Deny Extended for KB4088875 (Monthly Rollup) and KB4088878 (Security Only Update) for Windows 7, Windows Server 2008 R2
The problem with the NIC cards appears to affect mostly machines with static IPs and/or running VMWare. Although Microsoft has not officially pulled this patch, it is no longer offered through Windows Updates. If run locally you will not see it as a needed patch. We are keeping both patches as denied until the problems have been resolved.

March 13, 2018—KB4088875 (Monthly Rollup)

https://support.microsoft.com/en-us/help/4088875/windows-7-update-kb4088875

March 13, 2018—KB4088878 (Security-only update)

https://support.microsoft.com/en-us/help/4088878

 

Symptom:

A new Ethernet virtual Network Interface Card (vNIC) may be created with default settings in place of the previously existing vNIC, causing network issues after applying this update. Any custom settings on the previous vNIC are still persisted in the registry but unused.

Workaround:

Apply the resolution documented in KB3125574 (Convenience Rollup) for Known issue 1:

A new Ethernet virtual Network Interface Card (vNIC) may be created with default settings in place of the previously existing vNIC, causing network issues. Any custom settings on the previous vNIC are still persisted in the registry but unused.

 

Symptom:

IP address settings are lost after applying this update.

Workaround:

Microsoft is working on a resolution and will provide an update in an upcoming release.

This month Microsoft released patches for 75 vulnerabilities with 14 of them rated “Critical” and 61 rated “Important”.

We are delaying the release of KB4088875/KB4088878. All other March patches have been approved in our patch policy.

This month marks the first time we have not released a cumulative update. Please read “KB4088875/KB4088878 Delayed Release”.  Also notable is the registry key antivirus check on Windows 10 has been lifted.

CVE-2018-0808 and CVE-2018-0940 are publically disclosed but no known exploits – see “Notable CVEs”

 

KB4088875/KB4088878 Delayed Release affecting Windows 7 and Windows Server 2008 R2

There are significant but not widespread problems with KB4088875 (Rollup) and KB4088878 (Security Only) for Windows 7 and Windows Server 2008 R2. Microsoft may be in the process of pulling the patch but has not stated this.  At this time Windows Updates shows inconsistent results.  On some machines it shows as needed but as an unchecked patch. Still other machines do not show it listed at all.  Microsoft has not explained this behavior. We will follow this over the next week and decide whether to release it next Friday.

Problems started surfacing shortly after the release of this patch concerning network cards. Microsoft was slow to acknowledge this but finally updated the KB yesterday (https://support.microsoft.com/en-us/help/4088875/windows-7-update-kb4088875)

“A new Ethernet virtual Network Interface Card (vNIC) may be created with default settings in place of the previously existing vNIC, causing network issues after applying this update. Any custom settings on the previous vNIC are still persisted in the registry but unused.”

“IP address settings are lost after applying this update.”

This appears to be impacting mostly virtual machines on VMware. However there are a significant number of reports that workstations (mostly Dell) have lost their static IPs.

 

UPDATE: Spectre/Meltdown

Microsoft  “Based on our analysis of available data, we are now lifting the AV compatibility check for the March 2018 Windows security updates for supported Windows 10 devices via Windows Update.  We continue to require that AV software is compatible and in cases where there are known issues of AV driver compatibility, we will block those devices from updates to avoid any issues. ”

Windows security updates and antivirus software

https://support.microsoft.com/en-us/help/4072699/windows-security-updates-and-antivirus-software

The registry key antivirus check is still in effect for Win7 and 8.1. Machines will not install any cumulative updates until the key is present.

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Affected software include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • ASP.NET Core
  • .NET Core
  • PowerShell Core
  • ChakraCore
  • Adobe Flash

 

Known Issues per Microsoft: KB4088776, KB4088875, KB4088878, KB4089344, KB4089229, KB4090450

These are actually listed  KB4088787, KB4088782, KB4088776, KB4088786, KB4088779, KB4088876, KB4088879, KB4088875, KB4088878, KB4089344, KB4089229, KB4090450

but oddly KB4088787,KB4088782,KB4088786,KB4088779 links show “Microsoft is not currently aware of any issues with this update.”

KB4088876 and KB4088879 Only show the old warning about the registry key antivirus check.

 

Monthly Rollup/Security Only/Windows 10/Server 2016 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB4088875 – Windows 7, Windows Server 2008 R2
  • KB4088876 – Windows 8.1, Windows Server 2012 R2
  • KB4088877 – Windows Server 2012

 

Security Only Update

  • KB4088878 – Windows 7, Windows Server 2008 R2
  • KB4088879 – Windows 8.1, Windows Server 2012 R2
  • KB4088880 – Windows Server 2012

 

Cumulative Update for Windows 10

  • KB4088786 – Original release version 1507 (OS Build 10240)
  • KB4088779 – Version 1511 (OS Build 10586)
  • KB4088787 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4088782 – Version 1703 “Creators Update” (OS Build 15063)
  • KB4088776 – Version 1709 “Fall Creators Update” (OS Build 16299)

Note: Server 2016 uses the same KB as Windows 10 Version 1607

 

KB4089187 – Cumulative Security Update for Internet Explorer 9/10/11

This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

 

.NET Framework – None this month

 

KB4088785 – Security Update for Adobe Flash Player

 

March 2018, updates for Microsoft Office

https://support.microsoft.com/en-us/help/4090988/march-2018-updates-for-microsoft-office

 

IMPORTANT: Windows 10 Version 1709 “Fall Creators Update” (OS Build 16299)

Kaseya patch management is not detecting the cumulative monthly updates on the latest Windows 10 Version 1709 “Fall Creators Update”

Kaseya uses the Windows Updates API to determine which patches are needed. For some reason this is not accurately detecting the monthly cumulative update for version 1709. Other patches are detected normally. Your Kaseya patch scans will not show the cumulative patch as missing or installed.  As such the agent may show fully patched when it is not.

Kaseya is working with Microsoft to correct this. Until the is fixed we will be releasing agent procedures to install the monthly updates. You can also turn Windows updates back ON from Patch Management> Configure> Windows Auto Update.

You can create a Custom View to find those agents on Windows 10 Version 1709 by adding the build number – Under “OS Info” add “OS Type: Windows 10” and “OS version filter: *16299*”  We will update all partners once this problem is corrected.

 

Notable CVEs

CVE-2018-0808 | ASP.NET Core Denial of Service Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.

 

CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

 

CVE-2018-0940 | Microsoft Exchange Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into disclosing sensitive information.