ZERO-DAY Vulnerability (CVE-2018-8653) Please Release Fixlets for this ASAP

Please see the following Article:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653

Public Notice:

If anyone has any pull to get this rolling and release that would be great, this is going on 48 hours old.

Dev are working on out-of-band patches already so they might have this one done soon… but not sure. Keep an eye on the release announcements or this thread for more details. I did shoot a note over to them.

Hi guys, we just released content for this here: IBM BigFix Patch: Content Release: Patches for Windows published 2018-12-19

Was it 48 hours old? I think this literally happened today maybe 12 hours ago? All of the latest stuff from the security portal seems to indicate it got pushed out on 12-19: https://portal.msrc.microsoft.com/en-us/security-guidance. The article you mention also looks like the release date is for 12-19?

Was there somewhere else that indicated that these patches were older?

7 Likes

Confirmation that the Patches have been released in Patches for Windows version: 3162

Thank You Very Much DEV TEAM!!! YOU ROCK!

1 Like

Is it solved or still zero-day vulnerability.

Browse to your External Sites Object under Sites
locate and select Patches for Windows
In the Details Pane you will see a Current Version Property

it is a Zero Day, you need to deploy the patches with the following priority

Critical - Desktops
Critical - RDS/Citrix Servers/ servers where browsing is common practice
Medium - remainder of your servers

Outstanding work.

As for release date, I’m not sure where @Xanuri gets their information from, because this was announced by Microsoft on the 19th (as per the portal link you provided) and even NIST doesn’t have this as newer than today, soo…
https://nvd.nist.gov/vuln/detail/CVE-2018-8653

Definitely way within scope of release time, so thanks for the effort in getting this type of content out in a timely fashion.

1 Like

if you look at the Microsoft Update catalog, the release date for the patch is the 18th.

But yes, great job by the dev team, also just wanted to post it all here publicly to make sure everyone was AWARE of it

Update Catalog date doesn’t mean much in the grand scheme of things; that is most likely the date the code was signed off by Microsoft; the portal announcement was on the 19th, and it’d be kind of difficult to create content based on something that hasn’t been announced yet, no?

1 Like

But what about Delta updates - they are still same patches in the console.

Is it for cumulative updates and not for delt updates. Because as per microsoft article it looks like for all the given KB articles.

Delta updates are just an incremental from one month to the next. They still contain updates for all components.

1 Like

thanks for the confirmation.

they did say they were not releasing a delta for this Zero-Day release however.