2), Allway Sync (1), Box Sync (1), Dropbox (2), GOM
Player (2), GoodSync (2), GoToMeeting (2), Google Backup and Sync (1), Java 8 (1), Java
Development Kit 8 (1), Blue Jeans (1), KeePass Pro (1), LogMeIn (1), Microsoft (36),
Oracle VirtualBox (1), Power BI Desktop (1), PDF-XChange Pro (2), Plex Media Server
(2), PSPad (1), Skype (2), Sublime Text Editor (1), Cisco WebEx Meeting Center (1),
Webex Productivity Tools (1), WinZip (1)

36. Third Party CVE Information
 PeaZip 6.6.0
 Bulletin PZIP-010, QPZIP660
 Fixes 1 Vulnerability: CVE-2018-10115
 SeaMonkey 2.49.3
 Bulletin SM18-2493, QSM2493
 Fixes 7 Vulnerabilities: CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-
2018-5144, CVE-2018-5145, CVE-2018-5146, CVE-2018-5148
 7-Zip 18.05
 Bulletin 7ZIP-011, Q7ZIP1805
 Fixes 1 Vulnerability: CVE-2018-10115

37. Third Party CVE Information (cont)
 Google Chrome 66.0.3359.139
 Bulletin CHROME-223, QGC6603359139
 Fixes 1 Vulnerability: CVE-2018-6118
 Foxit PhantomPDF 9.1
 Bulletin FIP-015, QFIP910
 Fixes 6 Vulnerabilities: CVE-2017-14458, CVE-2017-17557, CVE-2018-3842,
CVE-2018-3843, CVE-2018-3850, CVE-2018-3853
 Foxit Reader 9.1
 Bulletin FI18-910, QFI910
 Fixes 6 Vulnerabilities: CVE-2017-14458, CVE-2017-17557, CVE-2018-3842,
CVE-2018-3843, CVE-2018-3850, CVE-2018-3853

38. https://interchange.ivanti.com/dallas
#interchange18
Boot Camps
6 Tracks
Hands-on Labs
Early Bird,
Partner & Group
Discounts
Direct Access to
Experts for All
Solutions
2018 Pricing:
Early Bird:
$1295 Jan.1 - April 6
Standard:
$1695 April 7 – May 16
Save an extra $100 by using promo code: INT18WEB100

40. Thank You