Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4480972
HistoryJan 08, 2019 - 8:00 a.m.

January 8, 2019—KB4480972 (Security-only update)

2019-01-0808:00:00
Microsoft
support.microsoft.com
57

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

January 8, 2019—KB4480972 (Security-only update)

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren’t enabled by default. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
  • Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts. For more details, see Windows Security change affecting PowerShell.
  • Addresses an issue that prevents cross-era navigation in the Japanese Calendar view. For more information, see KB4469068.
  • Addresses an issue related to the date format for the Japanese Era calendar. For more information, see KB4469068.
  • Addresses an issue that causes the GetCalendarInfo function to return a wrong value for the Japanese Era. For more information, see KB4469068.
  • Security updates to Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.
    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”. This issue is resolved in KB4486993.
After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures. This issue is resolved in KB4490516.
After installing this update, Internet Explorer 10 and other applications that use WININET.DLLmay have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.

  • Keyboard shortcuts may not work properly.

  • Webpages may intermittently fail to load or render correctly.

  • Issues with credential prompts.

  • Issues when downloading files.
    | This issue is resolved in KB4493450.
    After installing this update, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(),insertBefore(), andmoveNode().The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.| This issue is resolved in KB4493450.
    Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.| Do one of the following:

  • Perform the operation from a process that has administrator privilege.

  • Perform the operation from a node that doesn’t have CSV ownership.
    Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update

This update is now available for installation through WSUS. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4480972.

Related

mskb 14
prion 15
cve 15
openvas 18
nessus 52
kaspersky 2
ibm 20
suse 4
aix 3
checkpoint_advisories 1
hp 1
thn 2
kitploit 1
mageia 1
redhat 14
slackware 1
freebsd_advisory 1
amazon 2
oraclelinux 2
freebsd 1
lenovo 3
talosblog 1
cert 1
symantec 2
securelist 1
nvidia 2
virtuozzo 4
ubuntu 6
qualysblog 3
threatpost 1
f5 1
vmware 1
huawei 1
arista 1
redhatcve 1
mskb
mskb
January 8, 2019—KB4480957 (Security-only update)
2019-01-08 08:00:00
January 8, 2019—KB4480975 (Monthly Rollup)
2019-01-08 08:00:00
January 8, 2019—KB4480960 (Security-only update)
2019-01-08 08:00:00
prion
prion
Remote code execution
2019-01-08 21:29:00
Remote code execution
2019-01-08 21:29:00
Remote code execution
2019-01-08 21:29:00
cve
cve
CVE-2019-0577
2019-01-08 21:29:00
CVE-2019-0584
2019-01-08 21:29:00
CVE-2019-0583
2019-01-08 21:29:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4480970)
2019-01-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4480963)
2019-01-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4480962)
2019-01-09 00:00:00
nessus
nessus
KB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update
2019-01-08 00:00:00
KB4480957: Windows Server 2008 January 2019 Security Update
2019-01-08 00:00:00
KB4480972: Windows Server 2012 January 2019 Security Update
2019-01-08 00:00:00
kaspersky
kaspersky
KLA11881 Multiple vulnerabilities in Microsoft Products (ESU)
2019-01-08 00:00:00
KLA11394 Multiple vulnerabilities in Microsoft Windows
2019-01-08 00:00:00
ibm
ibm
Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.
2019-12-18 14:26:38
Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.
2021-09-15 12:53:48
Security Bulletin: IBM has released updated AIX and VIOS fixes for CVE-2017-5715, known as Spectre, that are only applicable to some POWER9 systems.
2018-09-24 15:35:01
suse
suse
Security update for xen (important)
2018-06-09 15:08:42
Security update for the Linux Kernel (important)
2018-01-16 21:08:19
Security update for the Linux Kernel (important)
2018-01-11 18:10:26
aix
aix
IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.,IBM has released VIOS and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.
2018-01-25 08:15:51
IBM has released updated AIX and VIOS fixes for CVE-2017-5715 known as Spectre that are only applicable to some POWER9 systems.,IBM has released updated VIOS and VIOS fixes for CVE-2017-5715 known as Spectre that are only applicable to some POWER9 systems.
2018-08-17 08:05:01
IBM has released AIX and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.,IBM has released AIX and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.,IBM has released VIOS and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.
2018-05-22 15:30:11
checkpoint_advisories
checkpoint_advisories
Meltdown/Spectre Multiple Browsers Speculative Execution (CVE-2017-5715; CVE-2017-5753; CVE-2017-5754; CVE-2018-3639)
2018-01-04 00:00:00
hp
hp
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
2018-01-04 00:00:00
thn
thn
New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected
2018-05-22 08:27:00
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks
2018-01-04 21:18:00
kitploit
kitploit
In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors
2018-01-07 20:04:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-02-23 20:14:35
redhat
redhat
(RHSA-2018:1129) Important: kernel security and bug fix update
2018-04-17 14:32:29
(RHSA-2019:1046) Important: rhvm-setup-plugins security and bug fix update
2019-05-08 11:28:05
(RHSA-2018:1967) Important: kernel-alt security and bug fix update
2018-06-26 15:04:18
slackware
slackware
[slackware-security] kernel
2018-01-16 06:32:33
freebsd_advisory
freebsd_advisory
FreeBSD-SA-18:03.speculative_execution
2018-03-14 00:00:00
amazon
amazon
Critical: kernel
2018-01-11 21:05:00
Critical: kernel
2018-01-03 19:27:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-01-09 00:00:00
Unbreakable Enterprise kernel security update
2018-01-12 00:00:00
freebsd
freebsd
FreeBSD -- Speculative Execution Vulnerabilities
2018-03-14 00:00:00
lenovo
lenovo
Speculative Execution Side Channel Variants 4 and 3a - US
2018-09-13 11:41:00
Reading Privileged Memory with a Side Channel - Lenovo Support US
2018-10-24 12:22:52
Reading Privileged Memory with a Side Channel - US
2018-10-24 12:22:52
talosblog
talosblog
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
2019-01-08 11:40:00
cert
cert
CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
2018-05-21 00:00:00
symantec
symantec
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
2018-01-08 08:00:00
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03 00:00:00
securelist
securelist
IT threat evolution Q1 2018
2018-05-14 10:00:08
nvidia
nvidia
Security Bulletin: NVIDIA Jetson TX2 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-05 00:00:00
Security Notice: CPU Speculative Side Channel Vulnerabilities
2018-01-03 00:00:00
virtuozzo
virtuozzo
Important product update: Fixes for Meltdown and Spectre exploits in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 21 (6.0.12-3698)
2018-02-01 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-01-06 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)
2018-01-06 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-03-15 00:00:00
Firefox vulnerabilities
2018-01-05 00:00:00
Linux kernel vulnerabilities
2018-01-23 00:00:00
qualysblog
qualysblog
Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack
2018-03-02 14:48:53
Meltdown/Spectre and Qualys Cloud Platform
2018-01-09 02:36:19
Processor Vulnerabilities – Meltdown and Spectre
2018-01-04 02:17:43
threatpost
threatpost
Experts Weigh In On Spectre Patch Challenges
2018-01-07 23:21:34
f5
f5
Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
2018-01-04 04:46:00
vmware
vmware
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
huawei
huawei
Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'
2018-01-06 00:00:00
arista
arista
Security Advisory 0031
2018-01-03 00:00:00
redhatcve
redhatcve
CVE-2017-5715
2021-07-20 18:54:09

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for KB4480972
mskb14prion15cve15openvas18nessus52kaspersky2ibm20suse4aix3checkpoint_advisories1hp1thn2kitploit1mageia1redhat14slackware1freebsd_advisory1amazon2oraclelinux2freebsd1lenovo3talosblog1cert1symantec2securelist1nvidia2virtuozzo4ubuntu6qualysblog3threatpost1f51vmware1huawei1arista1redhatcve1