Virtual Administrator’s May 2018 Patch Recommendations

Denied on May 14
KB4103718/KB4103712 May Quality Rollup/Security Only update for Windows 7, Windows Server 2008 R2 (https://support.microsoft.com/en-us/help/4103718/windows-7-update-kb4103718)

Microsoft has updated their KB acknowledging a problem. We will update this blog as more information becomes available and/or when we release these again.

Symptom: Microsoft is aware that some customers have reported that network drivers are intentionally uninstalled, then fail to reinstall after applying the May 8, 2018 update. This can result in the loss of network connectivity.

Workaround: Microsoft is presently investigating and will provide a status update when the investigation is complete.

 

*********************************************************************************************

This month Microsoft released patches for 67 vulnerabilities with 21 of them rated “Critical” and 42 rated “Important”.

All May patches have been approved in our patch policy.

This month is a lot quieter than the past few. The Rollup/Cumulative patches include the fixes for the most concerning vulnerabilities. Two zeros days addressed. New Windows 10 version finally released.

Zero Days: 2 vulnerabilities patched this month. CVE-2018-8174 the Double Kill exploit is addressed. CVE-2018-8120 is a Windows kernel ‘Win32k.sys’ CVE-2018-8120 Local privilege escalation vulnerability. See Notable CVEs below.

Just Released! Windows 10 Version 1803 “Spring Creators Update” (OS Build 17134)
We recommend you “look before you leap” and wait on 1803. If you do upgrade make sure to install the Cumulative Update KB4103721. UNLESS you use certain Intel SSDs. See Known Issues below.

VA has created a script to “Defer Windows 10 Auto Updates” which will allow you to delay the upgrade.

Warning: Patch Hyper-V This month 2 vulnerabilities that could enable a guest operating system to compromise the host have been addressed. See Notable CVEs below. We’ve seen more frequent Hyper-V patches release over the past few months. Make sure you are caught up.

  • CVE-2018-0959 – Hyper-V Remote Code Execution Vulnerability
  • CVE-2018-0961 – Hyper-V vSMB Remote Code Execution Vulnerability

Heads Up: RDP connections will fail with message “An authentication error has occurred” is there is a patch level mismatch.
CVE-2018-0886 is a vulnerability in the CredSSP protocol. The client and server need to be updated, or Windows and third-party CredSSP clients may not be able to connect to Windows or third-party hosts.
CredSSP updates for CVE-2018-0886
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

Affected software include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • .NET Framework
  • Microsoft Exchange Server
  • Windows Host Compute Service Shim

Known Issues per Microsoft: KB4103721, KB4103723, KB4103727, KB4103718, KB4103712

KB4103721 Windows 10 Version 1803
https://support.microsoft.com/en-us/help/4103721
Symptom: When attempting to upgrade to the Window 10 April 2018 Update, select devices with Intel SSD 600p Series or Intel SSD Pro 6000p Series may repeatedly enter a UEFI screen after restart or stop working.
Workaround: Roll back to 1709. Microsoft is working on a resolution and will provide an update in an upcoming release.
Recovery options in Windows 10
https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options

KB4103723 Windows 10 Version 1607
https://support.microsoft.com/en-us/help/4103723/windows-10-update-kb4103723
Symptom: Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface.
Note: Existing shielded VMs and HGSs are not affected.
Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

KB4103727 Windows 10 Version 1709
https://support.microsoft.com/en-us/help/4103727/windows-10-update-kb4103727
Symptom: Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled.
Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

KB4103718/KB4103712 Windows 7/Server 2008 R2
https://support.microsoft.com/en-us/help/4103718/windows-7-update-kb4103718
Symptom: A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).
Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

Monthly Rollup/Security Only/Windows 10/Server 2016 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

Security and Quality Rollup
KB4103718 – Windows 7, Windows Server 2008 R2
KB4103725 – Windows 8.1, Windows Server 2012 R2
KB4103730 – Windows Server 2012

Security Only Update
KB4103712 – Windows 7, Windows Server 2008 R2
KB4103715 – Windows 8.1, Windows Server 2012 R2
KB4103726 – Windows Server 2012

Cumulative Update for Windows 10
KB4103716 – Original release version 1507 (OS Build 10240)
None – Version 1511 (OS Build 10586)
KB4103723 – Version 1607 “Anniversary Update” (OS Build 14393)
KB4103731 – Version 1703 “Creators Update” (OS Build 15063)
KB4103727 – Version 1709 “Fall Creators Update” (OS Build 16299)
KB4103721 – Version 1803 “Spring Creators Update” (OS Build 17134)

Note: Server 2016 uses the same KB as Windows 10 Version 1607

KB4103768 – Cumulative Security Update for Internet Explorer 9/10/11
This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

.NET Framework
Security and Quality Rollup (Security Only) for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1
KB4099633 (KB4099637)- Windows 7, Windows Server 2008 R2
KB4099635 (KB4099639)- Windows 8.1, Windows Server 2012 R2
KB4099634 (KB4099638)- Windows Server 2012
KB4099636 (KB4099640)- Windows Server 2008 (.NET Framework 2.0, 3.0, 4.5.2, 4.6)

KB4103729 – Security Update for Adobe Flash Player

May 2018 updates for Microsoft Office
https://support.microsoft.com/en-us/help/4133083/may-2018-updates-for-microsoft-office

Notable CVEs

CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174
Affects All OS
KB# – Monthly Rollup/Cumulative Update
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

CVE-2018-8120 | Win32k Elevation of Privilege Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
Affects Windows 7, Windows Server 2008/2008 R2
KB# – Monthly Rollup
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE-2018-8170 | Windows Image Elevation of Privilege Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8170
Affects Windows 10 Version 1703/1709
KB# – Cumulative Update
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.