Microsoft Security Update Releases

["Microsoft" <securitynotifications () e-mail microsoft com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Update Releases
Issued: May 8, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2017-11927
* CVE-2018-0886
* CVE-2018-0963
* CVE-2018-0993

Revision Information:
=====================

 - CVE-2017-11927 | Microsoft Windows Information Disclosure 
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 2.0
 - Reason for Revision: To comprehensively address CVE-2017-11927, 
   Microsoft is releasing the May Cumulative Updates, Monthly 
   Rollups, and Security Only Updates. Update 4130957 is being 
   released for all Windows Server 2008 Service Pack 2 versions. 
   Microsoft recommends that customers running these versions of 
   Windows install the updates to be protected from this 
   vulnerability.
 - Originally posted: December 12, 2017
 - Updated: May 8, 2018
 - Aggregate CVE Severity Rating: Important


 - CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 2.0
 - Reason for Revision: Microsoft is releasing new Windows 
   security updates to address this CVE on May 8, 2018. 
   The updates released in March did not enforce the new 
   version of the Credential Security Support Provider protocol. 
   These security updates do make the new version mandatory. 
   For more information, see "CredSSP updates for CVE-2018-0886"
   located at https://go.microsoft.com/fwlink/?linkid=866660.   
 - Originally posted: March 13, 2018
 - Updated: May 8, 2018
 - Aggregate CVE Severity Rating: Important


 - CVE-2018-0963 | Windows Kernel Elevation of Privilege
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 2.0
 - Reason for Revision: Update 4103727 has been released for 
   Windows 10 Version 1709 for 32-bit Systems and Windows 10 
   Version 1709 for 64-based Systems. The update replaces update
   4093112, to comprehensively address the vulnerability. 
   Microsoft recommends that customers running the affected
   software install the security update to be fully protected 
   from the vulnerability described in this CVE description. 
   See Microsoft Knowledge Base Article 4103727 for more 
   information.
 - Originally posted: April 10, 2018
 - Updated: May 8, 2018
 - Aggregate CVE Severity Rating: Important


 - CVE-2018-0993 | Chakra Scripting Engine Memory Corruption
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 2.0
 - Reason for Revision: To comprehensively address CVE-2018-0993,
   Microsoft has released security update 4103716 for Windows 10 for
   32-bit Systems and Windows 10 for x64-based Systems. Consumers
   using Windows 10 are automatically protected. Microsoft recommends
   that enterprise customers running Windows 10 ensure that they have
   update 4103716 installed to be protected from this vulnerability.
 - Originally posted: April 10, 2018
 - Updated: May 8, 2018
 - Aggregate CVE Severity Rating: Critical


The following advisories have undergone a major revision increment:

* ADV170017
* ADV180002

Revision Information:
=====================

 - ADV170017 | Microsoft Office Defense in Depth Update
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 2.0
 - Reason for Revision: To further protect customers, Microsoft is 
   announcing the release of new updates for ADV170017 for supported 
   editions of Microsoft Office 2010, Microsoft Office 2013, and 
   Microsoft Office 2016. Microsoft recommends that customers follow 
   the instructions in FAQ #1, which has been revised to clarify 
   the deployment procedure, to download and install the new updates.
   In addition, FAQ #2 has been added to explain how customers can 
   safely use Microsoft Office self-extracting executable installers 
   (.exe files).
 - Originally posted: October 10, 2017
 - Updated: May 8, 2018
 - Aggregate CVE Severity Rating: N/A


 - ADV180002 | Microsoft Office Defense in Depth Update
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 18.0
 - Reason for Revision: Updated FAQ #15 to announce that security 
   update 4103723 for Windows 10 Version 1607, Windows Server
   2016, and Windows Server 2016 (Server Core installation)
   provides addtional mitigations for AMD processors for  
   CVE-2017-5715. See 
   https://support.microsoft.com/en-us/help/4103723/ for more 
   information. In addition, added information to the FAQ that 
   security update 4093112 also applies to Windows Server, 
   version 1709 (Server Core installation).
 - Originally posted: January 3, 2018
 - Updated: May 8, 2018
 - Aggregate CVE Severity Rating: Important


Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing 
a Microsoft security update, it is a hoax that may contain 
malware or pointers to malicious websites. Microsoft does 
not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally 
sign all security notifications. However, PGP is not required for 
reading security notifications, reading security bulletins, or 
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you’ve requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlrxw/EACgkQEEiO2re1
8ui6cQ//dC8PSHHpL8FHoYF/baTRs1os4g+Ot0rK6FTsST4LGkp3nsf7bExEJCpw
uHY+2yNMWgQhevC2/xod7Q+4ziGdFUA+Pa9MxCr6LCCmfkt3qtOg4yrQ9+HZX58j
GyCpZ3eTSr4iX4hVtlp1iS8CUynQ0vnWaM/WV25vnPq6ZUt1yrEfeWmtmOSGScTE
fS4+F4Gl3HDQl/GcVLD1Rli5nfbGmWGDRv5ymyBzq5SglM6ib6HtAfPvRQXKdd90
Ax6/PR8gQt+0FKSYJX0yUggeDq2cSFpyFgMNT7wPl5QNIdV43sQSLhW9mf1HdaDH
BNHKh7qRd8TubmrE5an6ZXOJMFy5wSH8Rw1/1cIE6SrZRmsI02i34e4lHkskr4nO
hQbx8O0+s52qSZJBC91ImS69OB/AUE8yac2GnoOgdLIJpILDAlzOnVWV6i2Wfj6j
nfbQs8FxNq1DJ/1FoUWSPbH5l/5YYVVydifmi/zCTE5baDYybRvXSXxskun6/Iaj
Yw9r9PVHogEmM2jQTWgqKLnOHnVmgEH6mFukOgRQWP75LyVYwW5BEF2dP9oAzT99
HwCF+txz8orIlsi8AFhHv+bFUcf52uZujSN/kK4BUYcd6pKJURLUlQNDYNiAWY+v
urzWIFSKYORSB8tlFUHbgi1v6Pl1L+zQvKMfqpo3v06Nztyo9vU=
=Ezvr
-----END PGP SIGNATURE-----