Patch Tuesday [April 10. 2018]

Status
Not open for further replies.
BoraMurdar

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
8m2QfU9.png

Today is the second Tuesday of the month, which means that it's Patch Tuesday, the day that Microsoft releases new updates for all supported versions of Windows. This month, every version of Windows 10 for PCs got cumulative updates, and even supported versions of Windows 10 Mobile got updates as well.

Of course, it's not uncommon for Windows 10 Mobile to be updated in parallel with PCs, but that hasn't been the case over the last couple of months.

PCs on the Windows 10 Fall Creators Update, or version 1709, will receive KB4093112, which brings the version number to 16299.371 and can be manually downloaded here. Here's what got fixed:
  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
  • Addresses an issue that causes an access violation in Internet Explorer when it runs on the Microsoft Application Virtualization platform.
  • Addresses an issue in Enterprise Mode related to redirects in Internet Explorer and Microsoft Edge.
  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn't available).
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses an issue that causes document.execCommand("copy") to always return False in Internet Explorer.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.
There's also one known issue to be aware of:

Symptom Windows Update History reports that KB4054517 failed to install because of error 0x80070643.
Workaround Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select Check for Updates to confirm that there are no additional updates available.
You can also type About your PC in the search box on your taskbar to confirm that your device is using the expected OS build.
Microsoft is working on a resolution and will provide an update in an upcoming release.

Windows 10 Mobile devices never actually got an update to Redstone 3, so they're not on build 16299. Instead, they'll be getting the latest feature2 cumulative update, which is build 15254.369, and that includes the same fixes and improvements as today's update for version 1703.

And speaking of Windows 10 version 1703, which is also known as the Creators Update, PC and phone users will get KB4093107, or build 15063.1029. It can be manually downloaded here for PCs, and it contains the following fixes:
  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn't available).
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft Edge, Windows app platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows Hyper-V, and Windows virtualization and kernel.
There are no known issues with this update, or any of the other updates listed below.

PCs and phones on the Windows 10 Anniversary Update, or version 1607, will see KB4093119, and that brings the build number to 14393.2189. You can manually download it here, and contains the following fixes and improvements:
  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn't available).
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Microsoft Edge, Windows graphics, Windows Server, Windows wireless networking, Windows Hyper-V, Windows kernel, and Windows virtualization and kernel.
If your PC is somehow still on Windows 10 version 1511, you'll see KB4093109, and the build number will be 10586.1540. This update is not available for phones, as Windows 10 Mobile version 1511 is unsupported. You can manually download the update here, and it contains the following fixes:
  • Addresses additional issues with updated time zone information.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft scripting engine, Windows RDP, Windows kernel, Windows IIS, Windows datacenter networking, Microsoft scripting engine, Microsoft Edge, Windows Hyper-V , and Windows virtualization and kernel.
While the changelog for the 1511 update was modest, PCs still on the original version of Windows 10 got a longer list of changes. Those devices will see KB4093111, which brings the build number to 10240.17831, and can be manually downloaded here. Here's what's fixed:
  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue where AppLocker publisher rules that are applied to MSI files don’t match the files correctly.
  • Addresses an issue that prevents the system from booting when you enable LSA (lsass.exe) to run as a protected process by setting the “RunAsPPL” registry entry. Additionally, the Automatic Repair screen may appear.
  • Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with Audit mode turned on. Netlogon.log may show the following:
    SamLogon: Transitive Network logon of \ from (via ) Entered
    NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
    SamLogon: Transitive Network logon of \ from (via ) Returns 0xC0000413
  • Addresses an issue that generates a certificate validation error (0x800B0109 (CERT_E_UNTRUSTEDROOT)) from http.sys.
  • Addresses an issue that prevents PIV smart cards from being recognized.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Windows kernel, Windows graphics, Windows Server, Windows datacenter networking, Windows wireless hetworking, and Windows Hyper-V.
Obviously, you shouldn't need to manually install any of these updates, unless you're actively trying to block your machine from installing a newer version of Windows 10. You should be able to go to Settings -> Update & security -> Windows Update -> Check for updates, and the service will download the cumulative update that's appropriate for your machine.

Those on Windows 7 SP1 and Windows Server 2008 R2 SP1 will see KB4093118, and that can be manually downloaded here. It contains the following fixes:
  • Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" registry setting. This change has been made to protect user data.
  • Improves reliability in the kernel, and addresses an issue that can cause applications to have unexpected memory contents on multiprocessor systems.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses an access violation on certain pages in Internet Explorer when it renders SVGs under high load.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Addresses a stop error that occurred when the previous month’s update was applied to a 32-bit (x86) computer with a Physical Address Extension (PAE) mode disabled.
  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.
It also contains the following known issues:

Symptom After you install this update, SMB servers may leak memory.
Workaround Microsoft is working on a resolution and will provide an update in an upcoming release.A stop error occurs on computers that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).Microsoft is working on a resolution and will provide an update in an upcoming release.

There's also a security-only patch that can be manually installed instead of the one above. That's KB4093108, and it can be manually downloaded here. It also contains the same pair of known issues.

If you're on Windows 8.1 or Windows Server 2012 R2, you'll see the KB4093114, which you can manually download here. It contains the following fixes:
  • Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" registry setting. This change has been made to protect user data.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses an access violation on certain pages in Internet Explorer when it's rendering SVGs under high load.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel, and Windows app platform and frameworks.
There are no known issues in this update, and the security-only update is KB4093115, which can be manually downloaded here.

Finally, Windows Server 2012 users will see the KB4093123 monthly rollup. You can manually download the update here, and it contains the following fixes:
  • Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" registry setting. This change has been made to protect user data.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Microsoft scripting engine, Internet Explorer, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, and Windows app platform and frameworks.
KB4093122 is the security-only update for Windows Server 2012, and that can be manually downloaded here. The client version of Windows that would coincide with Server 2012 is Windows 8, but that's not supported anymore, since Microsoft moved to Windows 8.1.
 
  • Like
Reactions: mehdi.n, LASER_oneXM, Marko :) and 12 others
LASER_oneXM

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
source:
Microsoft April Patch Tuesday – Update your system now to avoid being hacked by visiting a site

Microsoft has released April Patch Tuesday security updates that address 66 vulnerabilities, five of them could be exploited by an attacker to compromise a PC by just tricking the victims into visiting a website or opening a specifically crafted file.

Hackers can compromise your computer just visiting a malicious website or clicking a malicious link.

Microsoft has released April Patch Tuesday that addresses 66 vulnerabilities, 24 of which are rated critical and five of them could be exploited by an attacker to compromise a PC by just tricking the victims into visiting a website or opening a specifically crafted file.
... ..... .....
Click to expand...
 
  • Like
Reactions: Marko :), harlan4096 and frogboy
Status
Not open for further replies.

Similar threads

vtqhtr413
    • Like
    • Thanks
    • +Reputation
New Update Microsoft releases KB5034843 update for Windows 10
Replies
1
Views
379
Windows 10
B-boy/StyLe/
B-boy/StyLe/
silversurfer
    • Like
    • +Reputation
    • Thanks
New Update Windows 10 November 2023 Patch Tuesday (KB5032189)
Replies
0
Views
513
Windows 10
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
New Update Windows 11 KB5035853 update released, here's what's new
Replies
1
Views
349
Windows 11
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top