Patchday: More Microsoft Updates (March 13, 2018)

Posted on 2018-03-19 by guenni

Windows Update[German]Microsoft has released further updates for Internet Explorer, Windows Server, etc. for Patchday (March 13, 2018). Here are some more details about selected patches.

Advertising

General remarks

The complete overview of all updates from Microsoft can be found on this website. Some of the updates mentioned there are described in separate blog posts (see link list at the end of the article).

A vulnerability in the chakra script engine is closed in the Microsoft Edge browser. This prevents prepared web pages from provoking a memory overflow and an increase in rights. Another closed vulnerability in the Windows shell prevents code execution by a prepared file. Errors and other problems are listed in the blog posts linked at the end of the article.

Security updates

The following security updates have been released.

Update KB4056564 Windows Server 2008

Security update KB4056564 is available for Windows Server 2008 and Windows XP Embedded. It fixes the CredSSP Remote Code Execution vulnerability in Windows Server 2008, WES09 and POSReady 2009 and is available through Windows Update, WSUS, and Microsoft Update Catalog.

Update KB4073011 Windows Server 2008

Security update KB4073011 is available for Windows Server 2008. It is a security update against the Windows Hyper-V Denial of Service vulnerability (CVE-2018-0885) in Windows Server 2008. The update is available through Windows Update, WSUS, and Microsoft Update Catalog.

Advertising

Update KB4087398 Windows Server 2008

Security update KB4087398 is available for Windows Server 2008 and Windows XP Embedded. This security update closes a Privilege escalation vulnerability (CVE-2018-0868) in Windows Installer of Windows Server 2008 and WES09 and POSReady 2009. The update is available through Windows Update, WSUS, and Microsoft Update Catalog.

Update KB4088827 Windows Server 2008

Security update KB4088827 is available for Windows Server 2008 Service Pack 2, Windows Server 2008 Foundation and Windows Server 2008 Standard. This security update closes a Information Disclosure vulnerability (CVE-2018-0888) in Hyper-V. Das The update is available through Microsoft Update Catalog.

Update KB4088877 for Windows Server 2012

Security update KB4088877 (Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012) addresses:

  • Provides Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows.
  • Security updates to Internet Explorer, the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

Das Update ist per Windows Update, WSUS, und Microsoft Update Catalog erhältlich. Die Installation erfolgt nur, wenn die Antivirus-Kompatibilität per Registrierungseintrag (siehe KB-Artikel) bestätigt ist.

Update KB4088880 for Windows Server 2012

Update KB4088880 ist das Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012. Es adressiert folgendes:

  • Provides Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows.
  • Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows Installer, and Windows Hyper-V.

The update is available through WSUS and Microsoft Update Catalog. The installation only takes place if the antivirus compatibility is confirmed by the registry entry (see KB article).

Update KB4089082 for Windows XP Embedded

Security Update KB4089082 closes the Microsoft Video Control Elevation of Privilege vulnerability (CVE-2018-0881) in WES09 and POSReady schließt. The update is available through Windows Update and Microsoft Update Catalog erhältlich.

Update KB4089175 for Windows Server 2008/Windows XP Embedded

Security Update KB4089175 closes the Windows Shell Remote Code Execution-vulnerability (CVE-2018-0883) in Windows Server 2008 and Windows XP Embedded. The update is available through Windows Update, WSUS And Microsoft Update Catalog erhältlich. 

Update KB4089229 for Windows Server 2008

Security Update KB4089229 closes a Windows Kernel Information Disclosure vulnerability in Windows Server 2008. The installation only takes place if the antivirus compatibility is confirmed by the registry entry (see KB article). The update triggers a blue screen on 32-bit x86 machines with Physical Address Extension (PAE) mode disabled. Another stop error occurs on machines that do not support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). The update is available via Windows Update, WSUS and Microsoft Update Catalog

Update KB4089344 for Windows Server 2008

Security Update KB4089344 is available for Windows Server 2008 and Windows XP Embedded (WES09 und POSReady 2009), and closes a  another vulnerability . The vulnerability in the handling of objects in memory through the Windows Graphics Device Interface (GDI), which allows a privilege extension. After installing this security update, you may receive a stop error message: SESSION_HAS_VALID_POOL_ON_EXIT when logging off from the computer. The following commands can be executed in an administrative command prompt:

sc config uxsms start= disabled
sc stop uxsms

These commands deactivate the Desktop Window Manager. The update is available via Windows Update, WSUS and Microsoft Update Catalog

Update KB4089453 for Windows Server 2008

Security Update KB4089453 is available for Windows Server 2008 and Windows XP Embedded. It closes information disclosure vulnerability CVE-2018-0878. The update is available via Windows Update, WSUS and Microsoft Update Catalog

Update KB4089694 for Windows XP Embedded

Security Update KB4089694 for Windows Server 2008 closes information disclosure vulnerability (Windows Wireless WPA pairwise encryption key reinstallation vulnerability in WES09 and POSReady 2009) CVE-2017-13077. The update is available via Windows Update, WSUS and Microsoft Update Catalog.  

Update KB4090450 for Windows Server 2008

Security Update Update KB4090450 for Windows Server 2008 contains the microcode updates for the speculative execution side-channel vulnerability (ADV180002). However, the update has several known and critical issues described in the KB article. The patch is available via Windows Update, WSUS and  Microsoft Update Catalog.

Cumulative Security Update KB4089187 for Internet Explorer

Cumulative Security Update KB4089187 for Internet Explorer closes several vulnerabilities in browser. It's available for Windows 7 up to Windows 10 and it's server pendants via Windows Update, WSUS and Microsoft Update Catalog.

Flash Player Update KB4088785

Update KB4088785 (Adobe Flash Player) is available for Windows Server version 1709, Windows Server 2016, Windows 10 version 1709 (Fall Creators Update), Windows 10 version 1703 (Creators Update), Windows 10 version 1607, Windows 10 version 1511, Windows 10 RTM, Windows Server 2012 R2, Windows 8.1, and Windows RT 8.1. It addresses the vulnerabilities mentioned in document ADV180006. The update is available via Windows Update, WSUS, and Microsoft Update Catalog.

Similar articles:
Adobe Flash Player Update to Version 29.0.0.113
Microsoft Patchday Summary March 13, 2018
Security Updates for Windows 7/8.1 (March 13, 2018)
Patchday: Windows 10 Updates (March 13, 2018)
Microsoft Office Patchday (March 13, 2018)

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in Office, Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *