Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0009 January 2018 updates for Microsoft SQL Server mitigates Meltdown and Spectre vulnerabilities 10 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft SQL Server 2008 Microsoft SQL Server 2016 Operating System: Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Member content until: Friday, February 9 2018 Reference: ASB-2018.0002.4 ESB-2018.0103 ESB-2018.0102 ESB-2018.0046 ESB-2018.0044 ESB-2018.0042 OVERVIEW Microsoft has released its monthly security patch update for the month of January 2018. [1] This update resolves a vulnerability across the following products: Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) Microsoft SQL Server 2016 for x64-based Systems Microsoft SQL Server 2016 for x64-based Systems (CU) Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU) Microsoft SQL Server 2017 for x64-based Systems Microsoft SQL Server 2017 for x64-based Systems (CU) IMPACT Microsoft has given the following details regarding this vulnerability. Details Impact Severity ADV180002 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4057114, KB4058559, KB4057113, KB4058561, KB4058560 KB4058562, KB4057118, KB4057122 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWlV2qIx+lLeg9Ub1AQjWkRAAm4Op4CgLv7K567sLb1n7vVdd1b64F0Z0 EYHoihPB37FIpIjfaZl24Pwp//nPiaXsCiKFUZ7UeJTFtoJ6+j5LIQlLH10mLS9c rP8atGsQd2wlImoWAamuLYZ+/W6JyrcEr39HX0kQ0avlNkPXTlF/MgshWQW0AulJ w10ZSZwowdvia5s+8VPsjNdjOe0gx7jdS2IYO3z7e+U5NGy1SZtb/2F6/J7tuuHy MDwYno+mgi93ImTgLyTBVw6ruCurMudGhFiWmde2xIx8nW/5B41uWsc1aI1d8riJ YrcgZr8zr932GeHNTkKqmt3rNa4m2pF6QORYeeRr+wMnlNtTMlAEoPG0ibTzwCRl q1biUsdm3zKLJd+LXNt/7ffx5zEaStay6LMmb4umOFBbJGGnd1g6bRhjWHaaKRRL xc1HFy94qZ5H4g+m7VSKvJJau0wdVasPd8t9oA7UoYmabuha1VMvZCYF6OMmEdSF Xkb1fmH0rXYvmvQ5UPjSwU03FV8NLkS25cWD0g/v8KR73XS00AWM4j4fkBQUuDzc f/Efr7FnRNgfrKQchFBAs2CvUGeXIgb/wwqlA4Z8Jok+Lxwglsf+QgUf8t6F3q8G GhTEZZRZ3V7tspRms9FPQT6/3/e9c0r3s7pGdQLBThkfxCXgs51z3YY/mlGKevlW DSGWQS+EELs= =N4K/ -----END PGP SIGNATURE-----