AplusWebMaster
2018-01-05, 17:28
FYI...
Forecast for January 2018 Patch Tuesday
- https://www.helpnetsecurity.com/2018/01/05/january-patch-tuesday-expectations/
Jan 5, 2018 - "... A few things are noteworthy about the two CPU vulnerabilities: 'Meltdown' and 'Spectre'. Just applying the OS updates is not enough as that will only resolve the Meltdown vulnerability. Spectre is apparently going to be a more difficult issue to resolve. There should be firmware updates forthcoming that will be required to resolve the 'Spectre' vulnerability. Similarly, there have been releases from Apple and some Linux distributions to resolve the 'Meltdown' vulnerability... There are currently no actively detected exploits of these vulnerabilities in the wild, but there is plenty of Proof of Concept code that has been used to demonstrate how to exploit them...
• Microsoft will release additional updates on patch Tuesday for applications like Office and .Net.
• We can likely expect an update from Adobe for Flash Player (11 of 12 Patch Tuesdays in 2017 had one).
• We have not seen an Adobe Reader update since November, so there is a possibility for one either this month or next.
• Oracle will have their quarterly CPU this month, but that will fall on the 16th per their release cadence. Expect updates to JDK, JRE and many other Oracle products.
• Mozilla released an update in early December, but given that they have discovered methods for web-based exploitation of Meltdown\Spectre you should be on the lookout for the next Mozilla release.
• Chrome is likely due for an update. It has been a few weeks since we have seen one from them and also with the possibility of Meltdown\Spectre exploit through the browser they may need to release some resolutions for those vulnerabilities.
• This Mozilla finding could mean an additional IE\Edge release will be needed in the future as well."
(More detail at the helpnetsecurity URL above.)
___
- https://windowssecrets.com/windows-secrets/how-to-protect-against-the-meltdown-and-spectre-vulnerabilities/
Jan 4, 2018
- https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities
Last revised: Jan 05, 2018
___
ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
"... Revisions
Version Date Description
1.0 01/03/2018 Information published.
2.0 01/03/2018 Revised ADV180002 to announce release of SQL 2016 and 2017 updates.
3.0 01/05/2018 The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture."
___
Blue Screen after KB4056894
> https://social.technet.microsoft.com/Forums/windows/en-US/df98809f-ba87-40b4-a027-fdad302a1d3f/blue-screen-after-kb4056894
STOP: 0x000000C4 after installing KB4056894 - 2018-01 Security Monthly Quality Rollup for WIndows 7 for x64
> https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1
January 4, 2018 — KB4056894 (Monthly Rollup)
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
> https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894
Last Updated: Jan 4, 2018
"Known issues in this update..."
January 3, 2018—KB4056892 (OS Build 16299.192)
Applies to: Windows 10 version 1709
- https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
Last Updated: Jan 4, 2018
"Known issues in this update..."
- https://slashdot.org/submission/7780845/microsofts-meltdown-and-spectre-patch-is-bricking-some-amd-pcs
Jan 08, 2018 - "As if the Meltdown and Spectre bug affecting millions of processors was not bad enough, the patches designed to mitigate the problems are introducing issues of their own. Perhaps the most well-known effect is a much-publicized performance hit, but some users are reporting that Microsoft's emergency patch is bricking their computers. We've already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue — error 0x800f0845 — means that it is not possible to perform a rollback."
Widespread reports of blue screens (0X000000C4 and 0x800f0845) with Meltdown/Spectre patches for Win7 (KB 4056894) and Win10 1709 (KB 4056892)
> https://www.askwoody.com/2018/widespread-reports-of-blue-screens-0x000000c4-and-0x800f0845-with-meltdown-spectre-patches-for-win7-kb-4056894-and-win10-1709-kb-4056894/
Jan 8, 2018
> https://www.askwoody.com/2018/ms-defcon-2-batten-down-the-hatches-theres-a-kernel-patch-headed-your-way/
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it..."
:fear::fear:
Forecast for January 2018 Patch Tuesday
- https://www.helpnetsecurity.com/2018/01/05/january-patch-tuesday-expectations/
Jan 5, 2018 - "... A few things are noteworthy about the two CPU vulnerabilities: 'Meltdown' and 'Spectre'. Just applying the OS updates is not enough as that will only resolve the Meltdown vulnerability. Spectre is apparently going to be a more difficult issue to resolve. There should be firmware updates forthcoming that will be required to resolve the 'Spectre' vulnerability. Similarly, there have been releases from Apple and some Linux distributions to resolve the 'Meltdown' vulnerability... There are currently no actively detected exploits of these vulnerabilities in the wild, but there is plenty of Proof of Concept code that has been used to demonstrate how to exploit them...
• Microsoft will release additional updates on patch Tuesday for applications like Office and .Net.
• We can likely expect an update from Adobe for Flash Player (11 of 12 Patch Tuesdays in 2017 had one).
• We have not seen an Adobe Reader update since November, so there is a possibility for one either this month or next.
• Oracle will have their quarterly CPU this month, but that will fall on the 16th per their release cadence. Expect updates to JDK, JRE and many other Oracle products.
• Mozilla released an update in early December, but given that they have discovered methods for web-based exploitation of Meltdown\Spectre you should be on the lookout for the next Mozilla release.
• Chrome is likely due for an update. It has been a few weeks since we have seen one from them and also with the possibility of Meltdown\Spectre exploit through the browser they may need to release some resolutions for those vulnerabilities.
• This Mozilla finding could mean an additional IE\Edge release will be needed in the future as well."
(More detail at the helpnetsecurity URL above.)
___
- https://windowssecrets.com/windows-secrets/how-to-protect-against-the-meltdown-and-spectre-vulnerabilities/
Jan 4, 2018
- https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities
Last revised: Jan 05, 2018
___
ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
"... Revisions
Version Date Description
1.0 01/03/2018 Information published.
2.0 01/03/2018 Revised ADV180002 to announce release of SQL 2016 and 2017 updates.
3.0 01/05/2018 The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture."
___
Blue Screen after KB4056894
> https://social.technet.microsoft.com/Forums/windows/en-US/df98809f-ba87-40b4-a027-fdad302a1d3f/blue-screen-after-kb4056894
STOP: 0x000000C4 after installing KB4056894 - 2018-01 Security Monthly Quality Rollup for WIndows 7 for x64
> https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1
January 4, 2018 — KB4056894 (Monthly Rollup)
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
> https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894
Last Updated: Jan 4, 2018
"Known issues in this update..."
January 3, 2018—KB4056892 (OS Build 16299.192)
Applies to: Windows 10 version 1709
- https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
Last Updated: Jan 4, 2018
"Known issues in this update..."
- https://slashdot.org/submission/7780845/microsofts-meltdown-and-spectre-patch-is-bricking-some-amd-pcs
Jan 08, 2018 - "As if the Meltdown and Spectre bug affecting millions of processors was not bad enough, the patches designed to mitigate the problems are introducing issues of their own. Perhaps the most well-known effect is a much-publicized performance hit, but some users are reporting that Microsoft's emergency patch is bricking their computers. We've already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue — error 0x800f0845 — means that it is not possible to perform a rollback."
Widespread reports of blue screens (0X000000C4 and 0x800f0845) with Meltdown/Spectre patches for Win7 (KB 4056894) and Win10 1709 (KB 4056892)
> https://www.askwoody.com/2018/widespread-reports-of-blue-screens-0x000000c4-and-0x800f0845-with-meltdown-spectre-patches-for-win7-kb-4056894-and-win10-1709-kb-4056894/
Jan 8, 2018
> https://www.askwoody.com/2018/ms-defcon-2-batten-down-the-hatches-theres-a-kernel-patch-headed-your-way/
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it..."
:fear::fear: