[German]As of March 1, 2018 Microsoft released several updates for Windows (KB4091290, KB4090007) and for Windows Defender. This includes the correction update for the accidental preview update KB4075211 (SCARD_E_NO_SERVICE-Bug) and the microcode update for Spectre 2.
Defender Update KB4052623
Microsoft has released update KB4052623 (Windows Defender Antimalware Platform) via Windows Update for Windows 10 and Windows Server 2016. KB4052623 upgrades the Windows Defender Antimalware Platform to version 4.12.17007.18022
Update KB4091290 for Windows 7/Server 2008 R2 SP1
Update KB4091290 is a correction update for KB4075211 (Preview of Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contained at least two serious bugs.
- If the device has a smart card reader, the process LSM.exe triggers the error SCARD_E_NO_SERVICE when the SCardEstablishContext or SCardReleaseContext functions are called.
- After installation of the update KB4075211 there is a memory leak in SMB servers.
The correction update KB4091290 fixes the SCARD_E_NO_SERVICE bug of LSM. exe under Windows 7 SP1 and Windows Server 2008 R2 SP1.
The update is only offered or installed if a compatible virus scanner is installed under Windows. This must create the SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat key in the registry in the HKEY_LOCAL_MACHINE branch and create the DWORD value cadca5fe-87d3-4b96-b7fb-a231484277cc and set it to 0x000000000000..
Currently, it does not make sense to install the Preview of Monthly Rollup KB4075211 or the correction update KB4091290.
Microcode update KB4090007 for Windows 10 V1709
Update KB4090007 is available for Windows 10 Version 1709 and Windows Server Version 1709 (Datacenter, Standard). This update contains the Intel Microcode update for hardening against the Spectre 2 variant (CVE 2017-5715) – see my blog entry New Intel Spectre V2 microcode updates (02/20/2018).
This update is only valid for the Skylake 6th generation processors, as shown in the table above. For this reason, it is a standalone update that is only available in the Microsoft Update Catalog.
The Microsoft KB article states:”This update also includes Intel microcode updates that were released for these operating systems at the time of release to manufacturing (RTM). What exactly does that mean?
I’ve mentioned within the article New Intel Spectre V2 microcode updates (02/20/2018), that Microsoft had already provided the microcode updates for the Skylake processors (Core i-6000) on January 22,2018. These were withdrawn by Intel because of problems with microcode updates for other processors. The microcode updates for the Skylake processors were then re-released unchanged again on February 20, 2018. That’s what is behind the phrase ‘already published at the time of release to production (RTM) for these operating systems’.
There is also a small but subtle difference between firmware updates for the UEFI and a microcode update. A firmware update for the UEFI must be approved by the manufacturer of the motherboard. This update may also include microcode updates. These are loaded from the UEFI firmware into the CPU when the system is started. Pure microcode updates can be rolled out by Microsoft. These microcodes are loaded into the CPU when the operating system is started. The above update is therefore a microcode update, which is reloaded every time Windows starts.
But there is a weakness caused by the microcode update, we should know. Windows 10 uses Early Launch Anti-Malware (ELAM). ELAM should protect the operating system from loading malicious drivers. So this feature is active, long before the microcode update will be loaded from the operating system. So I guess, ELAM is useless, if an attacker infects the system.
Microsoft also announced: We will offer additional microcode updates from Intel through this KB article for these operating systems as they become available to Microsoft. Please make sure that the attenuation of Spectre Variant 2 is activated by the registry settings documented in the following articles.
Regarding the registry settings, I had specified the required registry entry in the text above for update KB4091290.