Welcome to our monthly overview of Microsoft’s Windows security updates. We provide you with full details of all released security and non-security updates for Windows and other Microsoft products.
Check out the executive summary at the top if you are in a hurry, or go through the list of released updates and click on the links that point to Microsoft’s Knowledgebase to look up additional information.
The overview includes the vulnerability distribution per client and server operating system, as well as for Edge and Internet Explorer, the list of patches, download information, and information about Microsoft Office and security advisories.
Microsoft planned to release the Windows 10 Spring Creators Update, version 1803 today, but it appears that the release has been delayed.
Microsoft Windows Security Updates April 2018
You may download the following Excel spreadsheet that lists all published security updates for all Microsoft products on the April 2018 Patch day:
Windows Security Updates April 2018
Executive Summary
- Microsoft released security updates for all supported client and server versions of the Windows operating system.
- All client and server versions of Windows are affected by critical vulnerabilities.
- Other Microsoft products with patches are: Internet Explorer, Microsoft Office, Microsoft Edge, Adobe Flash Player, Microsoft Visual Studio, Microsoft Azure IoT SDK, ChakraCore
- Microsoft lifted the update block restriction for Windows 7, Windows 8.1 and server variants on devices without HKLMSOFTWAREMicrosoftWindowsCurrentVersionQualityCompatcadca5fe-87d3-4b96-b7fb-a231484277cc Registry setting.
Operating System Distribution
- Windows 7: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
- Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 1 moderate and 16 important
- Windows 10 version 1607: 25 vulnerabilities of which 6 are rated critical and 19 important
- Windows 10 version 1703: 28 vulnerabilities of which 6 are rated critical and 22 important
- Windows 10 version 1709: 28 vulnerabilities of which 6 are rated critical and 22 important
Windows Server products
- Windows Server 2008 R2: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
- Windows Server 2012 and 2012 R2: 23 vulnerabilities which 6 are rated critical, 1 moderate and 16 important
- Windows Server 2016: 27 vulnerabilities of which 6 are rated critical, 1 moderate and 20 important
Other Microsoft Products
- Internet Explorer 11: 13 vulnerabilities, 8 critical, 5 important
- Microsoft Edge: 10 vulnerabilities, 8 critical, 2 important
Windows Security Updates
Microsoft released an update for the Microsoft Malware Protection Engine on April 3, 2018.
KB4093112 — Windows 10 version 1709
- Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs).
- Access violation issue in Internet Explorer.
- Enterprise Mode redirect issue in IE and Edge.
- SVG access violation issue when under high load in Internet Explorer.
- Updated time zone information issues.
- App-V service may stop working on RDS servers that host many users.
- User accounts locking issue when moving apps to a shared platform using App-V.
- ActiveX content printing issue in Internet Explorer.
- Addresses an issue that causes document.execCommand(“copy”) to always return False in Internet Explorer.
- Internet Explorer did not identify custom controls correctly in some instances.
- Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.
KB4093107 — Windows 10 version 1703
- Same as KB4093112
KB4093119 — Windows 10 version 1607
- Same as KB4093112
KB4093108 — Windows 7 SP1 and Windows Server 2008 R2 SP1 — Security Only
- Lifted blocking of updates via Windows Update and WSUS if “antivirus compatibility” Registry key was not set.
- Stop error when the update from previous month was applied on 32-bit systems with PAE mode disabled.
- Kernel reliability improvements.
- Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.
KB4093115 — Windows 8.1 and Windows Server 2012 R2
- Lifted blocking of updates via Windows Update and WSUS if “antivirus compatibility” Registry key was not set.
- Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel , and Windows app platform and frameworks.
KB4093114 — Windows 8.1 and Windows Server 2012 R2
- ActiveX printing issue in IE.
- SVG rendering issue causing high load issue in IE.
- Custom controls identifying issue in IE.
- and all of KB4093115.
KB4093118 — Windows 7 SP1 and Windows Server 2008 R2 SP1 — Monthly Rollup
- ActiveX printing issue in Internet Explorer
- SVG high load rendering issue in Internet Explorer.
- Issue with identifying custom controls in IE.
- and all updates of KB4093108
KB4093110 — Security update for Adobe Flash Player: April 10, 2018
KB4091756 — Windows XP Embedded and Windows Server 2008 — Denial of Server vulnerability
KB4092946 — Cumulative Security Update for Internet Explorer
KB4093108 — Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4093118 — Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4093123 — Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4093122 — Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
KB4093109 — Cumulative Security Update for Windows 10 Version 1511
KB4093111 — Cumulative Security Update for Windows 10
KB4093223 — Security Update for Windows Server 2008 and Windows XP Embedded — Patches Microsoft graphics remote code execution issue.
KB4093224 — Security Update for Windows Server 2008 and Windows XP Embedded — Fixes Microsoft graphics component denial of service vulnerability.
KB4093227 — Security Update for Windows Server 2008 — security update for the Windows Remote Desktop Protocol (RDP) denial of service vulnerability
KB4093257 — Security Update Windows Server 2008 and Windows XP Embedded — patches a buffer overflow vulnerability in the Microsoft JET Database engine and an elevation of privilege vulnerability in Windows Adobe Type Manager Font Driver.
KB4093478 — Security Update for Windows Server 2008 — patches information disclosure vulnerability.
KB4101864 — Security Update for WES09 and POSReady 2009 for x86-based Systems
Known Issues
Windows 10 version 1709
Windows Update History reports that updates did not install because of 0x80070643 even though they did install.
Windows 7 and Windows Server 2008 R2
- SMB Servers may leak memory
- Stop error on PCs that don’t support SIMD or SSE2
Security advisories and updates
ADV180007 — April 2018 Adobe Flash Security Update
Non-security related updates
KB4089848 for Windows 10 version 1709 — non security update that fixes lots of issues.
KB4093137 — Update for Windows 10 Version 1607 — Servicing stack update for Windows 10, version 1607
KB4093430 — Update for Windows 10 Version 1507 –Servicing stack update for Windows 10, version 1507
KB4093432 — Update for Windows 10 Version 1703 — Servicing stack update for Windows 10, version 1703
KB4099989 — Windows 10 Version 1709 — Servicing stack update for Windows 10, version 1709
KB890830 — Windows Malicious Software Removal Tool
Microsoft Office Updates
Office 2016
KB4018337 — Excel 2016: security update that patches a remote code execution vulnerability and includes non-security improvements.
KB4011628 — Office 2016: patches remote code execution vulnerability
KB4018319 — Office 2016: patches remote code execution vulnerability and includes non-security improvements
KB4018328 — Office 2016: patches remote code execution vulnerability and includes non-security improvements.
KB4018339 — Word 2016: patches remote code execution vulnerability and includes non-security improvements.
KB4011667 — Office 2016: fixes crash that occurs when adding an account that has already signed in.
KB4018322 — Office 2016: blocks minors from running or obtaining add-ins without parental consent from the online store, and adds translation for the message why an Office add-on cannot be loaded.
KB4018329 — Office 2016: update for Office 2016 Language Interface Pack.
KB4018326 — Outlook 2016: adds support for Sync Slider, improves some translations, an issue with favorite folders disappearing under certain circumstances, and an issue where the recipients name may be removed from the recipient list if it matches the sender’s display name.
KB4011726 — PowerPoint 2016: adds help message for Microsoft Equation 3.0 and translation of the message that informs about the end of support for Microsoft Equation 3.0.
KB4018320 — Project 2016: fixes a Project opening issue that results in the error message “Sorry, we were unable to open your project. Please try again. If this happens again, contact your administrator.”. Fixes a crash furthermore, an issue with Change Working Time dialog boxes, and introduces new information to projects saved in XML format.
Tip: you can restore simple saving by setting SimpleXmlexport to the value of 1 in HKEY_CURRENT_USERSOFTWAREMicrosoftOffice16.0MS ProjectOptionsSave
KB4018323 — Skype for Business 2016 update.
Office 2013
KB4018347 — Word 2013: patches remote code execution and includes non-security improvements.
KB4018350 — Excel 2013: patches remote code execution vulnerability and includes non-security improvements.
KB4018330 — Office 2013: patches remote code execution vulnerability and includes non-security fixes.
KB4018288 — Office 2013: Patches remote code execution vulnerability
KB3178636 — Office 2013: fixes a crash in Outlook 2013 when opening messages that contain byte-order mark or zero-width non-breaking space characters in the body.
KB4018333 — Office 2013: adds translations of messages that inform users why an Office add-in could not be loaded. Also, minors require parental consent to obtain or run add-ins from the online store.
KB4018303 — Outlook 2013: fixes a crash in Outlook, custom forms with Visual Basic Script issue in shared calendars, sent emails appearing in the wrong Sent Items folder, and authentication prompt that were locked behind the main Outlook window.
KB4018289 — Powerpoint 2013: same as KB4011726
KB4018335 — Project 2013: same as KB4018320
KB4018334 — Skype for Business 2015 update.
Office 2010
KB4018362 — Excel 2010 security update
KB4018359 — Word 2010 security update
KB4018357 — Office 2013 security update
KB4018311 — Office 2013 security update
KB2965234 — PowerPoint 2010: Adds “appropriate help message” for Microsoft Equation 3.0.
KB4018312 — same as KB2965234 but for PowerPoint Viewer.
KB3128038 — Project 2010: adds new information to saved projects in XML format including name of views, tables, filters, groups, and more.
KB4018317 — Outlook 2010: custom forms with Visual Basic Script doesn’t run in shared calendars.
Update: Microsoft did release patches for Office 2007, SharePoint Server 2016, SharePoint Server 2013, Project Server 2013, and SharePoint Foundation 2013, and SharePoint Server 2013 as well.
How to download and install the March 2018 security updates
Microsoft distributes updates via Windows Update to consumer systems. All versions of Windows are configured to check for, download and install important updates when they are published.
You may run a manual check for updates to pick up the updates as early as possible as the update checking does not happen in realtime.
- Tap on the Windows-key to open the Start Menu.
- Type Windows Updates and select the result.
- Click on the “check for updates” button if the update check is not run automatically.
Windows runs a check for updates and will download and install those it finds automatically.
Note: It is recommended that you create a backup of the system before you install updates as they may break things.
Direct update downloads
Updates for all supported versions of Windows may also be downloaded from the Microsoft Update Catalog website. Just click on the direct links below to do so.
Windows 7 SP1 and Windows Server 2008 R2 SP
- KB4093118— 2018-04 Security Monthly Quality Rollup for Windows 7
- KB4093108— 2018-04 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4093114— 2018-04 Security Monthly Quality Rollup for Windows 8.1
- KB4093115— 2018-04 Security Only Quality Update for Windows 8.1
Windows 10 and Windows Server 2016 (version 1607)
- KB4093119— 2018-04 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
Windows 10 (version 1703)
- KB4093107 — 2018-04 Cumulative Update for Windows 10 Version 1703
Windows 10 (version 1709)
- KB4093112 — 2018-04 Cumulative Update for Windows 10 Version 1709
Additional resources
- April 2018 Security Updates release notes
- List of software updates for Microsoft products
- List of security advisories
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
The post Microsoft Windows Security Updates April 2018 release overview appeared first on gHacks Technology News.