Microsoft today released a bunch of new updates – for all Windows Builds. The March 2018 Patchday is as expected and there this time no surprises. As always you can download and install the latest updates manually via the MS update catalog or via WUS.
Microsoft has updated its own Security Advisory ADV180002 Guidance to mitigate speculative execution side-channel vulnerabilities.
KB4088876 (Spectre and Meltdown)
This update provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2, however this doesn’t mean that these are microcode updates because Microsoft not integrates those things in security or rollup related patches.
All downloads are also available via WUS right now or are been rolled out during the next hours.
- KB890830 aka Windows Malicious Software Removal Tool – March 2018
Windows 8.1 and Windows Server 2012 R2
Windows 7 SP1 & Windows Server 2008 R2 SP
Realtek HD Audio v184.108.40.20693 WHQL for Win 7 – Win 10
- Microsoft also released another Realtek driver update today over WUS. YOu can recieve the driver over WUS directly or manually here.
Adobe Flash Player Update
- Windows 10 version 1709: 24 vulnerabilities
- Windows 10 version 1703: 28 vulnerabilities
- Windows 10 version 1607: 29 vulnerabilities
- Windows 8.1: 20 vulnerabilities
- Windows 7: 21 vulnerabilities
- Internet Explorer 11: 7 vulnerabilities, 2 critical and 5 important
- Microsoft Edge: 16 vulnerabilities, 12 critical and 4 important
The following issue are known for Windows 7 and Windows 8.1. Windows 10 has no known issue this time (the error 0x80070643 is by itself not really related the update, so I won’t see it as issue but I list it because MS does).
- (Windows 10) Windows Update History reports that KB4054517 failed to install because of error 0x80070643. You can manually check via winver (RUN Command) if the update was installed or not.
- (Windows 7) SMB Servers may leak memory after installing the update.
- (Windows 7) Stop error on machines with the Physical Address Extension (PAE) mode disabled. This update is not delivered to x86 systems with PAE disabled!
- (Windows 7) Stop error on machines not support Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).
- (Windows 7 and 8.1) No updates for systems without compatible AntiVirus solution or Registry key set – This still requires the AV registry workaround.
This Patchday is so far without any reports which means you can go ahead and install the updates without been worried about consequences.
I found nothing which had a negative impact on my test machines. Surprisingly the ‘dead’ Office 2007 got updates even if it’s end of life.
Source & Resource
- March 2018 Windows security update – Expanding our efforts to protect customers (blogs.windows.com)
- Intel’s Microcode Revision Guidance (newsroom.intel.com [PDF])
- March security updates expand Meltdown-Spectre protection for Windows (zdnet.com)
- THE MARCH 2018 SECURITY UPDATE REVIEW (zerodayinitiative.com)
March 2018 Office Update Release (blogs.technet.microsoft.com)
- SANS ISC InfoSec Forums – Microsoft March 2018 Patch Tuesday (isc.sans.edu)