I can't tell if it is part of Meltdown and Spectre. MS site says its a fix for "An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB)".
But a couple of sites link this update as if its part of it.
Here is a link to reddit thread and a screenshot of another site.
I can't tell if it is part of Meltdown and Spectre. MS site says its a fix for "An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB)".
There is a mistake in the chart. The vulerability that KB4056759 resolves is connected to CVE-2018-0749 which is not one of the Meltdown/Spectre vulnerabilities. However, CVE-2018-0749 is indeed one of the vulnerabilities, fixed by the current Security Update.
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) server when an attacker who has valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploits this vulnerability could bypass certain security checks in the operating system.
The update addresses the vulnerability by correcting how Windows SMB Server handles such specially crafted files.
To learn more about the vulnerability, go to CVE-2018-0749.
The reason people are mistakenly making a connection, to the Meltdown/Spectre patch, is because (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) are included in the same cumulative patch that includes KB4056759. In other words, CVE-2018-0749, is included in KB4056892(Windows 10 Version 1709). There are only three vulnerabilities associated with Meltdown/Spectre anyways.
