Patch Management Group

 View Only

  • 1.  When Will PMImport include patches for CVE-2018-8653

    Trusted Advisor
    Posted Dec 20, 2018 10:38 AM

    Since this was an emergency out of band release from Microsoft (12/19) it didn't make latest PMImport 7.3.242.

    Any chance an emergency out of band PMImport will come out to cover this given the press it's gotten or is the next chance to get it not until Tuesday when many will be vacationing?

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653

    We're specifically waiting for KB4483187 for win7 clients.



  • 2.  RE: When Will PMImport include patches for CVE-2018-8653
    Best Answer

    Trusted Advisor
    Posted Dec 20, 2018 11:47 AM

    support was kind enough to quickly call me to tell me patch is available. I was expecting it to have a different date so my eyes missed it.  Should have done a search!

     



  • 3.  RE: When Will PMImport include patches for CVE-2018-8653

    Posted Dec 20, 2018 12:30 PM

    I'm confused (Which is normal when I look at MS patches).  The out of band was released 12/19, how is it that ITMS lists it as released on patch tuesday (12/11) and its already downloaded.  I'm guessing that is not the out of band patch, that is a monthly Dec IE patch. 



  • 4.  RE: When Will PMImport include patches for CVE-2018-8653

    Trusted Advisor
    Posted Dec 20, 2018 12:53 PM

    It was out of band released on Wednesday.  I was hoping it would make the Thursday update and it did it looks like - dunno why they listed date as they did.

    my test machine is win7 and I confirmed my jscript.dll and jscript9.dll match new versions with 12/14 date given here

    Jscript9.dll 11.0.9600.19230

    Jscript.dll

    		 5.8.9600.19230


  • 5.  RE: When Will PMImport include patches for CVE-2018-8653

    Broadcom Employee
    Posted Dec 20, 2018 01:07 PM

    Hi Sally,

    it looks that it's just an incorrect Release Date set for this update in datafeed. Bulletin description has a correct information:

    All other updates for the same vulnerability (introduced in the same 7.3.242 PM Import) have 12/19 as a Release Date.



  • 6.  RE: When Will PMImport include patches for CVE-2018-8653

    Broadcom Employee
    Posted Dec 20, 2018 01:15 PM

    I asked content team to correct the Release Date.



  • 7.  RE: When Will PMImport include patches for CVE-2018-8653

    Trusted Advisor
    Posted Dec 20, 2018 01:19 PM

    Thanks @dmitri!



  • 8.  RE: When Will PMImport include patches for CVE-2018-8653

    Posted Dec 20, 2018 01:27 PM

    In PMImport version 7.3.242 I do see that KB4483187 is listed in my Software Bulletin Details report however it is listed with a Released and Revised date of 12/11/2018 (December 11 2018). The incorrect date may be due to the metadata passed down by Microsoft related to the known issues in their article https://support.microsoft.com/en-us/help/4483187/cumulative-security-update-for-internet-explorer-december-19-2018 which states:

    "After you install this security update on a computer that is running Windows Server 2012 R2 or Windows 8.1, the About Internet Explorer 11 dialog box will show KB4470199 (the December 11, 2018 security update for Internet Explorer) instead of KB4483187"

    Additionally, I ran the Windows System Assessment Scan on my Windows 7 computer and KB4483187 is listed in the Compliance By Bulletin report for Windows 7 operating systems.