September 10, 2019—KB4516051 (Security-only update)

September 10, 2019—KB4516051 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

September 10, 2019—KB4516026 (Monthly Rollup)

September 10, 2019—KB4516026 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4512499released August 17, 2019 and addresses the following issues: Provides protections against a new subclass of speculative execution side-channe...

September 10, 2019—KB4515384 (OS Build 18362.356)

September 10, 2019—KB4515384 OS Build 18362.356 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Note This release also contains updates for Microsoft HoloLens OS Build 18362.1031 released September 10, 2019. Microsoft will release an upda...

September 10, 2019—KB4516068 (OS Build 15063.2045)

September 10, 2019—KB4516068 OS Build 15063.2045 IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will reach end of service on October 8, 2019. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 . Reminder: March...

September 10, 2019—KB4512578 (OS Build 17763.737)

September 10, 2019—KB4512578 OS Build 17763.737 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when...

openSUSE Security Update : ucode-intel (openSUSE-2019-1806) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSB...

OPENSUSE-SU-2019:1806-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBD...

SUSE-SU-2019:1954-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBD...

SUSE-SU-2019:1910-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBD...

June 11, 2019—KB4503273 (Monthly Rollup)

June 11, 2019—KB4503273 Monthly Rollup Customers who have applied KB4489887 or later Monthly Rollup Packages to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The “build number” component of the version string increases by 1, and the revision number decrease...

SUSE-SU-2019:1423-1 Security update for libvirt

This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

qemu security update

CentOS Errata and Security Advisory CESA-2019:1178 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Intel ZombieLoad Side-Channel Attack: 10 Takeaways

Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling MDS, which impact all its modern CPUs. The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems – and result in...

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last...

May 14, 2019—KB4499181 (OS Build 15063.1805)

May 14, 2019—KB4499181 OS Build 15063.1805 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

May 14, 2019—KB4499171 (Monthly Rollup)

May 14, 2019—KB4499171 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4493462released April 25, 2019 and addresses the following issues: Provides protections against a new subclass of speculative execution side-channel...

May 14, 2019—KB4499158 (Security-only update)

May 14, 2019—KB4499158 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 64-Bit x64...

Remote Code Execution (RCE)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

RSA Conference 2019: Picking Apart the Foreshadow Attack

SAN FRANCISCO – Starting off with a bang with Spectre and Meltdown, 2018 was the year of speculative execution vulnerabilities in CPUs, which wreaked havoc in the IT industry. One of these attacks, dubbed Foreshadow, could allow unauthorized disclosure of information. Foreshadow impacts the Intel...

Unbreakable Enterprise kernel security update

2.6.39-400.301.1 - x86/speculation/l1tf: Fix overflow in l1tfpfnlimit on 32bit Vlastimil Babka Orabug: 28505519 CVE-2018-3620 - x86/speculation/l1tf: Exempt zeroed PTEs from inversion Sean Christopherson Orabug: 28505519 CVE-2018-3620 - x86/speculation/l1tf: Protect PAE swap entries against L1TF...