Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Microsoft security update – Out-of-Band

Number: AV18-054
Date: 30 March 2018

Purpose

The purpose of this advisory is to bring attention to a recently released Microsoft Security Update to which addresses failure to protect kernel memory when the Microsoft patch for the vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. known as Meltdown is installed.

Assessment

This advisory addresses the vulnerability by correcting how the Windows kernel handles objects in memory in various Microsoft products.

Affected Products:

  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

CVE References: CVE-2018-1038

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038
https://www.kb.cert.org/vuls/id/277400

Date modified: