ESB-2018.2520.2 - UPDATE [Win] Microsoft Windows: Access privileged data - Existing account 2018-09-17

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2018.2520.2
          ADV180018 | Microsoft Guidance to mitigate L1TF variant
                             17 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-3646 CVE-2018-3640 CVE-2018-3639
                   CVE-2018-3620 CVE-2018-3615 CVE-2017-5754
                   CVE-2017-5715  

Reference:         ASB-2018.0192
                   ESB-2018.2343
                   ESB-2018.2370.2

Original Bulletin: 
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180018

Revision History:  September 17 2018: Vendor announced release of security updates 
                                        to provide additional protections against 
                                        L1TF and released further mitigation advice.
                   August    27 2018: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

ADV180018 | Microsoft Guidance to mitigate L1TF variant

Security Vulnerability

Security Advisory

Published: 08/14/2018 | Last Updated : 09/11/2018
MITRE ADV180018

Executive Summary

On January 3, 2018, Microsoft released an advisory and security updates for a
new class of hardware vulnerabilities involving speculative execution side
channels (known as Spectre and Meltdown). Microsoft is aware of a new
speculative execution side channel vulnerability known as L1 Terminal Fault
(L1TF) which has been assigned multiple CVEs as noted in the following table.
This vulnerability affects Intel(R) Core(R) processors and Intel(R) Xeon(R) processors.
For more information, see Intel's advisory at: https://www.intel.com/content/
www/us/en/security-center/advisory/intel-sa-00161.html.

     CVE            Name                        Applicability
CVE-2018-3615 L1 Terminal      Intel(R) Software Guard Extensions (SGX)
              Fault
CVE-2018-3620 L1 Terminal      Operating System (OS), System Management Mode
              Fault            (SMM)
CVE-2018-3646 L1 Terminal      Virtual Machine Manager (VMM)
              Fault

An attacker who has successfully exploited L1TF may be able to read privileged
data across trust boundaries. In shared resource environments (such that exist
in some cloud services configurations), this vulnerability could allow one
virtual machine to improperly access information from another. An attacker
would need prior access to the system or the ability to run code on the system
to leverage this vulnerability. For a technical description of L1TF please see
our Security Research and Defense (SRD) blog.

Microsoft has released several updates to help mitigate this vulnerability. To
get all available protections, firmware (microcode) and software updates are
required. We have also taken action to secure our cloud services. See the
Microsoft cloud customers section for more details.

Microsoft has not received any information to indicate that this vulnerability
has been used to attack customers at this time. Microsoft continues to work
closely with industry partners, including chip makers, hardware OEMs, and app
vendors to protect customers from the speculative execution class of hardware
vulnerabilities.

Recommended Actions

 1. The best protection is to keep your computers up to date. You can do this
    by taking advantage of automatic updates. Learn how to turn on automatic
    updates here.

 2. Enterprise customers should:

     1. Review this advisory in detail for guidance by product or service and
        register for the security notifications mailer to be alerted of content
        changes to this advisory. See Microsoft Technical Security
        Notifications.

     2. Inventory the processors in use across the enterprise to determine risk
        exposure and help inform the required protections for L1TF.

     3. Inventory the use of Virtualization Based Security (VBS) across the
        enterprise and especially in client systems to help inform the required
        protections.

     4. Evaluate the risk posed by L1TF to enterprise environments. In general
        terms, any system that was deemed to need protection for CVE-2017-5715
        (Spectre Variant 2, Branch Target Injection) would need protection for
        L1TF.

 3. Verify the status of protection for CVE-2018-3620 using the PowerShell
    script Get-SpeculationControlSettings. For more information and to obtain
    the PowerShell script see Understanding Get-SpeculationControlSettings
    PowerShell script output.

Potential performance impacts

In testing, Microsoft has seen some performance impact with these mitigations
depending on the configuration of the system and what mitigations are needed.
For most consumer devices, we have not observed a noticeable performance impact
after applying the updates.  Customers that use Virtualization Based Security
(VBS) or versions of Hyper-V prior to Windows Server 2016 may need to disable
Hyper-Threading to fully address the risk from L1 Terminal Fault (L1TF),
resulting in performance degradation. Performance impact will vary by hardware
and the workloads running on the system. As the most common device and server
configuration is to have Hyper-Threading enabled, the performance impact will
depend on whether the user or administrator takes the action to disable
Hyper-Threading on the system. As noted earlier, Windows Server 2016 provides
an option to enable the Hyper-V Core Scheduler which mitigates the L1TF attack
vector while allowing Hyper-Threading to remain enabled, resulting in a minimal
performance impact For information on performance impact by Intel, please see:
www.intel.com/securityfirst.

Advisory Details

Vulnerabilities Description

Speculative execution side-channel vulnerabilities such as L1 Terminal Fault
(L1TF) can be used to read the content of memory across a trusted boundary and
if exploited, can lead to information disclosure. There are multiple vectors by
which an attacker could trigger the vulnerabilities depending on the configured
environment. For a detailed view of affected scenarios and Microsoft's approach
to mitigating L1TF please see our Security Research and Defense (SRD) blog. The
following table summarizes the potential relevance of L1TF to various attack
scenarios and the applicable CVE:

Attack Category   Attack Scenario     L1TF CVE
Inter-VM        Hypervisor-to-guest CVE-2018-3646
                Host-to-guest       CVE-2018-3646
                Guest-to-guest      CVE-2018-3646
Intra-OS        Kernel-to-user      CVE-2018-3620
                Process-to-process  CVE-2018-3620
                Intra-process       CVE-2018-3620
Enclave         SGX-to-any          CVE-2018-3615
                VSM-to-any          CVE-2018-3646

Microsoft cloud customers

Microsoft has deployed mitigations across our cloud services which reinforce
the isolation between customers.

Customers who host untrusted code inside their applications should see Guidance
for mitigating speculative execution side-channel vulnerabilities in Azure.

Azure Stack customers

Azure Stack customers should see Guidance for mitigating L1 Terminal Fault in
Azure Stack.

Microsoft Windows client customers

Customers using Windows client operating systems on systems with affected Intel
processors may need to apply both firmware (Microcode) and software updates,
depending on how the system is configured. However, most devices running
Windows client operating systems will only need Windows software updates for
protection. We have not observed performance degradation from these changes.
The following table outlines the requirements for full protection for each CVE:

     CVE       Windows Changes        Requires      Requires additional action?
                                     microcode?
CVE-2018-3620 Kernel updates     No                 No*
CVE-2018-3646 Hypervisor updates Yes**              Yes, if using VBS or
                                                    Hyper-V

* Protection for CVE-2018-3620 builds on the protection for CVE-2017-5754
(Meltdown) which is enabled by default on client. Customers that have disabled
the protection for CVE-2017-5754 must re-enable it to gain protection for
CVE-2018-3620. (See FAQ#2)

** The required microcode is the same microcode that addresses CVE-2018-3639
and CVE-2018-3640. Microsoft is making available Intel-validated microcode
updates for Windows 10 operating systems. Please see Microsoft Knowledge Base
Article 4093836 for the current Intel microcode updates.

Customers using Hyper-V or features that rely on Virtualization Based Security
(VBS) may need to take additional action to be fully protected:

 1. Installation of Windows Security updates (See the Affected Products table
    in this advisory).
 2. Installation of firmware updates provided by the device's OEM.
 3. Disabling Hyper-Threading (See FAQ #1). Note: Disabling Hyper-Threading can
    affect system performance. Please see Intel's guidance at www.intel.com/
    securityfirst for more information.

Windows Virtualization Based Security (VBS) is foundational to Windows 10
security. All VBS features including Hypervisor-enforced Code Integrity (HVCI)
and VBS enclaves depend on confidentiality to maintain a strong security
boundary. The L1TF vulnerability introduces risk that the confidentiality of
VBS secrets could be compromised via a side-channel attack when Hyper-Threading
(HT) is enabled, weakening the security boundary provided by VBS. Even with
this increased risk, VBS still provides valuable security benefits and
mitigates a range of attacks with HT enabled. Hence, we recommend that VBS
continue to be used on HT-enabled systems. Customers who want to eliminate the
potential risk of the L1TF vulnerability on the confidentiality of VBS should
consider disabling HT to mitigate this additional risk.

Windows client operating system users who are using Hyper-V for the security
guarantees provided by VM isolation should disable HT to protect against L1TF.

Microsoft Windows Server customers

Customers using Windows Server operating systems may need to apply both
firmware (microcode) and software updates, depending on how the system is
configured. The following table outlines the requirements for full protection
for each CVE:

     CVE      Windows Server   Requires        Requires additional action?
                 changes      microcode?
CVE-2018-3620 Kernel updates No           Yes*
CVE-2018-3646 Hypervisor     Yes**        Yes, if using VBS or Hyper-V and
              updates                     Hyper-Threading is enabled

* Protection for CVE-2018-3620 builds on the protection for CVE-2017-5754
(Meltdown) which is disabled by default on Windows Server. To obtain protection
for CVE-2018-3620, customers must enable the protection for CVE-2017-5754 (See
FAQ #2).

** The required microcode is the same microcode that addresses CVE-2018-3639
and CVE-2018-3640. Microsoft is making available Intel-validated microcode
updates for Windows Server 2016 operating systems. Please see Microsoft
Knowledge Base Article 4093836 for the current Intel microcode updates.

Detailed guidance on the actions required for Windows Server customers can be
found in Microsoft Knowledge Base Article 4457951.

Microsoft Surface customers

Customers using Microsoft Surface and Surface Book products need to follow the
guidance for Windows Client outlined on this advisory. See Microsoft Knowledge
Base Article 4073065 for more information about affected Surface products and
availability of the microcode updates.

Microsoft Hololens customers

Microsoft HoloLens is unaffected by L1TF because it does not use an affected
Intel processor.

FAQ

1. How do I disable Hyper-Threading on my device?

The steps necessary to disable Hyper-Threading will differ from OEM to OEM but
are generally part of the BIOS or firmware setup and configuration tools.

2. How do I enable the mitigation for CVE-2017-5754 (Meltdown)?

Important This section, method, or task contains steps that tell you how to
modify the registry. However, serious problems might occur if you modify the
registry incorrectly. Therefore, make sure that you follow these steps
carefully. For added protection, back up the registry before you modify it. You
can then restore the registry if a problem occurs. For more information about
how to back up and restore the registry, see Microsoft Knowledge Base 322756
How to back up and restore the registry in Windows.

To enable protection for CVE-2017-5715 and CVE 2017-5754:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

Restart the computer for the changes to take effect.

Note: Customers who turned on the mitigation for Speculative Store Bypass
(CVE-2018-3639) by following the guidance in Security Advisory 180012 do not
need to take further action because the registry key settings provided in
ADV180012 also enable protections for CVE-2017-5754.

3. What is VBS and how do I know if I am using it?

Virtualization Based Security (VBS) uses hardware virtualization features to
create and isolate a secure region of memory from the normal operating system
and is used by security features such as Device Guard, Application Guard,
Credential Guard, and Hypervisor Code Integrity (HVCI). VBS is supported in the
following versions of Windows:

  o Windows 10 Version 1803
  o Windows 10 Version 1709
  o Windows 10 Version 1703
  o Windows 10 Version 1607
  o Windows Server, version 1803
  o Windows Server, version 1709
  o Windows Server 2016

To determine if VBS is enabled, run MSINFO32.EXE and look for the
Virtualization-based Security line item under the System Summary node.

CVE Description missing...

                                         Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original
publication.

Publicly  Exploited Latest Software Release Older Software Release Denial of Service
Disclosed
No        No        2 - Exploitation Less   Not Applicable         2 - Exploitation  Not         Not
                    Likely                                         Less Likely       Applicable  Applicable

  o Affected Products
  o CVSS Score

                               Affected Products

The following software versions or editions are affected. Versions or editions
that are not listed are either past their support life cycle or are not
affected. To determine the support life cycle for your software version or
edition, see the Microsoft Support Lifecycle.

     Product      Platform Article  Download   Impact    Severity  Supersedence
                                    Security
Windows 10 for             4343892  Update   Information Important 4338829
32-bit Systems             4343892  Security Disclosure
                                    Update 
                   
                   
                   
                                    Security
Windows 10 for             4343892  Update   Information Important 4338829
x64-based Systems          4343892  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1607 for           4343887  Update   Information Important 4338814
32-bit Systems             4343887  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1607 for           4343887  Update   Information Important 4338814
x64-based Systems          4343887  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1703 for           4343885  Update   Information Important 4338826
32-bit Systems             4343885  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1703 for           4343885  Update   Information Important 4338826
x64-based Systems          4343885  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1709 for           4343897  Update   Information Important 4338825
32-bit Systems             4343897  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1709 for           4343897  Update   Information Important 4338825
64-based Systems           4343897  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1803 for           4343909  Update   Information Important 4338819
32-bit Systems             4343909  Security Disclosure
                                    Update 
                   
                   
                   
Windows 10                          Security
Version 1803 for           4343909  Update   Information Important 4338819
x64-based Systems          4343909  Security Disclosure
                                    Update 
                   
                   
                   
                                    Monthly
                           4343900  Rollup 
Windows 7 for              4343900  Monthly
32-bit Systems                      Rollup   Information Important 4338818
Service Pack 1                      Security Disclosure
                           4343899  Only 
                           4343899  Security
                                    Only
                   
                   
                                    Monthly
                           4343900  Rollup 
Windows 7 for              4343900  Monthly
x64-based Systems                   Rollup   Information Important 4338818
Service Pack 1                      Security Disclosure
                           4343899  Only 
                           4343899  Security
                                    Only
                   
                   
                                    Monthly
                           4343898  Rollup 
                           4343898  Monthly
Windows 8.1 for                     Rollup   Information Important 4338815
32-bit systems                      Security Disclosure
                           4343888  Only 
                           4343888  Security
                                    Only
                   
                   
                                    Monthly
                           4343898  Rollup 
                           4343898  Monthly
Windows 8.1 for                     Rollup   Information Important 4338815
x64-based systems                   Security Disclosure
                           4343888  Only 
                           4343888  Security
                                    Only
                   
                   
                                    Monthly
Windows RT 8.1             4343898  Rollup   Information Important 4338815
                           4343898  Monthly  Disclosure
                                    Rollup 
                   
                   
                   
                                    Security
                           4341832  Update 
                           4341832  Security
                                    Update 
Windows Server                      Monthly
2008 for 32-bit            4458010  Rollup   Information Important
Systems Service            4458010  Monthly  Disclosure
Pack 2                              Rollup
                                    Security
                           4457984  Only 
                           4457984  Security
                                    Only
                   
                                    Security
                           4341832  Update 
                           4341832  Security
Windows Server                      Update 
2008 for 32-bit                     Monthly
Systems Service            4458010  Rollup   Information Important
Pack 2 (Server             4458010  Monthly  Disclosure
Core                                Rollup
installation)                       Security
                           4457984  Only 
                           4457984  Security
                                    Only
                   
                                    Monthly
                           4458010  Rollup 
                           4458010  Monthly
                                    Rollup 
Windows Server                      Monthly
2008 for                   4458010  Rollup   Information Important
x64-based Systems          4458010  Monthly  Disclosure
Service Pack 2                      Rollup
                                    Security
                           4457984  Only 
                           4457984  Security
                                    Only
                   
                                    Monthly
                           4458010  Rollup 
                           4458010  Monthly
Windows Server                      Rollup 
2008 for                            Monthly
x64-based Systems          4458010  Rollup   Information Important
Service Pack 2             4458010  Monthly  Disclosure
(Server Core                        Rollup
installation)                       Security
                           4457984  Only 
                           4457984  Security
                                    Only
                   
                                    Monthly
                           4343900  Rollup 
Windows Server             4343900  Monthly
2008 R2 for                         Rollup   Information Important 4338818
x64-based Systems                   Security Disclosure
Service Pack 1             4343899  Only 
                           4343899  Security
                                    Only
                   
                   
                                    Monthly
Windows Server             4343900  Rollup 
2008 R2 for                4343900  Monthly
x64-based Systems                   Rollup   Information Important 4338818
Service Pack 1                      Security Disclosure
(Server Core               4343899  Only 
installation)              4343899  Security
                                    Only
                   
                   
                                    Monthly
                           4343901  Rollup 
                           4343901  Monthly
Windows Server                      Rollup   Information Important 4338830
2012                                Security Disclosure
                           4343896  Only 
                           4343896  Security
                                    Only
                   
                   
                                    Monthly
                           4343901  Rollup 
Windows Server             4343901  Monthly
2012 (Server Core                   Rollup   Information Important 4338830
installation)                       Security Disclosure
                           4343896  Only 
                           4343896  Security
                                    Only
                   
                   
                                    Monthly
                           4343898  Rollup 
                           4343898  Monthly
Windows Server                      Rollup   Information Important 4338815
2012 R2                             Security Disclosure
                           4343888  Only 
                           4343888  Security
                                    Only
                   
                   
                                    Monthly
                           4343898  Rollup 
Windows Server             4343898  Monthly
2012 R2 (Server                     Rollup   Information Important 4338815
Core                                Security Disclosure
installation)              4343888  Only 
                           4343888  Security
                                    Only
                   
                   
                                    Security
Windows Server             4343887  Update   Information Important 4338814
2016                       4343887  Security Disclosure
                                    Update 
                   
                   
                   
Windows Server                      Security
2016 (Server Core          4343887  Update   Information Important 4338814
installation)              4343887  Security Disclosure
                                    Update 
                   
                   
                   
Windows Server,                     Security
version 1709               4343897  Update   Information Important 4338825
(Server Core               4343897  Security Disclosure
Installation)                       Update 
                   
                   
                   
Windows Server,                     Security
version 1803               4343909  Update   Information Important 4338819
(Server Core               4343909  Security Disclosure
Installation)                       Update 
                   
                   
                   

                                  CVSS Score

The following software versions or editions that are affected have been scored
against this vulnerability. Please read the CVSS standards guide to fully
understand how CVSS vulnerabilities are scored, and how to interpret CVSS
scores.

Excel Icon Download
              Product               Platform    Scores     Vector
                                             Base Temporal String Environmental
                                                                  CVSS:3.0/AV:L
Windows 10 for 32-bit Systems                7.1  7.1      0      /AC:L/PR:N/
Windows 10 for 32-bit Systems                                     UI:N/S:C/C:H/
                                                                  I:N/A:N
                                                                  CVSS:3.0/AV:L
Windows 10 for x64-based Systems             7.1  7.1      0      /AC:L/PR:N/
Windows 10 for x64-based Systems                                  UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1607 for 32-bit                                CVSS:3.0/AV:L
Systems Windows 10 Version 1607 for          7.1  7.1      0      /AC:L/PR:N/
32-bit Systems                                                    UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1607 for                                       CVSS:3.0/AV:L
x64-based Systems Windows 10                 7.1  7.1      0      /AC:L/PR:N/
Version 1607 for x64-based Systems                                UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1703 for 32-bit                                CVSS:3.0/AV:L
Systems Windows 10 Version 1703 for          7.1  7.1      0      /AC:L/PR:N/
32-bit Systems                                                    UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1703 for                                       CVSS:3.0/AV:L
x64-based Systems Windows 10                 7.1  7.1      0      /AC:L/PR:N/
Version 1703 for x64-based Systems                                UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1709 for 32-bit                                CVSS:3.0/AV:L
Systems Windows 10 Version 1709 for          7.1  7.1      0      /AC:L/PR:N/
32-bit Systems                                                    UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1709 for                                       CVSS:3.0/AV:L
64-based Systems Windows 10 Version          7.1  7.1      0      /AC:L/PR:N/
1709 for 64-based Systems                                         UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1803 for 32-bit                                CVSS:3.0/AV:L
Systems Windows 10 Version 1803 for          7.1  7.1      0      /AC:L/PR:N/
32-bit Systems                                                    UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 10 Version 1803 for                                       CVSS:3.0/AV:L
x64-based Systems Windows 10                 7.1  7.1      0      /AC:L/PR:N/
Version 1803 for x64-based Systems                                UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 7 for 32-bit Systems                                      CVSS:3.0/AV:L
Service Pack 1 Windows 7 for 32-bit          7.1  7.1      0      /AC:L/PR:N/
Systems Service Pack 1                                            UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows 7 for x64-based Systems                                   CVSS:3.0/AV:L
Service Pack 1 Windows 7 for                 7.1  7.1      0      /AC:L/PR:N/
x64-based Systems Service Pack 1                                  UI:N/S:C/C:H/
                                                                  I:N/A:N
                                                                  CVSS:3.0/AV:L
Windows 8.1 for 32-bit systems               7.1  7.1      0      /AC:L/PR:N/
Windows 8.1 for 32-bit systems                                    UI:N/S:C/C:H/
                                                                  I:N/A:N
                                                                  CVSS:3.0/AV:L
Windows 8.1 for x64-based systems            7.1  7.1      0      /AC:L/PR:N/
Windows 8.1 for x64-based systems                                 UI:N/S:C/C:H/
                                                                  I:N/A:N
                                                                  CVSS:3.0/AV:L
Windows RT 8.1 Windows RT 8.1                7.1  7.1      0      /AC:L/PR:N/
                                                                  UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows Server 2008 for 32-bit                                    CVSS:3.0/AV:L
Systems Service Pack 2 Windows               7.1  7.1      0      /AC:L/PR:N/
Server 2008 for 32-bit Systems                                    UI:N/S:C/C:H/
Service Pack 2                                                    I:N/A:N
Windows Server 2008 for 32-bit                                    CVSS:3.0/AV:L
Systems Service Pack 2 (Server Core                               /AC:L/PR:N/
installation) Windows Server 2008            7.1  7.1      0      UI:N/S:C/C:H/
for 32-bit Systems Service Pack 2                                 I:N/A:N
(Server Core installation)
Windows Server 2008 for x64-based                                 CVSS:3.0/AV:L
Systems Service Pack 2 Windows               7.1  7.1      0      /AC:L/PR:N/
Server 2008 for x64-based Systems                                 UI:N/S:C/C:H/
Service Pack 2                                                    I:N/A:N
Windows Server 2008 for x64-based                                 CVSS:3.0/AV:L
Systems Service Pack 2 (Server Core                               /AC:L/PR:N/
installation) Windows Server 2008            7.1  7.1      0      UI:N/S:C/C:H/
for x64-based Systems Service Pack                                I:N/A:N
2 (Server Core installation)
Windows Server 2008 R2 for                                        CVSS:3.0/AV:L
x64-based Systems Service Pack 1             7.1  7.1      0      /AC:L/PR:N/
Windows Server 2008 R2 for                                        UI:N/S:C/C:H/
x64-based Systems Service Pack 1                                  I:N/A:N
Windows Server 2008 R2 for
x64-based Systems Service Pack 1                                  CVSS:3.0/AV:L
(Server Core installation) Windows           7.1  7.1      0      /AC:L/PR:N/
Server 2008 R2 for x64-based                                      UI:N/S:C/C:H/
Systems Service Pack 1 (Server Core                               I:N/A:N
installation)
                                                                  CVSS:3.0/AV:L
Windows Server 2012 Windows Server           7.1  7.1      0      /AC:L/PR:N/
2012                                                              UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows Server 2012 (Server Core                                  CVSS:3.0/AV:L
installation) Windows Server 2012            7.1  7.1      0      /AC:L/PR:N/
(Server Core installation)                                        UI:N/S:C/C:H/
                                                                  I:N/A:N
                                                                  CVSS:3.0/AV:L
Windows Server 2012 R2 Windows               7.1  7.1      0      /AC:L/PR:N/
Server 2012 R2                                                    UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows Server 2012 R2 (Server Core                               CVSS:3.0/AV:L
installation) Windows Server 2012            7.1  7.1      0      /AC:L/PR:N/
R2 (Server Core installation)                                     UI:N/S:C/C:H/
                                                                  I:N/A:N
                                                                  CVSS:3.0/AV:L
Windows Server 2016 Windows Server           7.1  7.1      0      /AC:L/PR:N/
2016                                                              UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows Server 2016 (Server Core                                  CVSS:3.0/AV:L
installation) Windows Server 2016            7.1  7.1      0      /AC:L/PR:N/
(Server Core installation)                                        UI:N/S:C/C:H/
                                                                  I:N/A:N
Windows Server, version 1709                                      CVSS:3.0/AV:L
(Server Core Installation) Windows           7.1  7.1      0      /AC:L/PR:N/
Server, version 1709 (Server Core                                 UI:N/S:C/C:H/
Installation)                                                     I:N/A:N
Windows Server, version 1803                                      CVSS:3.0/AV:L
(Server Core Installation) Windows           7.1  7.1      0      /AC:L/PR:N/
Server, version 1803 (Server Core                                 UI:N/S:C/C:H/
Installation)                                                     I:N/A:N

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

FAQ

Acknowledgements

Microsoft would like to thank Raoul Strackx, Jo Van Bulck, and Frank Piessens
of imec-DistriNet, KU Leuven; Marina Minkin, Technion; Ofir Weisse, University
of Michigan; Daniel Genkin, University of Michigan; Baris Kasikci, University
of Michigan; Mark Silberstein, Technion; Thomas F. Wenisch, University of
Michigan; Yuval Yarom, University of Adelaide and Data61; and Lei Shi, Qihoo360
CERT for reporting this and working with us on coordinated disclosure.

Microsoft recognizes the efforts of those in the security community who help us
protect customers through coordinated vulnerability disclosure.

See acknowledgements for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is"
without warranty of any kind. Microsoft disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness for
a particular purpose. In no event shall Microsoft Corporation or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if Microsoft
Corporation or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not apply.

Revisions

Version Date                            Description
        08/
1.0     14/  Information published.
        2018
        08/
1.1     15/  Updated acknowledgment. This is an informational change only.
        2018
             Microsoft is announcing the availability of Intel-validated
        08/  microcode updates for Windows 10 operating systems. Please see
2.0     24/  Microsoft Knowledge Base Article 4093836 (https://
        2018 support.microsoft.com/en-us/help/4093836) for the current Intel
             microcode updates.
        09/  Added a section under Advisory Details to provide a link to L1TF
3.0     06/  guidance for Azure Stack customers. Please see Guidance for
        2018 mitigating L1 Terminal Fault in Azure Stack (https://
             support.microsoft.com/help/4463100) for information.
             Microsoft is announcing the release of Monthly Rollup 4458010 and
             Security Only 4457984 for Windows Server 2008 to provide
             additional protections against the speculative execution
             side-channel vulnerability known as L1 Terminal Fault (L1TF) that
        09/  affects Intel(R) Core(R) processors and Intel(R) Xeon(R) processors
4.0     11/  (CVE-2018-3620 and CVE-2018-3646). Customers running Windows
        2018 Server 2008 should install either 4458010 or 4457984 in addition
             to Security Update 4341832, which was released on August 14, 2018.
             See Windows Server 2008 SP2 servicing changes for more
             information. In addition, a note has been added to FAQ #2 to
             provide further information regarding enabling the mitigation for
             CVE-2017-5754 (Meltdown).

This vulnerability has no revisions.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW582rGaOgq3Tt24GAQjiPQ/+MvUCWTGJsqz2cTYABadJR61r+lcCzVyc
/EAzwi9qEykpiOzdqrMfqR+CoMIcuQqdOxyuNqnsaoYz3gi6M21+Mp6TW6koDJtJ
MPffQFdiJDN6Yh1ZL7Dd8vKEjX4luBo+aekckELz3Q8Z98DVyhenmlNy0CSsoKWP
c1VDsrnTiqaI3WoKzHzfDad1kJdP18S0Jg0l6Pr62ahiPmnYD2YxZ8Jkx1yZkJCv
avGpl+Dj086IQMT2gdXDFmKnPoOdymYAkGDlx6Ssl0MM7Zn8fpzhZLgP9FvlSFRU
IDgCXvj7R6ydyA3VVqBYGWPGVkJ6R39lMCvql8QfyL+hSxpPoBt9zeb/QRA5c1xS
HPIUkYPWuM8mywjdI8xpQOQNNC5q8tgCHOJadtWTfhm5hQ7lkxgvnW1ViA2nbwZQ
k+MQSlSSygOFPd4U2AVbHjVPjx04MKa7xNya1JNGwlChdMu5kOCytDYzaCHqf9z1
qhL2ZhpR3i6py4Fknw885ZUFzYWD5iWIqDzoLwoi2+kT+YNDUMLB+8GMuzcFg0bY
INFodE+UdYPLcLRDvUPqjY8L63GJXh73DQ45ohfdvrymL4Ww9AsAkoc6LaMAOpkF
F+UD4FlOwNzIquHzNvV/XGpGPnUwn42yVlpl+/7CIvvdcfb4nzGwRQgSA0U3pM2S
vbdUef8Ms8o=
=YGMK
-----END PGP SIGNATURE-----

« Back to bulletins