Рекомендации по обновлению ПО

Документы

Полная история обновлений безопасности


Обновления за последний месяц


16.07.18 July 2018 NCR FSE Microsoft Security Bulletins Recommendations

Microsoft has made available an out-of-band update, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”  aka Spectre Variant 2, further details are provided at the following link.
https://support.microsoft.com/en-gb/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
 
Main point to note from the Article “Note; Users who do not have the affected Intel microcode do not have to download this update.”
 
NCR recommends to NOT deploy this update on your ATMs.  We continue to track all MS patches and communicate as per our normal monthly analysis and recommendations.
 
All patches must be tested with the local software stack prior to deployment in the production environment.

 

Due to the number of queries recently, please find the following clarifications on what the NCR Software Security Team provides.
We only make recommendations to install the monthly Security Only updates every month, for Windows 7 SP1, .NET versions and IE11 cumulative security updates.
We only confidence test the Security Only updates every month, for Windows 7 SP1 and .NET versions with NCR ATM software.
We only confidence test the monthly IE11 cumulative security patch for Windows 7 SP1 with NCR ATM software.
We do NOT recommend or test the monthly Security and Quality Rollup or cumulative rollups which includes all previous security fixes for Windows 7 SP1.

Currently we make recommendations for Windows 10 version 1607 for x64-based Systems, Windows 10 patches are always cumulative.
We confidence test Windows 10 monthly cumulative patches.
Customers can choose to deploy the Security and Quality Rollup or cumulative patches. If these patches going are to be deployed, we recommend that thorough confidence testing is done before deployment as the quality fixes or functional changes include in these patches may well affect application software stacks functionality.

July 2018 Security Updates

Windows 7

Security Rollup ID: 4338823
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Important CVEs: CVE-2018-8206, CVE-2018-8282, CVE-2018-8304, CVE-2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8314

Security Rollup ID: 4339093
Affected Software: Internet Explorer 11
Critical CVEs: CVE-2018-8242, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296
Important CVEs: CVE-2018-0949, CVE-2018-8287

Security Rollup ID: 4338612
Affected Software: Microsoft .NET Framework 3.5.1
Critical CVEs: N/A
Important CVEs: CVE-2018-8202, CVE-2018-8284, CVE-2018-8356
Security Rollup ID: 4338602
Affected Software: Microsoft .NET Framework 4.5.2
Critical CVEs: N/A
Important CVEs: CVE-2018-8202, CVE-2018-8284, CVE-2018-8356

Security Rollup ID: 4338606
Affected Software: Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2
Critical CVEs: N/A
Important CVEs: CVE-2018-8202, CVE-2018-8284, CVE-2018-8356, CVE-2018-8260

Windows 10

Security Rollup ID: 4338814
Pre-requisite for Security Rollup ID: 4132216
Affected Software: Windows 10 Version 1607 for x64-based Systems
Critical CVEs: N/A
Important CVEs: CVE-2018-8206, CVE-2018-8222, CVE-2018-8282, CVE-2018-8304, CVE-2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8313

Security Rollup ID: 4338814
Pre-requisite for Security Rollup ID: 4132216
Affected Software: Internet Explorer 11
Critical CVEs: CVE-2018-8242, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296
Important CVEs: CVE-2018-0949, CVE-2018-8287

Security Rollup ID: 4338814
Pre-requisite for Security Rollup ID: 4132216
Affected Software: Microsoft .NET Framework 3.5
Critical CVEs: N/A
Important CVEs: CVE-2018-8202, CVE-2018-8284, CVE-2018-8356

Security Rollup ID: 4338814
Pre-requisite for Security Rollup ID: 4132216
Affected Software: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Critical CVEs: N/A
Important CVEs: CVE-2018-8202, CVE-2018-8284, CVE-2018-8356

Security Rollup ID: 4338814
Pre-requisite for Security Rollup ID: 4132216
Affected Software: Microsoft .NET Framework 4.7.2
Critical CVEs: N/A
Important CVEs: CVE-2018-8260

Security Advisories
N/A

Microsoft Release Note for July 2018 Security Updates link is available – Click Here.

Historical patching information can be found in the following attachment: NCR FSE Security Team - Microsoft Security Patch Recommendations December 2017.zip

Guide for installing Microsoft updates on SSTs: Installing Microsoft Updates on Self-Service Terminals.zip

These are the final documents and will be sent out for reference purposes only and will no longer be updated.  All the information will now be provided in the emails.

Адрес:
129075 г. Москва,
Мурманский проезд, 14, к. 1

http://www.lanatmservice.ru
Тел:
+7 (495) 967 6674
Факс:
+7 (495) 721 9155
E-mail:

Copyright 2018 «ЛАН АТМсервис»

Создано Webway