Microsoft Windows Security Updates August 2018 release overview

Microsoft released security updates for Windows, Office, and other company products on the August 2018 Patch Tuesday (Update Tuesday).

Last month’s Patch Day was not the the smoothest of them all as it had issues that affected all supported versions of Windows. Microsoft released three cumulative updates for Windows 10, one designed solely to fix issues caused by another. The Windows 7 and Windows 8.1 updates had bugs, and the .Net Framework patches caused issues on some systems they were installed on.

We recommend to wait with the installation of the updates for at least a couple of days to monitor reports about issues. If you have to install the updates, make sure you back up the system before you do so.

The overview covers updates for client and server versions of Windows, Microsoft Office, and other company products. It links to security advisories and support pages, lists direct downloads, and other information that is important for home users and system administrators alike.

Microsoft Windows Security Updates August 2018

You can download an Excel spreadsheet that contains all security updates that Microsoft released today. Just click on the following link to download it: microsoft-windows-august-2018-updates.zip

Executive Summary

  • Microsoft released updates for all versions of Windows, Microsoft Edge, Internet Explorer Microsoft Office, and other company products including Visual Studio, .NET Framework, Microsoft SQL Server, Microsoft Exchange Server, and Adobe Flash Player.
  • All client and server versions of Windows are affected by critical vulnerabilities.
  • Microsoft does not provide a general overview of resolved security issues anymore on support pages.

Operating System Distribution

  • Windows 7: 15 vulnerabilities of which 3 are critical and 12 are important.
  • Windows 8.1: 12 vulnerabilities of which 2 are critical and 10 are important.
  • Windows 10 version 1607: 21 vulnerabilities of which 2 are critical and 17 are important.
  • Windows 10 version 1703: 21 vulnerabilities of which 3 are critical and 18 are important.
  • Windows 10 version 1709: 22 vulnerabilities of which 3 are critical and 19 are important.
  • Windows 10 version 1803: 21 vulnerabilities of which 3 are critical and 18 are important.

Windows Server products

  • Windows Server 2008 R2: 15 vulnerabilities of which 3 are critical and 12 are important.
  • Windows Server 2012 R2: 13 vulnerabilities of which 2 are critical and 10 are important.
  • Windows Server 2016: 20 vulnerabilities of which 2 are critical and 18 are important.

Other Microsoft Products

  • Internet Explorer 11: 11 vulnerabilities, 6 critical, 5 important
  • Microsoft Edge: 16 vulnerabilities, 10 critical, 5 important, 1 low

Windows Security Updates

KB4343909 — Windows 10 version 1803

  • Protection against a new speculative execution side-channel vulnerability known as L2 Terminal Fault affecting Intel Copre and Intel Xeon processors.
  • Fixed high CPU usage issue for AMD Family processors of the 15th and 16th generation after installing the June or July 2018 updates from Microsoft and microcode updates.
  • Fixed an issue that prevent apps from receiving mesh updates.
  • IE and Edge support the preload=”none” tag.
  • Fixed authentication issue for apps running on HoloLens.
  • Addressed a battery life issue that reduced battery significantly after the upgrade to version 1803.
  • Fixed Device Guard blocking some ieframe.dll class IDs after the May 2018 update.
  • Addressed a vulnerability related to Export-Modulemember() function.

KB4343897 — Windows 10 version 1709

  • Similar to Windows 10 version 1803.
  • Fixed copy adding additional spaces to content copied from IE.
  • Fixed AzureAD being displayed as the default domain after the July 24, 2018 updates.
  • Token Binding protocol draft updated to 0.16

KB4343885 — Windows 10 version 1703

  • Similar to Windows 10 version 1803.
  • Fixed a issue that caused Internet Explorer to stop working on some sites.

KB4343887 — Windows 10 version 1607 and Server 2016

  • Similar to Windows 10 version 1703.

KB4343898 — Windows 8.1 Monthly Rollup Update

  • Protections against L1 Terminal Fault as in the Windows 10 updates
  • Support for preload=”none” tag. Microsoft lists Edge but that is a copy/paste error.
  • Fixed device startup issue by installing KB3033055 released in September 2015 after installing any November 2017 or later update.

KB4343888 — Windows 8.1 Security-only

  • Protections against L1 Terminal Fault as in the Windows 10 updates

KB4343900 — Windows 7 SP1 Monthly Rollup Update

  • Protections against L1 Terminal Fault as in the Windows 10 updates
  • Fixed high cpu usage issue for some AMD processors after installing June or July 2018 updates and AMD microcode updates.
  • Protections against Lazy Floating Point (FP) State Restore for 32-bit versions.

KB4343899 — Windows 7 SP1 Security-only

  • Identical to KB4343900

KB4343205 — Cumulative Update for Internet Explorer

KB4338380 — Windows Server 2008 — An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.

KB4340937 — Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 — A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects.

KB4340939 — Windows Server 2008 — A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.

KB4341832 — Windows Server 2008 — L1TF variant vulnerabilities update.

KB4343674 — Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 — fixes remote code execution vulnerability and information disclosure vulnerability in GDI.

KB4343902 — Security update for Adobe Flash Player

KB4344104 — Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 — Remote code execution vulnerability in the Windows font library.

KB4344159 — Security Only Update for .NET Framework 4.0 on WES09 and POSReady 2009

KB4344180 — Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009

KB4345590 –Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4345591 — Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4345592 — Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4345593 — Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

KB4345679 — Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4345680 — Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4345681 — Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4345682 — Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

Notes

The following CVEs have FAQs that offer additional information and may also list additional steps required to update.

Known Issues

Windows 10 version 1803

Windows 10 version 1703

  • Issues caused by the July 2018 Net Framework update — Microsoft is working on a solution.

Windows 10 version 1709

  • Localization issues for some languages that may display a few strings in English and not the local version.

Windows 7 SP1

  • Issue with third-party software related to missing oem<number>.inf file still exists.

Microsoft Exchange Server 2013

  • Some files are not properly update when the updates KB4340731 or KB4340733 are installed without elevated privileges. Outlook Web Access and Exchange Control Panel may stop working.

Security advisories and updates

ADV180017 — July 2018 Adobe Flash Security Update

ADV180018 — Microsoft Guidance to mitigate L1TF variant

ADV180020 — August 2018 Adobe Flash Security Update

ADV180021 | Microsoft Office Defense in Depth Update

Non-security related updates

KB4339284 — Time zone and DST changes in Windows for North Korea

KB4340689 — Dynamic Update for Windows 10 Version 1709

KB890830 — Windows Malicious Software Removal Tool – August 2018

KB4346877 — Update for Windows 10 version 1607 and Server 2016 — Fixes the .Net Framework update issues introduced by the July 2018 .Net updates.

KB4340917 — Update for Windows 10 version 1803 — See our coverage of KB4340917 here.

KB4338817 — Update for Windows 10 version 1709 — Lots of bug fixes.

KB4338827 — Update for Windows 10 version 1703 — Lots of bug fixes.

KB4338822 — Update for Windows 10 version 1607 and Server 2016 — Lots of bug fixes.

KB4345421 — Update for Windows 10 version 1803 — See our coverage of KB4345421 here.

KB4345420 — Update for Windows 10 version 1709 — attempts to fix issues caused by the July 2018 updates.

KB4345419 — Update for Windows 10 version 1703 — attempts to fix issues caused by the July 2018 updates.

KB4345418 — Update for Windows 10 version 1607 and Server 2016 — attempts to fix issues caused by the July 2018 updates.

Microsoft Office Updates

Check out our coverage of all released non-security updates for Office in August 2018 here.

Office 2016

KB4032233 — Security update for Office 2016 that patches an information disclosure vulnerability.

KB4032235 — Security update for Outlook 2016 detailed in ADV180021. Includes a number of improvements as well:

  • Restricts users from adding cloud files as attachments to digitally signed, rights-protected, or encrypted email messages.
  • Improves first, middle, and last names label translations in French.
  • Fixes a crash in third-party MAPI applications.
  • Adds various translations.
  • Outlook 2016 may start in offline mode even when you set it to start in online mode. (Fixed?)
  • Fixes accessibility issue with the Security Support Provider Interface authentication prompt.
  • Dynamic CRM functionality is blocked. See for help.

KB4032229 — Security update for Excel 2016 that resolves a remote code execution vulnerability. Also includes improvements:

  • Fixes hangs in Excel
  • Addresses high CPU usage when you unprotect workbookx in Protected View and edit them.
  • Fixes an Excel crash when you open a workbook with an XLL add-in to store and retrieve binary data.
  • German translation update for VLOOKUP function assistant help text.

Office 2013

KB4032239 — Resolves information disclosure vulnerability. Enables People Picker control in the Office Document Information Panel.

KB4032241 –Resolves various security vulnerabilities in Excel 2013.

KB4032240 — Fixes security issues in Outlook 2013. Includes the following improvements:

  • Same as KB4032235 for the most part.

Office 2010

KB3213636 — Fixes vulnerabilities in Microsoft Office 2010 – CVE-2018-8378.

KB4022198 — Fixes vulnerabilities in Microsoft Office 2010 – CVE-2018-8378.

KB4032223 — Excel 2010 update that addresses CVE-2018-8375, CVE-2018-8379 and CVE-2018-8382.

KB4018310 — PowerPoint 2010 security update that addresses CVE-2018-8376.

KB4032222 — Outlook 2010 security update. See ADV180021

Other Office products

KB4092433 — Word Viewer

KB4092434 — Word Viewer

KB4032213 — Excel Viewer 2007

KB4032212 — Microsoft Office Compatibility Pack Service Pack 3

KB4022195 – Microsoft Office Viewers and Office Compatibility Pack

Also: SharePoint Server 2016, 2013 and 2010.

How to download and install the August 2018 security updates

microsoft windows security updates august 2018

Most home PCs that run Windows use Windows Update for update checks, downloads, and installs. Organizations use Enterprise-specific update tools usually to download and deploy updates.

The Microsoft Update Catalog website offers a third-option to download and install updates.

Windows users who use Windows Update can run manual checks for updates to get updates installed immediately when they are released.

While it is recommended that you wait before you install updates, as updates may break things (and have numerous times in the past), you may do the following to install them when they are available:

  1. Tap on the Windows-key to display the Start menu.
  2. Type Windows Update and select the option.
  3. Select check for updates to install the updates.

Note: We recommend that you create a backup of the system partition and important data before you install Windows updates.

Direct update downloads

All cumulative updates for supported versions of Windows are also provided as direct downloads from Microsoft’s Download Center site.

Just click on the direct links below to do so.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4343900— 2018-08 Security Monthly Quality Rollup for Windows 7
  • KB4343899 — 2018-08 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4343898 — 2018-08 Security Monthly Quality Rollup for Windows 8.1
  • KB4343888 — 2018-08 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  • KB4343887 — 2018-08 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

  • KB4343885 — 2018-08 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4343897 — 2018-08 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  • KB4343909 — 2018-08 Cumulative Update for Windows 10 Version 1709

Additional resources

Summary
Microsoft Windows Security Updates August 2018 release overview
Article Name
Microsoft Windows Security Updates August 2018 release overview
Description
Our overview of the Microsoft August 2018 Patch Day lists all updates released for Windows, Office, and other Microsoft products, and more.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo

Related:

  • No Related Posts

HOW TO: Ways to fix Outlook error ‘cannot open your default email folders’

Microsoft Outlook may be the most widely used email service around the globe, but users have come to accept the good with the very bad. Yes, Outlook offers an extensive and exclusive range of features as well as its friendly user experience. But there’s the flip side: User forums are filled with anger over errors that seem to have zero solutions. For this article, we will examine and hopefully resolve perhaps the most common Outlook error: “cannot open your default email folders.” This Outlook error mostly appears when you are trying to open your Outlook profile. It generally happens because of a corrupted OST file or the execution of Outlook in compatibility mode.

Why OST file corruption happens

OST files are the files that allow users to use Outlook while they are offline. It is actually a synchronized copied element of the accounts saved on your device that enables you to continue to use Outlook even when the program gets disconnected from MS Exchange Server.

These files can become corrupted because of various reasons. Some of the reasons are:

  • Deletion of any file or folder removed from Exchange folder.
  • Intrusion of any malware or virus.
  • Disruption in the file synchronization process due to sudden or abnormal shutdown failure.
  • Some internal discrepancies in Outlook causing abnormal Outlook termination.
  • Creation of some bad sectors in the hard drive where the OST file is stored.
  • Failure of any networking device that might disrupt the synchronizing process of the OST file.
  • Any changes in the internal structures of the OST file.
  • Installed plugins sometimes may damage Outlook performance, thus causing damage to the OST file.

Fixing OST file corruption

Here’s some ways to begin fixing the problem:

  1. Remove those profiles that are not being used from the address “Control Panel > Mail > Show profiles.”
  2. Create another copy of OST file.
  3. Even if the error doesn’t get resolved, create another new profile from while using Outlook Profile Helper or manually.

Outlook error caused by running in compatibility mode

Outlook Error
You might have witnessed these errors:

Cannot open your default email folders. Information store could not be opened,”

or

“Cannot start Microsoft Outlook. Cannot open the Outlook window. The server is not available. Contact your administrator if this condition persists.”

or

“Cannot display the folder. File access is denied. You do not have the permission required to access the file C:Usersusernamelocalsettingsapplication datamicrosoftoutlookoutlook.ost”

If you have enabled compatibility mode mistakenly, just disable it. If you haven’t, do not enable it for Outlook. Users typically enable it when they are required to run the troubleshoot compatibility wizard. Also, compatibility mode is not required for any version of Outlook on Vista or Windows 7 or any other Windows OS. This mode is also not needed for any application that is supported on any Windows OS or for recently released applications.

The user can switch off compatibility mode in a 64-bit operating system by following these easy steps:

  • Switch to the mentioned address “C:Program Files (x86)Microsoft OfficeOffice XXOutlook.exe”
  • Right-click on exe and then follow up by clicking on Properties then Compatibility tab.
  • Uncheck the checkbox called “Run this program in compatibility mode” box, thereafter click Apply and OK.

And in case, you are unable to place the Compatibility tab, follow the following steps:

  • Click on Startand search for Program Compatibility Troubleshooter.
  • Start Program Compatibility Troubleshooter; select Next option to proceed.
  • Select Outlook XX from the appeared list of programs. Following the steps of the Program Compatibility Troubleshooter.
  • Switch to the mentioned address “C:Program Files (x86)Microsoft OfficeOffice XXOutlook.exe”
  • Right-click on exe and then follow up by clicking on Properties then Compatibility tab.
  • Uncheck the checkbox called “Run this program in compatibility mode” box, thereafter click Apply and OK.

If this issue is experienced over an Exchange email account that is configured on your Outlook, you can diagnose the error by trying the following steps:

  1. If your program is executing along with a running Windows Server and/or over a firewall, then disable the firewall and then connect it with the server directly without any firewall.
  2. If this Outlook error gets resolved, then you will be required to reconfigure your firewall to allow Exchange to sync.
  3. And if the Outlook error still persists even after disabling the firewall, create a new mail profile from Outlook. You will also need to reconfigure your account.

Featured image: Shutterstock

Post Views: 78

Read Next

Related:

  • No Related Posts

FIX: Outlook error when sharing calendar in Windows 10

Do you get the Outlook error when sharing calendar? If you have Office 365 or any other Microsoft Exchange email service, Outlook can be used on the web to share your calendar with others in and outside of your organization.

Depending on the permissions given, others can only view your calendar, edit, or act as your delegate for meeting requests.

The Outlook error when sharing calendar can happen due to configuration or permission issues. Some users have reported that removing current permissions besides the Default and Anonymous resolves the issue.

However, if the error persists, repair Office from Control Panel, and if it fails, download and run the Microsoft Office Configuration Analyzer tool 2.2, which analyzes Office programs for known configurations that can cause issues.

If you don’t have the option to share your calendar (maybe it is grayed out), it can also be because your network admin or IT support set a policy preventing calendar sharing among people in the office.

Fortunately, there are ways to fix the Outlook error when sharing calendar as listed below.

Outlook won’t share calendar, how do I fix that?

  1. General fixes
  2. Check Permission settings
  3. Check for Duplicate entries

1. General fixes

  • Update Office suite to the latest version by going to Outlook>FILE>Office Account>Update Options>Update Now
  • Do an online repair for the Office programs
  • Also, if you are using an Office 365 account in your Outlook 2016, you can try sharing the calendar in Outlook Web App (OWA).
  • Launch the Run command and paste exe /safe in the open box to start Outlook in Safe Mode
  • Uncheck Cash mode in Outlook
  • Download Microsoft Support and Recovery Assistant for Office 365 and see if it helps

— RELATED: Fix Outlook error ‘Too many recipients’ on Windows 10

2. Check Permission settings

  • Open Outlook and go to Calendar view
  • Right click the calendar you’re trying to share
  • Click Properties
  • Go to Permissions tab and remove users who are no longer at the office or who cannot access the calendar
  • Click Apply and close the window then try to share your calendar again

3. Check for Duplicate entries

The Outlook error when sharing calendar may be related to a duplicate entry in the Permission list of your calendar. To check for this, do the following:

  • Right click user’s calendar
  • Select Properties
  • Click Permissions tab
  • Go through the users’ list and check for a duplicate entry
  • If you find, remove it and restart Outlook again
  • Share your calendar
  • Remove all entries and return them again
  • Right click the calendar you want to share
  • Select Properties
  • Make a note of the entries and then remove all entries in the calendar permission list
  • Add them back

Were you able to resolve the Outlook error when sharing calendar? Let us know in the comments section below.

RELATED STORIES TO CHECK OUT:

Related:

  • No Related Posts

Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches

In what is becoming a common occurrence, Microsoft’s Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month, unusually, it took only six days to get the exterminators out.

Since these fixes are aimed at four specific bugs introduced on Patch Tuesday, they don’t include the massive patches normally appearing on the second Patch Whateverday of the month. My guess is we’ll see at least one more big set of Windows patches before the month is out. Oh, boy.

Windows July patches, version 2

Yesterday, Monday, July 16, Microsoft released 27 new security patches for Windows, bringing the total number of patches so far this month up to 156. The new patches fall into six separate groups:

  • Win10 version 1803 got cumulative update KB 4345421. The KB article says this update moves 1803 users to build 17134.166, but multiple sources say, in fact, they’re getting moved to 17134.167. That may seem like a small discrepancy, but it speaks volumes about last-minute changes in the build and the lack of coordination in the documentation.
  • Win10 1709 got KB 4345420. The KB article says it moves 1709 users to 16299.550, but the Win10 release info page says it’s 16299.551.
  • Win10 1703 got KB 4345419. The KB article says build 15063.1208. The audience says 15063.1209. Bzzzzzt.
  • Win10 1607 / Server 2016 got KB 4345418. The docs say 14393.2367. The guinea pigs say 14393.2368. And the crowd goes wild.
  • Win8.1 / Server 2012 R2 got a manual-download-only KB 4345424.
  • Win7 / Server 2008 R2 also got a manual-only patch, KB 4345459. We have one report that this patch breaks acquiring IP addresses over a wireless connection.

All six of the groups say they fix the same basic bugs. Er, issues. All of the acknowledged issues look like this:

Related:

  • No Related Posts

Microsoft Mends Critical Windows 10 Security Error Impacting Windows Defender

A horde of security update has been launched by Microsoft to rectify a serious remote execution susceptibility that mainly impacts the Windows Defender on platforms of Windows Server and Windows. The problem, logged as CVE2018-0986, subsists in Microsoft Malware Protection Engine also effects the Microsoft Forefront EndPoint Protection 2010, Windows Intune Endpoint Protection, Microsoft Security Essentials, and Microsoft Exchange Server 2016 & 2013.

Enterprise end-users and administrators will not need installing the updates manually as there are inbuilt tools to install the updates automatically within 48 Hours of their launch. The new updates are not a fraction of the monthly security update of Microsoft. Nevertheless, it strengthens security across a range of Windows platforms, comprising Windows Server 2012 and Windows 10.

While unfolding the susceptibility on its Security TechCenter, the company said, “An attacker who effectively subjugated this susceptibility can run arbitrary code in the LocalSystem account’s security context and take command of the system. An intruder can then set up programs; generate new accounts with complete user rights; or change, delete, or view data.”

Microsoft draws attention to that there are “several means” that a particularly crafted document can be positioned by the attacker. Furthermore, it can be conveyed through an email, an instant messenger message, website, or even via a website that host or allows user-provided material.

Microsoft notes, “If real-time scanning is not activated, the intruder would have to wait till a programmed scan happens in order for the susceptibility to be subjugated. All systems operating on an impacted antimalware software version are mainly at risk.”

The security updates fundamentally rectify the way in which the Microsoft Malware Protection Engine scans particularly created documents. Additionally, the susceptible Microsoft Malware Protection Engine variant 1.1.14600.4 has been upgraded to variant 1.1.14700.5.

Related:

  • No Related Posts

Microsoft Releases More Spectre/Meltdown Patches

It’s shaping up to be a relatively light patch load for administrators this month, with just 15 critical vulnerabilities to fix out of a total of 75.

The update round covered a pretty wide range of products as usual: including Internet Explorer (IE), Edge, ChakraCore, Microsoft Windows, Microsoft Office, Exchange and ASP.NET Core.

Two have been publicly disclosed, meaning that hackers may be exploiting them in the wild, although the bugs themselves are only rated “Important”. They are: CVE-2018-0940, affecting Microsoft Exchange Server 2010-2016 and CVE-2018-0808, which hit ASP.NET Core 2.0 systems.

“The Windows Kernel received a lot of attention this month, likely due to the ongoing attention on Meltdown and Spectre vulnerabilities. I stopped counting the CVEs after a dozen,” said Ivanti director of product management, security, Chris Goettl. “The good news is I did not see anything higher than an Important rating, but those are a lot of changes in the Kernel. Test the OS updates well this month.”

As regards Spectre and Meltdown, Microsoft has released patches for 32-bit versions of Windows 7 and 8.1, as well as Server 2008 and 2012.

All the critical updates fix problems in the browser, or browser-related technologies and should be dealt with first, claimed Qualys director of product management, Jimmy Graham.

He highlighted another “Important” vulnerability for special attention. CVE-2018-0886 affects security support protocol CredSSP, which is used to process authentication requests and could allow could allow an attacker with Man in the Middle capabilities to gain full access to a Remote Desktop Protocol (RDP) session.

“While CredSSP is used for other applications, the attack scenario mentioned by Microsoft involves Remote Desktop. The update covers both the CredSSP protocol used by the RDP server as well as the RDP clients,” he explained.

Group Policy settings must be enabled to ensure full mitigation of the vulnerability for RDP. Microsoft has also given a tentative timeline for additional updates. In April, new versions of the RDP client will be released to add better error messages, and in May an update will be released to prevent clients from connecting using insecure versions of CredSSP.”

Adobe also released patches for seven vulnerabilities.

Related:

  • No Related Posts

Microsoft confirms stalled downloads, bogus errors in Win10 FCU update KB 4054517

Microsoft has just fessed up to a couple of the known bugs in this month’s Win10 version 1709 cumulative update, KB 4054517 – in particular, the stall at 99% download, and the completely bogus warning that the patch had failed to install with error 0x80070643. Sadly, several other problems with KB 4054517 have not been acknowledged. Yet.

In addition, we have new mea culpas for the November Patch Tuesday security update for Excel 2016, KB 4011220, which throws a “Cannot run the macro” warning, and for this month’s Patch Tuesday security fix for Microsoft Exchange, KB 4045655.

As usual, I’m seeing reports thatMicrosoft tech support staff don’t know about the problems, haven’t read the KB articles, and are recommending that people re-install Windows.

The first problem in this month’s Win10 1709 cumulative update KB 40454517 is described as:

Related:

  • No Related Posts

Microsoft Security Updates December 2017 release

This overview offers information on security updates and non-security updates that Microsoft released for Windows, Office and other company products in December 2017.

The guide is divided into different parts: it starts with an executive summary that highlights the most important bits. This is followed by the operating system distribution which highlights how different versions of Windows are affected this month.

The list of security updates, known issues, security advisories and non-security updates comes next. The last part of the overview links directly to cumulative update downloads for Windows 7, 8.1 and 10 systems, and to resources that you will find useful to look up further information.

Check out the November 2017 Patch Day for information on last month’s patches.

Microsoft Security Updates December 2017

You may download the following Excel spreadsheet listing all security updates for all products released in December 2017 by Microsoft. Download it with a click on the following link: windows-security-updates-december-2017.zip

Executive Summary

  • Microsoft released security updates for all versions of Windows the company supports (client and server).
  • No critical updates for Windows, but for IE and Edge.
  • Other Microsoft products with security updates are: Microsoft Office, Microsoft Exchange Server, Microsoft Edge and Internet Explorer.

Operating System Distribution

  • Windows 7: 2 vulnerabilities of which 2 are rated important
  • Windows 8.1: 2 vulnerabilities of which 2 are rated important
  • Windows 10 version 1607: 3 vulnerabilities of which 3 are rated important
  • Windows 10 version 1703: 3 vulnerabilities of which 3 are rated important
  • Windows 10 version 1709: 3 vulnerabilities of which 3 are rated important

Windows Server products

  • Windows Server 2008: 2 vulnerabilities of which 2 are rated important
  • Windows Server 2008 R2: 2 vulnerabilities of which 2 are rated important
  • Windows Server 2012 and 2012 R2: 2 vulnerabilities of which 2 are rated important
  • Windows Server 2016: 3 vulnerabilities of which 3 are rated important

Other Microsoft Products

  • Internet Explorer 11: 13 vulnerabilities, 9 critical, 4 important
  • Microsoft Edge: 13 vulnerabilities, 12 critical, 1 important

Security Updates

KB4054518 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054521 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Security Only Update

  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054519 — Windows 8.1 and Windows Server 2012 R2 Monthly Rollup

  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054522 — Windows 8.1 and Windows Server 2012 R2 Security only update

  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054517 — Cumulative update for Windows 10 Version 1709 to build 16299.125

  • Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
  • Addresses issue where Windows Defender Device Guard and Application Control block some applications from running, even in Audit-Only Enforcement Mode.
  • Addresses issue to reset PLC bit on U0/U3 transitions.
  • Addresses issue with personalized Bluetooth devices that don’t support bonding.
  • here the touch keyboard doesn’t support the standard layout for 88 languages.
  • Addresses issue where the touch keyboard for a third-party Input Method Editor (IME) has no IME ON/OFF key.
  • Addresses additional issues with updated time zone information.
  • Addresses issue where, when using System Center Virtual Machine
  • Manager (VMM), the user can’t copy or clone virtual machines (VM). The error message is “0x80070057- Invalid parameter”. This issue affects the VMM UI and PowerShell scripts used for VM cloning and copying.
  • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4053580 — Cumulative update for Windows 10 Version 1703 to build 15063.786

  • Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses issue that caused Windows Pro devices on the Current Branch for Business (CBB) to upgrade unexpectedly.
  • Adresses issue where applications may stop responding for customers who have internet or web proxies enabled using PAC script configurations. This is a result of a reentrancy deadlock in WinHTTP.dll.
  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4053579 — Cumulative update for Windows 10 Version 1607 to build 14393.1944

  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses additional issues with updated time zone information.
  • Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error “CDPUserSvc_XXXX has stopped working” appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is “cdp.dll”.
  • Security updates to the Microsoft Scripting Engine and Microsoft Edge.

KB4053578 — Cumulative update for Windows 10 Version 1511 to build 10586.1295

  • Addresses additional issues with updated time zone information.
  • Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048952.
  • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4052978 — Cumulative security update for Internet Explorer: December 12, 2017

KB4047170 — Security Update for Windows Server 2008 — fixes an information disclosure vulnerability in Windows Media Player.

KB4052303 — Security Update for Windows Server 2008 and Windows XP Embedded — fixes Windows RRAS Service remote code execution vulnerability.

KB4053473 — Security Update for Windows Server 2008 — fixes information disclosure vulnerability in the its:// protocol handler

KB4053577 — Security Update for Adobe Flash Player

KB4054520 — Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4054523 — Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

Known Issues

None

Security advisories and updates

CVE-2017-11940 — Microsoft Malware Protection Engine Remote Code Execution Vulnerability

Non-security related updates

KB4055994 — Dynamic Update for Windows Version 1709 — Compatibility update for upgrading to and recovering Windows 10 Version 1709

KB4056457 — Dynamic Update for Windows Version 1709 — Reliability update for upgrading to Windows 10 Version 1709

KB4051956 — Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded — Time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga

KB890830 — Windows Malicious Software Removal Tool – December 2017

KB4049068 — Time zone changes in Windows for Fiji

Microsoft Office Updates

Microsoft released non-security updates for Microsoft Office on December 6, 2017. You can check out our overview here.

KB4011095 — Office 2016 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

KB4011575 — Word 2016 — Resolves issue described in 4011575. Includes a list of improvements on top of that:

  • This update improves the performance for style properties in VBA in Word 2016.
  • When you save a document in Track Changes mode, some text is lost from the document.
  • The line spacing is displayed incorrectly when you use OpenType (*.otf) fonts in Word 2016.
  • You cannot set the paragraph ID for the first paragraph in a text box through Word VBA.
  • The text in a cell overlaps after you adjust the width of the column in a table.
  • When you try to activate an OLE object in Word 2016, the object is unexpectedly activated in a newly opened application.
  • When you create and edit a document that’s based on a template that’s located in the Temporary Internet Files folder and then print the document, the trust bar reappears unexpectedly. When you click Enable Editing again, Word crashes.
  • Horizontal lines disappear in Word 2016 when you change the zoom level.
  • When you save a right-to-left Word document as a PDF or XPS file, the line numbers are on the left side of the text instead of the right side.
  • Word 2016 crashes when you open a binary document (*.doc) that contains a Horizontal Line shape.
  • The Arabic decimal separator is displayed as a comma character instead of a period character when you use a Hindi numeral in Office 2016 applications.
  • Word 2016 crashes after you use the navigation pane when the Word application is embedded as an OLE object in another application.
  • Word 2016 crashes when you try to change the grammar options for a legacy grammar checker in Office 2016.

KB4011277 — Office 2013 — Same as 4011575.

KB4011590 — Word 2013 — Same as 4011575

KB4011612 — Office 2010 — Same as 4011575

KB4011614 — Word 2010 — Same as 4011575

KB4011608 — Word 2007 — Same as 4011575

KB4011576 — SharePoint Server 2016 — Fixes an elevation of privileges vulnerability in SharePoint server.

KB4011578 — SharePoint Enterprise Sever 2016 — Features translation improvements, and improvements to the SharePoint Health Analyzer algorithm.

KB4011587 — Office Web Apps Server 2013

  • Assume that you have inserted the SaveDate field through Quick Parts in a Word document. In this situation, when you view the document in Word Online Viewer, the SaveDate field reports the current server time instead of the last time that the document was saved.
  • When you view documents and then click the hyperlinks that contain certain characters (such as Hebrew and Arabic language) in the Word Online Viewer, the hyperlinks don’t work.

KB4011598 — Project Server 2013 — Various improvements to tasks, timesheets, and other issues.

KB4011589 — Cumulative update for Project Server 2013

  • The Microsoft Office 2013 hotfixes are now multilingual. This cumulative update package contains updates for all languages.
  • This cumulative update package includes all the server component packages. Additionally, this cumulative update package updates only those components that are installed on the system.

KB4011601 — SharePoint Enterprise Server 2013 — Health Analyzer improvements.

KB4011582 — SharePoint Enterprise Server 2013 — Lots of fixes and improvements.

KB4011596 — SharePoint Foundation 2013 — Lots of fixes and improvements.

KB4011588 — Cumulative update for SharePoint Foundation 2013 — Same as KB4011589.

KB4011593 — Cumulative update for SharePoint Server 2013 — Same as KB4011589.

How to download and install the December 2017 security updates

windows updates december 2017 security

The security updates are released as individual or cumulative updates by Microsoft. All security updates that apply to a specific version of Windows are offered through Windows Updates on most home systems.

Windows is set up by default to download and install important updates such as security updates automatically.

You can run a manual check for updates to speed up the process:

  1. Tap on the Windows-key to bring up Start.
  2. Type Windows Update and select the item from the list of search results.
  3. Click on check for updates if Windows does not do so automatically when the Windows Update page opens.
  4. Updates are either installed automatically or on user request then.

Here are direct download links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10 (all supported versions).

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4054518 — 2017-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4054521 — 2017-12 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

  • KB4054519 — 2017-12 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems

  • KB4054522 — 2017-12 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10 (version 151)

  • KB4053578 — Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

  • KB40535792017-12 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4053580 — 2017-12 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4054517 — 2017-12 Cumulative Update for Windows 10 Version 1709

Additional resources

Summary
Article Name
Microsoft Security Updates December 2017 release
Description
Microsoft Security Updates December 2017 release provides you with a detailed overview of all security and non-security updates that Microsoft released for Windows in December 2017.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo

Related: