Microsoft Patchday for April 2018

Microsoft planned to release the Windows 10 Spring Creators Update (1803) today, but it appears that the release has been delayed because quality management reasons. Instead we get a lot of new security relevant updates which fixing several holes.

mspatchday

No Springs Creators Update today

But who cares? I already listed all download links here. The links won’t change anyway. Even if the Redstone 4 wasn’t official released today, it got it’s first update KB4100375.

UPDATE 4/10: We have released KB4100375 (OS Build 17133.73) to Windows Insiders running Build 17133 in the Fast, Slow, and Release Preview rings. This update includes the following quality improvements (no new OS features):

  • Addresses a PDF security issue in Microsoft Edge.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows kernel, Microsoft graphics component, Windows Server, Windows cryptography, and Windows datacenter networking.

Affected products

All operating systems are affected and the patches fixing critical vulnerabilities.

  • Windows 7: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
  • Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 1 moderate and 16 important
  • Windows 10 version 1607: 25 vulnerabilities of which 6 are rated critical and 19 important
  • Windows 10 version 1703: 28 vulnerabilities of which 6 are rated critical and 22 important
  • Windows 10 version 1709: 28 vulnerabilities of which 6 are rated critical and 22 important

Other Microsoft Products

  • Internet Explorer 11: 13 vulnerabilities, 8 critical, 5 important
  • Microsoft Edge: 10 vulnerabilities, 8 critical, 2 important

Windows Server products

  • Windows Server 2008 R2: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
  • Windows Server 2012 and 2012 R2: 23 vulnerabilities which 6 are rated critical, 1 moderate and 16 important
  • Windows Server 2016: 27 vulnerabilities of which 6 are rated critical, 1 moderate and 20 important

Adobe Flash

  • Security Advisory ADV180007, the changelog is available here together with the download here.

CVE-2017-5715 (Spectre Variant 2) changes

KB4093112 provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.

Known Issues

Windows 10 version 1709

Windows Update History reports that updates did not install because of 0x80070643 even though they did install.

Windows 7 and Windows Server 2008 R2

  • SMB Servers may has a memory leak
  • Stop error on PCs that don’t support SIMD or SSE2 CPU instructions.

Improvements and fixes

  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
  • Addresses an issue that causes an access violation in Internet Explorer when it runs on the Microsoft Application Virtualization platform.
  • Addresses an issue in Enterprise Mode related to redirects in Internet Explorer and Microsoft Edge.
  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn’t available).
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses an issue that causes document.execCommand(“copy”) to always return False in Internet Explorer.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.

All Downloads

Office Update Downloads

Office 2010

Office 2013

Office 2016

All other updates for Office 2007 are available here.

The ‘known issue’ (which never was one and only created by MS itself) alias “AV workaround” is now gone, this affects Windows 7, Windows 8.1 and devices without the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc Registry setting. So even if you don’t have the registry entry you (again) able to see/install updates.

Resource

  • AMD64 TECHNOLOGY INDIRECT BRANCH CONTROL EXTENSION (PDF) (developer.amd.com)
  • Windows 10 Redstone 4 Gets Cumulative Update for Insiders (thurrott.com)

 

Advertisements

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: