Microsoft Windows Security Updates August 2018 release overview

Microsoft released security updates for Windows, Office, and other company products on the August 2018 Patch Tuesday (Update Tuesday).

Last month's Patch Day was not the the smoothest of them all as it had issues that affected all supported versions of Windows. Microsoft released three cumulative updates for Windows 10, one designed solely to fix issues caused by another. The Windows 7 and Windows 8.1 updates had bugs, and the .Net Framework patches caused issues on some systems they were installed on.

We recommend to wait with the installation of the updates for at least a couple of days to monitor reports about issues. If you have to install the updates, make sure you back up the system before you do so.

The overview covers updates for client and server versions of Windows, Microsoft Office, and other company products. It links to security advisories and support pages, lists direct downloads, and other information that is important for home users and system administrators alike.

Microsoft Windows Security Updates August 2018

You can download an Excel spreadsheet that contains all security updates that Microsoft released today. Just click on the following link to download it:
microsoft-windows-august-2018-updates.zip

Executive Summary

  • Microsoft released updates for all versions of Windows, Microsoft Edge, Internet Explorer Microsoft Office, and other company products including Visual Studio, .NET Framework, Microsoft SQL Server, Microsoft Exchange Server, and Adobe Flash Player.
  • All client and server versions of Windows are affected by critical vulnerabilities.
  • Microsoft does not provide a general overview of resolved security issues anymore on support pages.

Operating System Distribution

  • Windows 7: 15 vulnerabilities of which  3 are critical and 12 are important.
  • Windows 8.1: 12 vulnerabilities of which 2 are critical and 10 are important.
  • Windows 10 version 1607: 21 vulnerabilities of which 2 are critical and 17 are important.
  • Windows 10 version 1703: 21 vulnerabilities of which 3 are critical and 18 are important.
  • Windows 10 version 1709: 22 vulnerabilities of which 3 are critical and 19 are important.
  • Windows 10 version 1803: 21 vulnerabilities of which 3 are critical and 18 are important.

Windows Server products

  • Windows Server 2008 R2: 15 vulnerabilities of which 3 are critical and 12 are important.
  • Windows Server 2012 R2: 13 vulnerabilities of which 2 are critical and 10 are important.
  • Windows Server 2016: 20 vulnerabilities of which 2 are critical and 18 are important.

Other Microsoft Products

  • Internet Explorer 11: 11 vulnerabilities, 6 critical, 5 important
  • Microsoft Edge: 16 vulnerabilities, 10 critical, 5 important, 1 low

Windows Security Updates

KB4343909 -- Windows 10 version 1803

  • Protection against a new speculative execution side-channel vulnerability known as L2 Terminal Fault affecting Intel Copre and Intel Xeon processors.
  • Fixed high CPU usage issue for AMD Family processors of the 15th and 16th generation  after installing the June or July 2018 updates from Microsoft and microcode updates.
  • Fixed an issue that prevent apps from receiving mesh updates.
  • IE and Edge support the preload="none" tag.
  • Fixed authentication issue for apps running on HoloLens.
  • Addressed a battery life issue that reduced battery significantly after the upgrade to version 1803.
  • Fixed Device Guard blocking some ieframe.dll class IDs after the May 2018 update.
  • Addressed a vulnerability related to Export-Modulemember() function.

KB4343897 -- Windows 10 version 1709

  • Similar to Windows 10 version 1803.
  • Fixed copy adding additional spaces to content copied from IE.
  • Fixed AzureAD being displayed as the default domain after the July 24, 2018 updates.
  • Token Binding protocol draft updated to 0.16

KB4343885 -- Windows 10 version 1703

  • Similar to Windows 10 version 1803.
  • Fixed a issue that caused Internet Explorer to stop working on some sites.

KB4343887 -- Windows 10 version 1607 and Server 2016

  • Similar to Windows 10 version 1703.

KB4343898 -- Windows 8.1 Monthly Rollup Update

  • Protections against L1 Terminal Fault as in the Windows 10 updates
  • Support for preload="none" tag. Microsoft lists Edge but that is a copy/paste error.
  • Fixed device startup issue by installing KB3033055 released in September 2015 after installing any November 2017 or later update.

KB4343888 -- Windows 8.1 Security-only

  • Protections against L1 Terminal Fault as in the Windows 10 updates

KB4343900 -- Windows 7 SP1 Monthly Rollup Update

  • Protections against L1 Terminal Fault as in the Windows 10 updates
  • Fixed high cpu usage issue for some AMD processors after installing June or July 2018 updates and AMD microcode updates.
  • Protections against Lazy Floating Point (FP) State Restore for 32-bit versions.

KB4343899 -- Windows 7 SP1 Security-only

  • Identical to KB4343900

KB4343205 -- Cumulative Update for Internet Explorer

KB4338380 -- Windows Server 2008 -- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.

KB4340937 -- Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 -- A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects.

KB4340939 -- Windows Server 2008 -- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.

KB4341832 -- Windows Server 2008 -- L1TF variant vulnerabilities update.

KB4343674 -- Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 -- fixes remote code execution vulnerability and information disclosure vulnerability in GDI.

KB4343902 -- Security update for Adobe Flash Player

KB4344104 -- Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 -- Remote code execution vulnerability in the Windows font library.

KB4344159 -- Security Only Update for .NET Framework 4.0 on WES09 and POSReady 2009

KB4344180 -- Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009

KB4345590 --Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4345591 -- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4345592 -- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4345593 -- Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

KB4345679 -- Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4345680 -- Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4345681 -- Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4345682 -- Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

Notes

The following CVEs have FAQs that offer additional information and may also list additional steps required to update.

Known Issues

Windows 10 version 1803

Windows 10 version 1703

  • Issues caused by the July 2018 Net Framework update -- Microsoft is working on a solution.

Windows 10 version 1709

  • Localization issues for some languages that may display a few strings in English and not the local version.

Windows 7 SP1

  • Issue with third-party software related to missing oem<number>.inf file still exists.

Microsoft Exchange Server 2013

  • Some files are not properly update when the updates KB4340731 or KB4340733 are installed without elevated privileges. Outlook Web Access and Exchange Control Panel may stop working.

Security advisories and updates

ADV180017 -- July 2018 Adobe Flash Security Update

ADV180018 -- Microsoft Guidance to mitigate L1TF variant

ADV180020 -- August 2018 Adobe Flash Security Update

ADV180021 | Microsoft Office Defense in Depth Update

Non-security related updates

KB4339284 -- Time zone and DST changes in Windows for North Korea

KB4340689 -- Dynamic Update for Windows 10 Version 1709

KB890830 -- Windows Malicious Software Removal Tool - August 2018

KB4346877 -- Update for Windows 10 version 1607 and Server 2016 -- Fixes the .Net Framework update issues introduced by the July 2018 .Net updates.

KB4340917 -- Update for Windows 10 version 1803 -- See our coverage of KB4340917 here.

KB4338817 -- Update for Windows 10 version 1709 -- Lots of bug fixes.

KB4338827 -- Update for Windows 10 version 1703 -- Lots of bug fixes.

KB4338822 -- Update for Windows 10 version 1607 and Server 2016 -- Lots of bug fixes.

KB4345421 -- Update for Windows 10 version 1803 -- See our coverage of KB4345421 here.

KB4345420 -- Update for Windows 10 version 1709 -- attempts to fix issues caused by the July 2018 updates.

KB4345419 -- Update for Windows 10 version 1703 -- attempts to fix issues caused by the July 2018 updates.

KB4345418 -- Update for Windows 10 version 1607 and Server 2016 -- attempts to fix issues caused by the July 2018 updates.

Microsoft Office Updates

Check out our coverage of all released non-security updates for Office in August 2018 here.

Office 2016

KB4032233 -- Security update for Office 2016 that patches an information disclosure vulnerability.

KB4032235 -- Security update for Outlook 2016 detailed in ADV180021. Includes a number of improvements as well:

  • Restricts users from adding cloud files as attachments to digitally signed, rights-protected, or encrypted email messages.
  • Improves first, middle, and last names label translations in French.
  • Fixes a crash in third-party MAPI applications.
  • Adds various translations.
  • Outlook 2016 may start in offline mode even when you set it to start in online mode. (Fixed?)
  • Fixes accessibility issue with the Security Support Provider Interface authentication prompt.
  • Dynamic CRM functionality is blocked. See for help.

KB4032229 -- Security update for Excel 2016 that resolves a remote code execution vulnerability. Also includes improvements:

  • Fixes hangs in Excel
  • Addresses high CPU usage when you unprotect workbookx in Protected View and edit them.
  • Fixes an Excel crash when you open a workbook with an XLL add-in to store and retrieve binary data.
  • German translation update for VLOOKUP function assistant help text.

Office 2013

KB4032239 -- Resolves information disclosure vulnerability. Enables People Picker control in the Office Document Information Panel.

KB4032241 --Resolves various security vulnerabilities in Excel 2013.

KB4032240 -- Fixes security issues in Outlook 2013. Includes the following improvements:

  • Same as KB4032235 for the most part.

Office 2010

KB3213636 -- Fixes vulnerabilities in Microsoft Office 2010 - CVE-2018-8378.

KB4022198 -- Fixes vulnerabilities in Microsoft Office 2010 - CVE-2018-8378.

KB4032223 -- Excel 2010 update that addresses CVE-2018-8375, CVE-2018-8379 and CVE-2018-8382.

KB4018310 -- PowerPoint 2010 security update that addresses CVE-2018-8376.

KB4032222 -- Outlook 2010 security update. See ADV180021

Other Office products

KB4092433 -- Word Viewer

KB4092434 -- Word Viewer

KB4032213 -- Excel Viewer 2007

KB4032212 -- Microsoft Office Compatibility Pack Service Pack 3

KB4022195 - Microsoft Office Viewers and Office Compatibility Pack

Also: SharePoint Server 2016, 2013 and 2010.

How to download and install the August 2018 security updates

microsoft windows security updates august 2018

Most home PCs that run Windows use Windows Update for update checks, downloads, and installs. Organizations use Enterprise-specific update tools usually to download and deploy updates.

The Microsoft Update Catalog website offers a third-option to download and install updates.

Windows users who use Windows Update can run manual checks for updates to get updates installed immediately when they are released.

While it is recommended that you wait before you install updates, as updates may break things (and have numerous times in the past), you may do the following to install them when they are available:

  1. Tap on the Windows-key to display the Start menu.
  2. Type Windows Update and select the option.
  3. Select check for updates to install the updates.

Note: We recommend that you create a backup of the system partition and important data before you install Windows updates.

Direct update downloads

All cumulative updates for supported versions of Windows are also provided as direct downloads from Microsoft's Download Center site.

Just click on the direct links below to do so.

Windows 7 SP1 and Windows Server 2008 R2 SP

  •  KB4343900-- 2018-08 Security Monthly Quality Rollup for Windows 7
  •  KB4343899 — 2018-08 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  •  KB4343898 — 2018-08 Security Monthly Quality Rollup for Windows 8.1
  •  KB4343888 — 2018-08 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  •  KB4343887 — 2018-08 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

  •   KB4343885 — 2018-08 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  •  KB4343897 — 2018-08 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  •  KB4343909 — 2018-08 Cumulative Update for Windows 10 Version 1709

Additional resources

 

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates August 2018 release overview appeared first on gHacks Technology News.

Date: 

Tuesday, August 14, 2018 - 13:48

Ebay Deals