Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0009
January 2018 updates for Microsoft SQL Server mitigates
Meltdown and Spectre vulnerabilities
10 January 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft SQL Server 2008
Microsoft SQL Server 2016
Operating System: Windows
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
Member content until: Friday, February 9 2018
Reference: ASB-2018.0002.4
ESB-2018.0103
ESB-2018.0102
ESB-2018.0046
ESB-2018.0044
ESB-2018.0042
OVERVIEW
Microsoft has released its monthly security patch update for the month
of January 2018. [1]
This update resolves a vulnerability across the following products:
Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE)
Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE)
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE)
Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE)
Microsoft SQL Server 2016 for x64-based Systems
Microsoft SQL Server 2016 for x64-based Systems (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft SQL Server 2017 for x64-based Systems
Microsoft SQL Server 2017 for x64-based Systems (CU)
IMPACT
Microsoft has given the following details regarding this vulnerability.
Details Impact Severity
ADV180002 Information Disclosure Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1]
KB4057114, KB4058559, KB4057113, KB4058561, KB4058560
KB4058562, KB4057118, KB4057122
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWlV2qIx+lLeg9Ub1AQjWkRAAm4Op4CgLv7K567sLb1n7vVdd1b64F0Z0
EYHoihPB37FIpIjfaZl24Pwp//nPiaXsCiKFUZ7UeJTFtoJ6+j5LIQlLH10mLS9c
rP8atGsQd2wlImoWAamuLYZ+/W6JyrcEr39HX0kQ0avlNkPXTlF/MgshWQW0AulJ
w10ZSZwowdvia5s+8VPsjNdjOe0gx7jdS2IYO3z7e+U5NGy1SZtb/2F6/J7tuuHy
MDwYno+mgi93ImTgLyTBVw6ruCurMudGhFiWmde2xIx8nW/5B41uWsc1aI1d8riJ
YrcgZr8zr932GeHNTkKqmt3rNa4m2pF6QORYeeRr+wMnlNtTMlAEoPG0ibTzwCRl
q1biUsdm3zKLJd+LXNt/7ffx5zEaStay6LMmb4umOFBbJGGnd1g6bRhjWHaaKRRL
xc1HFy94qZ5H4g+m7VSKvJJau0wdVasPd8t9oA7UoYmabuha1VMvZCYF6OMmEdSF
Xkb1fmH0rXYvmvQ5UPjSwU03FV8NLkS25cWD0g/v8KR73XS00AWM4j4fkBQUuDzc
f/Efr7FnRNgfrKQchFBAs2CvUGeXIgb/wwqlA4Z8Jok+Lxwglsf+QgUf8t6F3q8G
GhTEZZRZ3V7tspRms9FPQT6/3/e9c0r3s7pGdQLBThkfxCXgs51z3YY/mlGKevlW
DSGWQS+EELs=
=N4K/
-----END PGP SIGNATURE-----