Results 1 to 10 of 467

Thread: Microsoft Alerts

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Lenovo releases Security Advisory... more

    FYI...

    Lenovo Releases Security Advisory
    - https://www.us-cert.gov/ncas/current...urity-Advisory
    Jan 19, 2018 - "Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware. An attacker could exploit this vulnerability to obtain sensitive information.
    NCCIC/US-CERT encourages users and administrators to review the Lenovo Security Advisory* for more information and apply the necessary updates or mitigations."

    Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products
    * https://support.lenovo.com/us/en/pro...rity/len-16095
    Lenovo Security Advisory: LEN-16095
    Potential Impact: An attacker could gain access to the switch management interface, permitting settings changes that could result in exposing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or complete denial of service.
    Severity: High
    Scope of Impact: Lenovo-specific
    CVE Identifier: CVE-2017-3765 ...
    ___

    Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch
    Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs
    - http://www.zdnet.com/article/meltdow...s-after-patch/
    Jan 18, 2018

    Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
    - https://security-center.intel.com/ad...nguageid=en-fr
    Last revised: Jan 17, 2018
    ___

    Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
    - http://www.dell.com/support/article/...oducts?lang=en
    Last Date Modified: 01/19/2018 07:46 AM
    ___

    More Windows patches, primarily previews, point to escalating problems this month
    Five Windows patches and nine for .NET released yesterday, Patch Wednesday “C,” leave many of us wondering what we did to deserve such abuse. Yes, there are bugs
    - https://www.computerworld.com/articl...his-month.html
    Jan 18, 2018
    ___

    ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
    - https://portal.msrc.microsoft.com/en...sory/ADV180002
    Security Advisory
    Published: 01/03/2018 | Last Updated : 01/19/2018
    Revisions
    Version Date Description
    1.0 01/03/2018 Information published.
    2.0 01/03/2018 Revised ADV180002 to announce release of SQL 2016 and 2017 updates.
    3.0 01/05/2018 The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture.
    4.0 01/09/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008, and Microsoft SQL Server 2016 because these updates provide mitigations for ADV180002.
    4.1 01/10/2018 Added FAQs to provide more details about the following: the vulnerabilities described in this advisory, what systems are at risk from the vulnerabilities, how customers can be protected against each specific vulnerability, information for customers with AMD-based devices.
    5.0 01/12/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2014 because these updates provide mitigations for ADV180002.
    6.0 01/16/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2012 because these updates provide mitigations for ADV180002.
    7.0 01/18/2018 On January 5, 2018, Microsoft re-released KB4056898 (Security Only) for Windows 8.1 and Windows Server 2012 R2 to address a known issue. Customers who have installed the original package on 1/3/2018 should reinstall the update.
    8.0 01/18/2018 Microsoft has released security update 4073291 to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”). Microsoft recommends that customers running Windows 10 Version 1709 for 32-bit systems install the update as soon as possible. Microsoft continues to work to provide 32-bit (x86) protections for other supported Windows versions but does not have a release schedule at this time. The update is currently available via the Microsoft Update Catalog only, and will be included in subsequent updates. This update does not apply to x64 (64-bit) systems.
    9.0 01/19/2018 1 - Updated FAQ #10 to announce that Microsoft has resumed updating all AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown. See the FAQ for links to information on how to download the update for your operating system. Customers with AMD-based devices should install the updates to be protected from the vulnerabilities discussed in this advisory. 2 - Added an update to FAQ #7 that security update 4073291 is available to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”).
    ___

    Patching meltdown: Windows fixes, sloppy .NET, warnings about Word and Outlook
    If you thought this month’s Windows/Office/.NET patching debacle couldn’t get any worse...
    - https://www.computerworld.com/articl...d-outlook.html
    Jan 19, 2018

    Last edited by AplusWebMaster; 2018-01-20 at 17:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •