Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2520.2 ADV180018 | Microsoft Guidance to mitigate L1TF variant 17 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Publisher: Microsoft Operating System: Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-3646 CVE-2018-3640 CVE-2018-3639 CVE-2018-3620 CVE-2018-3615 CVE-2017-5754 CVE-2017-5715 Reference: ASB-2018.0192 ESB-2018.2343 ESB-2018.2370.2 Original Bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180018 Revision History: September 17 2018: Vendor announced release of security updates to provide additional protections against L1TF and released further mitigation advice. August 27 2018: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- ADV180018 | Microsoft Guidance to mitigate L1TF variant Security Vulnerability Security Advisory Published: 08/14/2018 | Last Updated : 09/11/2018 MITRE ADV180018 Executive Summary On January 3, 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). Microsoft is aware of a new speculative execution side channel vulnerability known as L1 Terminal Fault (L1TF) which has been assigned multiple CVEs as noted in the following table. This vulnerability affects Intel(R) Core(R) processors and Intel(R) Xeon(R) processors. For more information, see Intel's advisory at: https://www.intel.com/content/ www/us/en/security-center/advisory/intel-sa-00161.html. CVE Name Applicability CVE-2018-3615 L1 Terminal Intel(R) Software Guard Extensions (SGX) Fault CVE-2018-3620 L1 Terminal Operating System (OS), System Management Mode Fault (SMM) CVE-2018-3646 L1 Terminal Virtual Machine Manager (VMM) Fault An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An attacker would need prior access to the system or the ability to run code on the system to leverage this vulnerability. For a technical description of L1TF please see our Security Research and Defense (SRD) blog. Microsoft has released several updates to help mitigate this vulnerability. To get all available protections, firmware (microcode) and software updates are required. We have also taken action to secure our cloud services. See the Microsoft cloud customers section for more details. Microsoft has not received any information to indicate that this vulnerability has been used to attack customers at this time. Microsoft continues to work closely with industry partners, including chip makers, hardware OEMs, and app vendors to protect customers from the speculative execution class of hardware vulnerabilities. Recommended Actions 1. The best protection is to keep your computers up to date. You can do this by taking advantage of automatic updates. Learn how to turn on automatic updates here. 2. Enterprise customers should: 1. Review this advisory in detail for guidance by product or service and register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. 2. Inventory the processors in use across the enterprise to determine risk exposure and help inform the required protections for L1TF. 3. Inventory the use of Virtualization Based Security (VBS) across the enterprise and especially in client systems to help inform the required protections. 4. Evaluate the risk posed by L1TF to enterprise environments. In general terms, any system that was deemed to need protection for CVE-2017-5715 (Spectre Variant 2, Branch Target Injection) would need protection for L1TF. 3. Verify the status of protection for CVE-2018-3620 using the PowerShell script Get-SpeculationControlSettings. For more information and to obtain the PowerShell script see Understanding Get-SpeculationControlSettings PowerShell script output. Potential performance impacts In testing, Microsoft has seen some performance impact with these mitigations depending on the configuration of the system and what mitigations are needed. For most consumer devices, we have not observed a noticeable performance impact after applying the updates. Customers that use Virtualization Based Security (VBS) or versions of Hyper-V prior to Windows Server 2016 may need to disable Hyper-Threading to fully address the risk from L1 Terminal Fault (L1TF), resulting in performance degradation. Performance impact will vary by hardware and the workloads running on the system. As the most common device and server configuration is to have Hyper-Threading enabled, the performance impact will depend on whether the user or administrator takes the action to disable Hyper-Threading on the system. As noted earlier, Windows Server 2016 provides an option to enable the Hyper-V Core Scheduler which mitigates the L1TF attack vector while allowing Hyper-Threading to remain enabled, resulting in a minimal performance impact For information on performance impact by Intel, please see: www.intel.com/securityfirst. Advisory Details Vulnerabilities Description Speculative execution side-channel vulnerabilities such as L1 Terminal Fault (L1TF) can be used to read the content of memory across a trusted boundary and if exploited, can lead to information disclosure. There are multiple vectors by which an attacker could trigger the vulnerabilities depending on the configured environment. For a detailed view of affected scenarios and Microsoft's approach to mitigating L1TF please see our Security Research and Defense (SRD) blog. The following table summarizes the potential relevance of L1TF to various attack scenarios and the applicable CVE: Attack Category Attack Scenario L1TF CVE Inter-VM Hypervisor-to-guest CVE-2018-3646 Host-to-guest CVE-2018-3646 Guest-to-guest CVE-2018-3646 Intra-OS Kernel-to-user CVE-2018-3620 Process-to-process CVE-2018-3620 Intra-process CVE-2018-3620 Enclave SGX-to-any CVE-2018-3615 VSM-to-any CVE-2018-3646 Microsoft cloud customers Microsoft has deployed mitigations across our cloud services which reinforce the isolation between customers. Customers who host untrusted code inside their applications should see Guidance for mitigating speculative execution side-channel vulnerabilities in Azure. Azure Stack customers Azure Stack customers should see Guidance for mitigating L1 Terminal Fault in Azure Stack. Microsoft Windows client customers Customers using Windows client operating systems on systems with affected Intel processors may need to apply both firmware (Microcode) and software updates, depending on how the system is configured. However, most devices running Windows client operating systems will only need Windows software updates for protection. We have not observed performance degradation from these changes. The following table outlines the requirements for full protection for each CVE: CVE Windows Changes Requires Requires additional action? microcode? CVE-2018-3620 Kernel updates No No* CVE-2018-3646 Hypervisor updates Yes** Yes, if using VBS or Hyper-V * Protection for CVE-2018-3620 builds on the protection for CVE-2017-5754 (Meltdown) which is enabled by default on client. Customers that have disabled the protection for CVE-2017-5754 must re-enable it to gain protection for CVE-2018-3620. (See FAQ#2) ** The required microcode is the same microcode that addresses CVE-2018-3639 and CVE-2018-3640. Microsoft is making available Intel-validated microcode updates for Windows 10 operating systems. Please see Microsoft Knowledge Base Article 4093836 for the current Intel microcode updates. Customers using Hyper-V or features that rely on Virtualization Based Security (VBS) may need to take additional action to be fully protected: 1. Installation of Windows Security updates (See the Affected Products table in this advisory). 2. Installation of firmware updates provided by the device's OEM. 3. Disabling Hyper-Threading (See FAQ #1). Note: Disabling Hyper-Threading can affect system performance. Please see Intel's guidance at www.intel.com/ securityfirst for more information. Windows Virtualization Based Security (VBS) is foundational to Windows 10 security. All VBS features including Hypervisor-enforced Code Integrity (HVCI) and VBS enclaves depend on confidentiality to maintain a strong security boundary. The L1TF vulnerability introduces risk that the confidentiality of VBS secrets could be compromised via a side-channel attack when Hyper-Threading (HT) is enabled, weakening the security boundary provided by VBS. Even with this increased risk, VBS still provides valuable security benefits and mitigates a range of attacks with HT enabled. Hence, we recommend that VBS continue to be used on HT-enabled systems. Customers who want to eliminate the potential risk of the L1TF vulnerability on the confidentiality of VBS should consider disabling HT to mitigate this additional risk. Windows client operating system users who are using Hyper-V for the security guarantees provided by VM isolation should disable HT to protect against L1TF. Microsoft Windows Server customers Customers using Windows Server operating systems may need to apply both firmware (microcode) and software updates, depending on how the system is configured. The following table outlines the requirements for full protection for each CVE: CVE Windows Server Requires Requires additional action? changes microcode? CVE-2018-3620 Kernel updates No Yes* CVE-2018-3646 Hypervisor Yes** Yes, if using VBS or Hyper-V and updates Hyper-Threading is enabled * Protection for CVE-2018-3620 builds on the protection for CVE-2017-5754 (Meltdown) which is disabled by default on Windows Server. To obtain protection for CVE-2018-3620, customers must enable the protection for CVE-2017-5754 (See FAQ #2). ** The required microcode is the same microcode that addresses CVE-2018-3639 and CVE-2018-3640. Microsoft is making available Intel-validated microcode updates for Windows Server 2016 operating systems. Please see Microsoft Knowledge Base Article 4093836 for the current Intel microcode updates. Detailed guidance on the actions required for Windows Server customers can be found in Microsoft Knowledge Base Article 4457951. Microsoft Surface customers Customers using Microsoft Surface and Surface Book products need to follow the guidance for Windows Client outlined on this advisory. See Microsoft Knowledge Base Article 4073065 for more information about affected Surface products and availability of the microcode updates. Microsoft Hololens customers Microsoft HoloLens is unaffected by L1TF because it does not use an affected Intel processor. FAQ 1. How do I disable Hyper-Threading on my device? The steps necessary to disable Hyper-Threading will differ from OEM to OEM but are generally part of the BIOS or firmware setup and configuration tools. 2. How do I enable the mitigation for CVE-2017-5754 (Meltdown)? Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. You can then restore the registry if a problem occurs. For more information about how to back up and restore the registry, see Microsoft Knowledge Base 322756 How to back up and restore the registry in Windows. To enable protection for CVE-2017-5715 and CVE 2017-5754: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Restart the computer for the changes to take effect. Note: Customers who turned on the mitigation for Speculative Store Bypass (CVE-2018-3639) by following the guidance in Security Advisory 180012 do not need to take further action because the registry key settings provided in ADV180012 also enable protections for CVE-2017-5754. 3. What is VBS and how do I know if I am using it? Virtualization Based Security (VBS) uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system and is used by security features such as Device Guard, Application Guard, Credential Guard, and Hypervisor Code Integrity (HVCI). VBS is supported in the following versions of Windows: o Windows 10 Version 1803 o Windows 10 Version 1709 o Windows 10 Version 1703 o Windows 10 Version 1607 o Windows Server, version 1803 o Windows Server, version 1709 o Windows Server 2016 To determine if VBS is enabled, run MSINFO32.EXE and look for the Virtualization-based Security line item under the System Summary node. CVE Description missing... Exploitability Assessment The following table provides an exploitability assessment for this vulnerability at the time of original publication. Publicly Exploited Latest Software Release Older Software Release Denial of Service Disclosed No No 2 - Exploitation Less Not Applicable 2 - Exploitation Not Not Likely Less Likely Applicable Applicable o Affected Products o CVSS Score Affected Products The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle. Product Platform Article Download Impact Severity Supersedence Security Windows 10 for 4343892 Update Information Important 4338829 32-bit Systems 4343892 Security Disclosure Update Security Windows 10 for 4343892 Update Information Important 4338829 x64-based Systems 4343892 Security Disclosure Update Windows 10 Security Version 1607 for 4343887 Update Information Important 4338814 32-bit Systems 4343887 Security Disclosure Update Windows 10 Security Version 1607 for 4343887 Update Information Important 4338814 x64-based Systems 4343887 Security Disclosure Update Windows 10 Security Version 1703 for 4343885 Update Information Important 4338826 32-bit Systems 4343885 Security Disclosure Update Windows 10 Security Version 1703 for 4343885 Update Information Important 4338826 x64-based Systems 4343885 Security Disclosure Update Windows 10 Security Version 1709 for 4343897 Update Information Important 4338825 32-bit Systems 4343897 Security Disclosure Update Windows 10 Security Version 1709 for 4343897 Update Information Important 4338825 64-based Systems 4343897 Security Disclosure Update Windows 10 Security Version 1803 for 4343909 Update Information Important 4338819 32-bit Systems 4343909 Security Disclosure Update Windows 10 Security Version 1803 for 4343909 Update Information Important 4338819 x64-based Systems 4343909 Security Disclosure Update Monthly 4343900 Rollup Windows 7 for 4343900 Monthly 32-bit Systems Rollup Information Important 4338818 Service Pack 1 Security Disclosure 4343899 Only 4343899 Security Only Monthly 4343900 Rollup Windows 7 for 4343900 Monthly x64-based Systems Rollup Information Important 4338818 Service Pack 1 Security Disclosure 4343899 Only 4343899 Security Only Monthly 4343898 Rollup 4343898 Monthly Windows 8.1 for Rollup Information Important 4338815 32-bit systems Security Disclosure 4343888 Only 4343888 Security Only Monthly 4343898 Rollup 4343898 Monthly Windows 8.1 for Rollup Information Important 4338815 x64-based systems Security Disclosure 4343888 Only 4343888 Security Only Monthly Windows RT 8.1 4343898 Rollup Information Important 4338815 4343898 Monthly Disclosure Rollup Security 4341832 Update 4341832 Security Update Windows Server Monthly 2008 for 32-bit 4458010 Rollup Information Important Systems Service 4458010 Monthly Disclosure Pack 2 Rollup Security 4457984 Only 4457984 Security Only Security 4341832 Update 4341832 Security Windows Server Update 2008 for 32-bit Monthly Systems Service 4458010 Rollup Information Important Pack 2 (Server 4458010 Monthly Disclosure Core Rollup installation) Security 4457984 Only 4457984 Security Only Monthly 4458010 Rollup 4458010 Monthly Rollup Windows Server Monthly 2008 for 4458010 Rollup Information Important x64-based Systems 4458010 Monthly Disclosure Service Pack 2 Rollup Security 4457984 Only 4457984 Security Only Monthly 4458010 Rollup 4458010 Monthly Windows Server Rollup 2008 for Monthly x64-based Systems 4458010 Rollup Information Important Service Pack 2 4458010 Monthly Disclosure (Server Core Rollup installation) Security 4457984 Only 4457984 Security Only Monthly 4343900 Rollup Windows Server 4343900 Monthly 2008 R2 for Rollup Information Important 4338818 x64-based Systems Security Disclosure Service Pack 1 4343899 Only 4343899 Security Only Monthly Windows Server 4343900 Rollup 2008 R2 for 4343900 Monthly x64-based Systems Rollup Information Important 4338818 Service Pack 1 Security Disclosure (Server Core 4343899 Only installation) 4343899 Security Only Monthly 4343901 Rollup 4343901 Monthly Windows Server Rollup Information Important 4338830 2012 Security Disclosure 4343896 Only 4343896 Security Only Monthly 4343901 Rollup Windows Server 4343901 Monthly 2012 (Server Core Rollup Information Important 4338830 installation) Security Disclosure 4343896 Only 4343896 Security Only Monthly 4343898 Rollup 4343898 Monthly Windows Server Rollup Information Important 4338815 2012 R2 Security Disclosure 4343888 Only 4343888 Security Only Monthly 4343898 Rollup Windows Server 4343898 Monthly 2012 R2 (Server Rollup Information Important 4338815 Core Security Disclosure installation) 4343888 Only 4343888 Security Only Security Windows Server 4343887 Update Information Important 4338814 2016 4343887 Security Disclosure Update Windows Server Security 2016 (Server Core 4343887 Update Information Important 4338814 installation) 4343887 Security Disclosure Update Windows Server, Security version 1709 4343897 Update Information Important 4338825 (Server Core 4343897 Security Disclosure Installation) Update Windows Server, Security version 1803 4343909 Update Information Important 4338819 (Server Core 4343909 Security Disclosure Installation) Update CVSS Score The following software versions or editions that are affected have been scored against this vulnerability. Please read the CVSS standards guide to fully understand how CVSS vulnerabilities are scored, and how to interpret CVSS scores. Excel Icon Download Product Platform Scores Vector Base Temporal String Environmental CVSS:3.0/AV:L Windows 10 for 32-bit Systems 7.1 7.1 0 /AC:L/PR:N/ Windows 10 for 32-bit Systems UI:N/S:C/C:H/ I:N/A:N CVSS:3.0/AV:L Windows 10 for x64-based Systems 7.1 7.1 0 /AC:L/PR:N/ Windows 10 for x64-based Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1607 for 32-bit CVSS:3.0/AV:L Systems Windows 10 Version 1607 for 7.1 7.1 0 /AC:L/PR:N/ 32-bit Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1607 for CVSS:3.0/AV:L x64-based Systems Windows 10 7.1 7.1 0 /AC:L/PR:N/ Version 1607 for x64-based Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1703 for 32-bit CVSS:3.0/AV:L Systems Windows 10 Version 1703 for 7.1 7.1 0 /AC:L/PR:N/ 32-bit Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1703 for CVSS:3.0/AV:L x64-based Systems Windows 10 7.1 7.1 0 /AC:L/PR:N/ Version 1703 for x64-based Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1709 for 32-bit CVSS:3.0/AV:L Systems Windows 10 Version 1709 for 7.1 7.1 0 /AC:L/PR:N/ 32-bit Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1709 for CVSS:3.0/AV:L 64-based Systems Windows 10 Version 7.1 7.1 0 /AC:L/PR:N/ 1709 for 64-based Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1803 for 32-bit CVSS:3.0/AV:L Systems Windows 10 Version 1803 for 7.1 7.1 0 /AC:L/PR:N/ 32-bit Systems UI:N/S:C/C:H/ I:N/A:N Windows 10 Version 1803 for CVSS:3.0/AV:L x64-based Systems Windows 10 7.1 7.1 0 /AC:L/PR:N/ Version 1803 for x64-based Systems UI:N/S:C/C:H/ I:N/A:N Windows 7 for 32-bit Systems CVSS:3.0/AV:L Service Pack 1 Windows 7 for 32-bit 7.1 7.1 0 /AC:L/PR:N/ Systems Service Pack 1 UI:N/S:C/C:H/ I:N/A:N Windows 7 for x64-based Systems CVSS:3.0/AV:L Service Pack 1 Windows 7 for 7.1 7.1 0 /AC:L/PR:N/ x64-based Systems Service Pack 1 UI:N/S:C/C:H/ I:N/A:N CVSS:3.0/AV:L Windows 8.1 for 32-bit systems 7.1 7.1 0 /AC:L/PR:N/ Windows 8.1 for 32-bit systems UI:N/S:C/C:H/ I:N/A:N CVSS:3.0/AV:L Windows 8.1 for x64-based systems 7.1 7.1 0 /AC:L/PR:N/ Windows 8.1 for x64-based systems UI:N/S:C/C:H/ I:N/A:N CVSS:3.0/AV:L Windows RT 8.1 Windows RT 8.1 7.1 7.1 0 /AC:L/PR:N/ UI:N/S:C/C:H/ I:N/A:N Windows Server 2008 for 32-bit CVSS:3.0/AV:L Systems Service Pack 2 Windows 7.1 7.1 0 /AC:L/PR:N/ Server 2008 for 32-bit Systems UI:N/S:C/C:H/ Service Pack 2 I:N/A:N Windows Server 2008 for 32-bit CVSS:3.0/AV:L Systems Service Pack 2 (Server Core /AC:L/PR:N/ installation) Windows Server 2008 7.1 7.1 0 UI:N/S:C/C:H/ for 32-bit Systems Service Pack 2 I:N/A:N (Server Core installation) Windows Server 2008 for x64-based CVSS:3.0/AV:L Systems Service Pack 2 Windows 7.1 7.1 0 /AC:L/PR:N/ Server 2008 for x64-based Systems UI:N/S:C/C:H/ Service Pack 2 I:N/A:N Windows Server 2008 for x64-based CVSS:3.0/AV:L Systems Service Pack 2 (Server Core /AC:L/PR:N/ installation) Windows Server 2008 7.1 7.1 0 UI:N/S:C/C:H/ for x64-based Systems Service Pack I:N/A:N 2 (Server Core installation) Windows Server 2008 R2 for CVSS:3.0/AV:L x64-based Systems Service Pack 1 7.1 7.1 0 /AC:L/PR:N/ Windows Server 2008 R2 for UI:N/S:C/C:H/ x64-based Systems Service Pack 1 I:N/A:N Windows Server 2008 R2 for x64-based Systems Service Pack 1 CVSS:3.0/AV:L (Server Core installation) Windows 7.1 7.1 0 /AC:L/PR:N/ Server 2008 R2 for x64-based UI:N/S:C/C:H/ Systems Service Pack 1 (Server Core I:N/A:N installation) CVSS:3.0/AV:L Windows Server 2012 Windows Server 7.1 7.1 0 /AC:L/PR:N/ 2012 UI:N/S:C/C:H/ I:N/A:N Windows Server 2012 (Server Core CVSS:3.0/AV:L installation) Windows Server 2012 7.1 7.1 0 /AC:L/PR:N/ (Server Core installation) UI:N/S:C/C:H/ I:N/A:N CVSS:3.0/AV:L Windows Server 2012 R2 Windows 7.1 7.1 0 /AC:L/PR:N/ Server 2012 R2 UI:N/S:C/C:H/ I:N/A:N Windows Server 2012 R2 (Server Core CVSS:3.0/AV:L installation) Windows Server 2012 7.1 7.1 0 /AC:L/PR:N/ R2 (Server Core installation) UI:N/S:C/C:H/ I:N/A:N CVSS:3.0/AV:L Windows Server 2016 Windows Server 7.1 7.1 0 /AC:L/PR:N/ 2016 UI:N/S:C/C:H/ I:N/A:N Windows Server 2016 (Server Core CVSS:3.0/AV:L installation) Windows Server 2016 7.1 7.1 0 /AC:L/PR:N/ (Server Core installation) UI:N/S:C/C:H/ I:N/A:N Windows Server, version 1709 CVSS:3.0/AV:L (Server Core Installation) Windows 7.1 7.1 0 /AC:L/PR:N/ Server, version 1709 (Server Core UI:N/S:C/C:H/ Installation) I:N/A:N Windows Server, version 1803 CVSS:3.0/AV:L (Server Core Installation) Windows 7.1 7.1 0 /AC:L/PR:N/ Server, version 1803 (Server Core UI:N/S:C/C:H/ Installation) I:N/A:N Mitigations Microsoft has not identified any mitigating factors for this vulnerability. Workarounds Microsoft has not identified any workarounds for this vulnerability. FAQ Acknowledgements Microsoft would like to thank Raoul Strackx, Jo Van Bulck, and Frank Piessens of imec-DistriNet, KU Leuven; Marina Minkin, Technion; Ofir Weisse, University of Michigan; Daniel Genkin, University of Michigan; Baris Kasikci, University of Michigan; Mark Silberstein, Technion; Thomas F. Wenisch, University of Michigan; Yuval Yarom, University of Adelaide and Data61; and Lei Shi, Qihoo360 CERT for reporting this and working with us on coordinated disclosure. Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See acknowledgements for more information. Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions Version Date Description 08/ 1.0 14/ Information published. 2018 08/ 1.1 15/ Updated acknowledgment. This is an informational change only. 2018 Microsoft is announcing the availability of Intel-validated 08/ microcode updates for Windows 10 operating systems. Please see 2.0 24/ Microsoft Knowledge Base Article 4093836 (https:// 2018 support.microsoft.com/en-us/help/4093836) for the current Intel microcode updates. 09/ Added a section under Advisory Details to provide a link to L1TF 3.0 06/ guidance for Azure Stack customers. Please see Guidance for 2018 mitigating L1 Terminal Fault in Azure Stack (https:// support.microsoft.com/help/4463100) for information. Microsoft is announcing the release of Monthly Rollup 4458010 and Security Only 4457984 for Windows Server 2008 to provide additional protections against the speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that 09/ affects Intel(R) Core(R) processors and Intel(R) Xeon(R) processors 4.0 11/ (CVE-2018-3620 and CVE-2018-3646). Customers running Windows 2018 Server 2008 should install either 4458010 or 4457984 in addition to Security Update 4341832, which was released on August 14, 2018. See Windows Server 2008 SP2 servicing changes for more information. In addition, a note has been added to FAQ #2 to provide further information regarding enabling the mitigation for CVE-2017-5754 (Meltdown). This vulnerability has no revisions. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW582rGaOgq3Tt24GAQjiPQ/+MvUCWTGJsqz2cTYABadJR61r+lcCzVyc /EAzwi9qEykpiOzdqrMfqR+CoMIcuQqdOxyuNqnsaoYz3gi6M21+Mp6TW6koDJtJ MPffQFdiJDN6Yh1ZL7Dd8vKEjX4luBo+aekckELz3Q8Z98DVyhenmlNy0CSsoKWP c1VDsrnTiqaI3WoKzHzfDad1kJdP18S0Jg0l6Pr62ahiPmnYD2YxZ8Jkx1yZkJCv avGpl+Dj086IQMT2gdXDFmKnPoOdymYAkGDlx6Ssl0MM7Zn8fpzhZLgP9FvlSFRU IDgCXvj7R6ydyA3VVqBYGWPGVkJ6R39lMCvql8QfyL+hSxpPoBt9zeb/QRA5c1xS HPIUkYPWuM8mywjdI8xpQOQNNC5q8tgCHOJadtWTfhm5hQ7lkxgvnW1ViA2nbwZQ k+MQSlSSygOFPd4U2AVbHjVPjx04MKa7xNya1JNGwlChdMu5kOCytDYzaCHqf9z1 qhL2ZhpR3i6py4Fknw885ZUFzYWD5iWIqDzoLwoi2+kT+YNDUMLB+8GMuzcFg0bY INFodE+UdYPLcLRDvUPqjY8L63GJXh73DQ45ohfdvrymL4Ww9AsAkoc6LaMAOpkF F+UD4FlOwNzIquHzNvV/XGpGPnUwn42yVlpl+/7CIvvdcfb4nzGwRQgSA0U3pM2S vbdUef8Ms8o= =YGMK -----END PGP SIGNATURE-----