Virtual Administrator’s March 2018 Patch Recommendations
This month Microsoft released patches for 75 vulnerabilities with 14 of them rated “Critical” and 61 rated “Important”.
We are delaying the release of KB4088875/KB4088878. All other March patches have been approved in our patch policy.
This month marks the first time we have not released a cumulative update. Please read “KB4088875/KB4088878 Delayed Release”. Also notable is the registry key antivirus check on Windows 10 has been lifted.
CVE-2018-0808 and CVE-2018-0940 are publically disclosed but no known exploits – see “Notable CVEs”
KB4088875/KB4088878 Delayed Release affecting Windows 7 and Windows Server 2008 R2
There are significant but not widespread problems with KB4088875 (Rollup) and KB4088878 (Security Only) for Windows 7 and Windows Server 2008 R2. Microsoft may be in the process of pulling the patch but has not stated this. At this time Windows Updates shows inconsistent results. On some machines it shows as needed but as an unchecked patch. Still other machines do not show it listed at all. Microsoft has not explained this behavior. We will follow this over the next week and decide whether to release it next Friday.
Problems started surfacing shortly after the release of this patch concerning network cards. Microsoft was slow to acknowledge this but finally updated the KB yesterday (https://support.microsoft.com/en-us/help/4088875/windows-7-update-kb4088875)
“A new Ethernet virtual Network Interface Card (vNIC) may be created with default settings in place of the previously existing vNIC, causing network issues after applying this update. Any custom settings on the previous vNIC are still persisted in the registry but unused.”
“IP address settings are lost after applying this update.”
This appears to be impacting mostly virtual machines on VMware. However there are a significant number of reports that workstations (mostly Dell) have lost their static IPs.
Microsoft “Based on our analysis of available data, we are now lifting the AV compatibility check for the March 2018 Windows security updates for supported Windows 10 devices via Windows Update. We continue to require that AV software is compatible and in cases where there are known issues of AV driver compatibility, we will block those devices from updates to avoid any issues. ”
Windows security updates and antivirus software
The registry key antivirus check is still in effect for Win7 and 8.1. Machines will not install any cumulative updates until the key is present.
Security Update Guide
Affected software include:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- ASP.NET Core
- .NET Core
- PowerShell Core
- Adobe Flash
Known Issues per Microsoft: KB4088776, KB4088875, KB4088878, KB4089344, KB4089229, KB4090450
These are actually listed KB4088787, KB4088782, KB4088776, KB4088786, KB4088779, KB4088876, KB4088879, KB4088875, KB4088878, KB4089344, KB4089229, KB4090450
but oddly KB4088787,KB4088782,KB4088786,KB4088779 links show “Microsoft is not currently aware of any issues with this update.”
KB4088876 and KB4088879 Only show the old warning about the registry key antivirus check.
Monthly Rollup/Security Only/Windows 10/Server 2016 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB4088875 – Windows 7, Windows Server 2008 R2
- KB4088876 – Windows 8.1, Windows Server 2012 R2
- KB4088877 – Windows Server 2012
Security Only Update
- KB4088878 – Windows 7, Windows Server 2008 R2
- KB4088879 – Windows 8.1, Windows Server 2012 R2
- KB4088880 – Windows Server 2012
Cumulative Update for Windows 10
- KB4088786 – Original release version 1507 (OS Build 10240)
- KB4088779 – Version 1511 (OS Build 10586)
- KB4088787 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB4088782 – Version 1703 “Creators Update” (OS Build 15063)
- KB4088776 – Version 1709 “Fall Creators Update” (OS Build 16299)
Note: Server 2016 uses the same KB as Windows 10 Version 1607
KB4089187 – Cumulative Security Update for Internet Explorer 9/10/11
This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.
.NET Framework – None this month
KB4088785 – Security Update for Adobe Flash Player
March 2018, updates for Microsoft Office
IMPORTANT: Windows 10 Version 1709 “Fall Creators Update” (OS Build 16299)
Kaseya patch management is not detecting the cumulative monthly updates on the latest Windows 10 Version 1709 “Fall Creators Update”
Kaseya uses the Windows Updates API to determine which patches are needed. For some reason this is not accurately detecting the monthly cumulative update for version 1709. Other patches are detected normally. Your Kaseya patch scans will not show the cumulative patch as missing or installed. As such the agent may show fully patched when it is not.
Kaseya is working with Microsoft to correct this. Until the is fixed we will be releasing agent procedures to install the monthly updates. You can also turn Windows updates back ON from Patch Management> Configure> Windows Auto Update.
You can create a Custom View to find those agents on Windows 10 Version 1709 by adding the build number – Under “OS Info” add “OS Type: Windows 10” and “OS version filter: *16299*” We will update all partners once this problem is corrected.
CVE-2018-0808 | ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.
CVE-2018-0940 | Microsoft Exchange Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into disclosing sensitive information.