Author Topic: Microsoft January, 2018 Security Update  (Read 793 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18737
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Microsoft January, 2018 Security Update
« on: January 09, 2018, 05:46:49 PM »
The January security release consists of 56 CVEs, 16 are listed as Critical and 38 are rated Important, 1 is rated Moderate and 1 is rated as Low in severity. The updates address Remote Code Execution, Tampering, Security Feature B y p a s s , Information Disclosure and Denial of Service.  The release consists of security updates for the following software: 
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • SQL Server
  • ChakraCore
  • .NET Framework
  • .NET Core
  • ASP.NET Core
  • Adobe Flash
  Important:   Because the out-of-band security update for "Meltdown"/"Spectre"  requires the setting of a registry key and not all antivirus software  has been updated to include the key, Microsoft updated Important: January 3, 2018, Windows security updates and antivirus software to include the following Note: 
Quote
Note:  Customers will not receive  the January 2018 security updates (or any  subsequent security updates)  and will not be protected from security  vulnerabilities unless their  antivirus software vendor sets the  following registry key: [/INDENT] [INDENT]  Key="HKEY_LOCAL_MACHINE"   Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"   Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”
Data="0x00000000” [bold added]

If your computer has not received the security update, check the status at CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility.  In the event both "Sets registry key" and "Supported" are not both indicated with the letter "Y", Bleeping Computer has created a .reg file   that can be used to create the registry.  However, it should only be  used if your antivirus vendor has indicated that a manual install is  needed.  For in-depth information, see the Bleeping Computer articles Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key and How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws.

Further note that some AMD devices are getting into an unbootable state  after installing the "Meltdown"/"Spectre" security update.  As a result,  Microsoft is temporarily pausing sending updates to devices with  impacted AMD processors at this time.  Further information is available  at Windows Meltdown and Spectre patches: Now Microsoft blocks security updates for some AMD based PCs.

More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Also see this month's Zero Day Initiative — The January 2018 Security Update Review by Dustin Childs in which he discusses several of the patches and lincludes a breakdown of the CVE's addressed in the update. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4624
    • View Profile
Re: Microsoft January, 2018 Security Update
« Reply #1 on: January 10, 2018, 05:57:43 AM »
Thank you very much, Corrine. As always, your helpful instructions and attention to detail are excellent. The best!

John
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18737
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft January, 2018 Security Update
« Reply #2 on: January 10, 2018, 12:04:58 PM »
You're welcome, John, and thank you for the kind words.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18737
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft January, 2018 Security Update
« Reply #3 on: January 10, 2018, 02:44:48 PM »
Please Note:  If your system received the out-of-band January 3, 2018, security update, most likely, only the Flash Player and MSRT updates were installed yesterday for Windows 10.  To confirm that your system is up to date, go to Windows 10 update history
  • Select the Windows 10 version you are at.  For example, the Fall Creators Update is Windows 10 Version 1709 and the Creators Update is Version 1703. 
  • The current Build for Windows 10 Version 1709 is OS Build 16299.192, with KB4056892, dated January 3, 2018, installed.
  • The current Build for Windows 10 Version 1703 is OS Build 15063.850, with KB4056891, dated January 3, 2018, installed.
  • To check your version go to Settings > System > About and scroll down to "Windows Specifications".
  • The OS Build under Windows Specifications will match the Windows 10 Version.
With regard to the Microsoft Office updates, the January, 2018 Office updates are listed here.  For Microsoft Office updates see How to: Install Microsoft Office Updates.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.