-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 17, 2017
********************************************************************
Summary
=======
The following advisory has been revised in the October 2017 Security Updates.
* ADV170012
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: v1.3: The following revisions are
informational changes only: * Added CVE number and vulnerability
name. * Added links for OEM information for HPE and Toshiba to the
table under Step 4: Apply applicable firmware updates. * Added
information for MSA to the table under Step 5: Remediate services
based on your particular use cases.
- Originally posted: October 10, 2017
- Updated: October 17, 2017
- CVE Severity Rating: Critical
- Version: 1.3
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Microsoft Security Update Minor Revisions Issued: October 17, 2017
Userlevel 7
+54
Userlevel 7
+56
Thanks Jeff!
Userlevel 7
+62
Mucho Gracias Jasper!:D
Userlevel 7
+56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 18, 2017
********************************************************************
Summary
=======
The following advisory and CVE have been revised in the October 2017 Security Updates.
* ADV170012
* CVE-2017-13080
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: The following revisions added under Step 4:
Apply applicable firmware updates are informational only: * Added list
of affected Microsoft Surface devices. * Added link for Acer to the
table of OEM information.
- Originally posted: October 10, 2017
- Updated: October 18, 2017
- CVE Severity Rating: Critical
- Version: 1.4
CVE-2017-13080
- Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Corrected FAQ 4 to clarify that the security
updates released on October 10 fully address CVE-2017-13080.
- Originally posted: October 10, 2017
- Updated: October 18, 2017
- CVE Severity Rating: Important
- Version: 1.2
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 18, 2017
********************************************************************
Summary
=======
The following advisory and CVE have been revised in the October 2017 Security Updates.
* ADV170012
* CVE-2017-13080
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: The following revisions added under Step 4:
Apply applicable firmware updates are informational only: * Added list
of affected Microsoft Surface devices. * Added link for Acer to the
table of OEM information.
- Originally posted: October 10, 2017
- Updated: October 18, 2017
- CVE Severity Rating: Critical
- Version: 1.4
CVE-2017-13080
- Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Corrected FAQ 4 to clarify that the security
updates released on October 10 fully address CVE-2017-13080.
- Originally posted: October 10, 2017
- Updated: October 18, 2017
- CVE Severity Rating: Important
- Version: 1.2
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Userlevel 7
+54
Thank you Daniel
Userlevel 7
+56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 20, 2017
********************************************************************
Summary
=======
The following advisory and security bulletin have undergone a minor revision increment.
* ADV170012
* MS14-085
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Removed the October security-only updates
for Windows Server 2012, Windows Server 2012 R2, and Windows 8.1
from the Affected Products table because these updates do not
address the vulnerability discussed in this advisory. Clarified
in FAQ 9 and 10 that customers running these versions of Windows
who install security-only updates must install either the
September security-only updates or the October monthly rollup
to receive the changes for this vulnerability. These are
informational changes only.
- Originally posted: October 10, 2017
- Updated: October 20, 2017
- CVE Severity Rating: Critical
- Version: 1.5
MS14-085
- Title: Vulnerability in Microsoft Graphics Component Could
Allow Information Disclosure (3013126)
- https://technet.microsoft.com/library/security/ms14-085
- Reasons for Revision: Corrected a typo in the CVE description.
- Originally posted: December 9, 2017
- Updated: October 19, 2014
- CVE Severity Rating: Important
- Version: 1.1
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 20, 2017
********************************************************************
Summary
=======
The following advisory and security bulletin have undergone a minor revision increment.
* ADV170012
* MS14-085
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Removed the October security-only updates
for Windows Server 2012, Windows Server 2012 R2, and Windows 8.1
from the Affected Products table because these updates do not
address the vulnerability discussed in this advisory. Clarified
in FAQ 9 and 10 that customers running these versions of Windows
who install security-only updates must install either the
September security-only updates or the October monthly rollup
to receive the changes for this vulnerability. These are
informational changes only.
- Originally posted: October 10, 2017
- Updated: October 20, 2017
- CVE Severity Rating: Critical
- Version: 1.5
MS14-085
- Title: Vulnerability in Microsoft Graphics Component Could
Allow Information Disclosure (3013126)
- https://technet.microsoft.com/library/security/ms14-085
- Reasons for Revision: Corrected a typo in the CVE description.
- Originally posted: December 9, 2017
- Updated: October 19, 2014
- CVE Severity Rating: Important
- Version: 1.1
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Userlevel 7
+54
Thank you Daniel
Userlevel 7
+56
WoW another update to the same issue! Version: 1.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 26, 2017
********************************************************************
Summary
=======
The following advisory has been revised in the October 2017 Security Updates.
* ADV170012
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: v1.6: The following revisions are
informational changes only: * Added link for OEM information for
Panasonic to the table under Step 4: Apply applicable firmware updates.
* Revised Windows Hello information in the table under Step 5:
Remediate services based on your particular use cases.
- Originally posted: October 10, 2017
- Updated: October 26, 2017
- CVE Severity Rating: Critical
- Version: 1.6
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 26, 2017
********************************************************************
Summary
=======
The following advisory has been revised in the October 2017 Security Updates.
* ADV170012
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: v1.6: The following revisions are
informational changes only: * Added link for OEM information for
Panasonic to the table under Step 4: Apply applicable firmware updates.
* Revised Windows Hello information in the table under Step 5:
Remediate services based on your particular use cases.
- Originally posted: October 10, 2017
- Updated: October 26, 2017
- CVE Severity Rating: Critical
- Version: 1.6
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Userlevel 7
+62
Thank you again Daniel!:D
Userlevel 7
+54
Thank you Daniel for the vigilance.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.