Рекомендации по обновлению ПО

Документы

Полная история обновлений безопасности


Обновления за последний месяц


16.04.19 April 2019 NCR FSE Microsoft Security Bulletins Recommendations
Microsoft has replaced security bulletins with the Security Updates Guide . Please see the blog post, Furthering our commitment to security updates, for more details. Security issues are no longer listed as bulletins but are listed by CVE number. CVEs are grouped by Monthly Security Rollup for all applicable software.

Anyone creating new software builds for Windows 7 SP1 can use the convenience roll up that was issued in April 2016 and then just install all the security patches since April 2016. The convenience roll up can be found here and includes all security patches up to April 2016.

Microsoft has made available an out-of-band update, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”  aka Spectre Variant 2, further details are provided at the following link.
https://support.microsoft.com/en-gb/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
 
Main point to note from the Article “Note; Users who do not have the affected Intel microcode do not have to download this update.”
 
NCR recommends to NOT deploy this update on your ATMs.  We continue to track all MS patches and communicate as per our normal monthly analysis and recommendations.
 
All patches must be tested with the local software stack prior to deployment in the production environment.

Due to the number of queries recently, please find the following clarifications on what the NCR Software Security Team provides.We only make recommendations to install the monthly Security Only updates every month, for Windows 7 SP1, .NET versions and IE11 cumulative security updates. We only confidence test the Security Only updates every month, for Windows 7 SP1 and .NET versions with NCR ATM software.We only confidence test the monthly IE11 cumulative security patch for Windows 7 SP1 with NCR ATM software.We do NOT recommend or test the monthly Security and Quality Rollup or cumulative rollups which includes all previous security fixes for Windows 7 SP1.Currently we make recommendations for Windows 10 version 1607 for x64-based Systems, Windows 10 patches are always cumulative.We confidence test Windows 10 monthly cumulative patches.
Customers can choose to deploy the Security and Quality Rollup or cumulative patches. If these patches going are to be deployed, we recommend that thorough confidence testing is done before deployment as the quality fixes or functional changes include in these patches may well affect application software stacks functionality.

NOTICE OF CHANGE TO MICROSOFT WINDOWS 10 PATCHING PROCESS
 
Beginning April 9th 2019 Microsoft are discontinuing the release of “Delta” patches for windows 10.
From this date going forwards, the only regular patches made available for download and testing for Windows 10 1607 x64 will be the “Full” cumulative update patch which is released on a monthly cadence. This patch release includes all patches from the date of the release of windows 10 1607 to the present day and, due to its cumulative nature, the size of this patch increases each month. The overall file is large. For example, the size of the monthly cumulative Update for Windows 10 1607 x64 released by Microsoft for March 2019 was 1394.4MB. There is no means to break this patch down, nor to make it any smaller. There are no other options available.
Due to this change, NCR can only recommend that customers pick up this cumulative patch to test and deploy, in place of the “Delta” patches supplied by Microsoft previously.  
NCR will continue to provide our regularly scheduled Microsoft Patch recommendations that contain the release information for these patches.
 
If the infrastructure is already in place to provide “Express” updates from Microsoft, then customers can also use this. However, the effective final patched state is the same as when applying the “full” cumulative patches. due to the complexity of testing the express patches and extra environmental concerns NCR can only provide guidance based upon the “Full” cumulative patch releases.

Note: There is no impact on Windows 7 – this change only affects windows 10 patch releases

Microsoft has replaced security bulletins with the Security Updates Guide . Please see the blog post, Furthering our commitment to security updates, for more details. Security issues are no longer listed as bulletins but are listed by CVE number. CVEs are grouped by Monthly Security Rollup for all applicable software.

Anyone creating new software builds for Windows 7 SP1 can use the convenience roll up that was issued in April 2016 and then just install all the security patches since April 2016. The convenience roll up can be found here and includes all security patches up to April 2016.

April 2019 Security Updates

Windows 7
Security Rollup ID: 4493448
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Critical CVEs: CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795, CVE-2019-0845, CVE-2019-0853
Important CVEs: CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0735, CVE-2019-0794, CVE-2019-0796, CVE-2019-0802, CVE-2019-0803, CVE-2019-0805, CVE-2019-0836, CVE-2019-0838,
      CVE-2019-0839, CVE-2019-0842, CVE-2019-0844, CVE-2019-0846, CVE-2019-0847, CVE-2019-0848, CVE-2019-0849, CVE-2019-0851, CVE-2019-0856, CVE-2019-0859, CVE-2019-0877, CVE-2019-0879
 
Security Rollup ID: 4493435
Affected Software: Internet Explorer 11
Critical CVEs: CVE-2019-0753
Important CVEs: CVE-2019-0752, CVE-2019-0764, CVE-2019-0835, CVE-2019-0862
 
Windows 10

Security Rollup ID: 4493470
Affected Software: Windows 10 Version 1607 for x64-based Systems
Critical CVEs: CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795, CVE-2019-0845, CVE-2019-0853
Important CVEs: CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0735, CVE-2019-0794, CVE-2019-0796, CVE-2019-0802, CVE-2019-0803, CVE-2019-0805, CVE-2019-0814, CVE-2019-0836, CVE-2019-0838,
                         CVE-2019-0839, CVE-2019-0842, CVE-2019-0844, CVE-2019-0846, CVE-2019-0847, CVE-2019-0848, CVE-2019-0849, CVE-2019-0851, CVE-2019-0856, CVE-2019-0859, CVE-2019-0877, CVE-2019-0879

Security Rollup ID: 4493470
Affected Software: Internet Explorer 11
Critical CVEs: CVE-2019-0753
Important CVEs: CVE-2019-0752, CVE-2019-0764, CVE-2019-0835, CVE-2019-0862
 
Security Advisories
ADV180002
 
NOTE: Included this month is a document providing guidance for installing Microsoft Updates on Self-Service Terminals.

Microsoft Release Notes for April 2019 Security Updates are available – Click Here.

Historical patching information can be found in the following attachment: NCR FSE Security Team - Microsoft Security Patch Recommendations December 2017.zip
Guide for installing Microsoft updates on SSTs: Installing Microsoft Updates on Self-Service Terminals.zip
 

These are the final documents and will be sent out for reference purposes only and will no longer be updated.  All the information will now be provided in the emails.

Адрес:
129075 г. Москва,
Мурманский проезд, 14, к. 1

http://www.lanatmservice.ru
Тел:
+7 (495) 967 6674
Факс:
+7 (495) 721 9155
E-mail:

Copyright 2019 «ЛАН АТМсервис»

Создано Webway