[German]Fortunately July 2018 is over. Time for a brief review of the July 2018 patches and what’s still open. At least administrators should know the following overview.
If you haven’t already noticed, here is a short overview of patches I didn’t mention here in my blog.
- Update KB4052623 (Windows Defender Antimalware Platform, for Windows 10) has been updated.
- Updates for Adobe products: Beside the Flash player update (mentioned in my blog), Adobe has released more security updates for Reader etc. (see).
Microsofts July 2018 patches, what to know?
German blog reader Karl sent me an email a few hours ago, summing up the problems and issues that occurred in the Microsoft environment due to the July 2018 updates (thanks for that). Here is Karl’s list.
Updates from July 10, 2018 are all buggy
The July updates from 10.07.2018 are all buggy (as reported in the blog here). For Windows 2008 – 2012 R2 you have to install the Preview to get error-free updates for 07-2018. The buggy updates from 10.07 have not been re-released with the same KB. Why? Ask MS.
AD Connect Sync issues caused by .NET Framework 4.6.2
.Net 4.6.2 causes problems with AD Connect Sync (CPU usage increases to 100%). This is a known issue, a fix should come. According to Karl, the bug provided 7 GHz load on the ESX, although the machine has only 2 cores.
Windows Server 2016 slow update install
Windows 2016 servers take hours to install the patches (see also). This applies even to newly installed systems, despite the service stack update (SSU) of May 2018. I already mentioned this problem in the blog article Windows Server 2016: Slow updates.
Beware of the.NET rollup updates July 7, 2018
All .NET Framework Rollups (July 07-2018) should generally not be installed because of known problems reported here in the blog. So the rollup must be allowed from 05-2018, although already marked as expired in WSUS.
Outdated/wrong Spectre documentation
Microsoft does not maintain its Spectre documentation. Therefore here my substitution table to get Spectre 2,3, 3a and 4 (for 2 and 4 BIOS updates are still necessary, if not Windows 10 / 2016 Server), as well as for client and servers the registry keys.
Spectre 1*, 2, 3, 3a*, 4*
Many links in the table have been superseded and should be replaced.
The following table lists (if available) the former patch > new patch + SSU + Spectre patch (the latter not in WSUS / via WU, must be imported or installed manually (at first the SSUs were also missing)
|Windows 10 1803||KB4338853 + KB4340917 + KB4100347-v2 + *Registry AMD / Intel|
|Windows 10 1709||KB4056892 > KB4131372 + KB4338817 + KB4090007_v4 + *Registry AMD / Intel|
|Windows 10 1703||KB4132649 + KB4338827 + KB4091663-v4 + *Registry AMD / Intel|
|Windows 10 1607 LTSC||KB4056890 > KB4132216 + KB4338822 + KB4091664_v4 + *Registry AMD / Intel|
|Windows 10 1511||KB4035632 + KB4093109 no protection Spectre|
|Windows 10 1507 LTSC||KB4345455 + KB4091666-v3 + *Registry AMD / Intel|
|Server 2016 1709 Core||KB4056892 > KB4131372 + KB4338817 + KB4090007_v4 + *Registry AMD / Intel|
|Server 2016 1607||KB4056890 > KB4132216 + KB4338822 + KB4091664_v4 + *Registry AMD / Intel|
|Server 2012 R2||KB4056898 > KB4338831 + *Registry AMD / Intel|
|Server 2012||KB4088880 > KB4338816 + *Registry AMD / Intel|
|Server 2008 R2||KB4056897 > KB4338821 + *Registry AMD / Intel|
|Server 2008||KB4090450 > KB4093478 + *Registry AMD / Intel|
Note the subsequent registry adjustments necessary for the Spectre patches to take effect. According to Karl, changes to the registry can easily be distributed via GPO GPP (without script):
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization” /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d “1.0” /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f
Maybe the overview above will help you. Some more hints about known problems in the July 2018 updates can be found in my blog post Looking back at Microsoft’s July 2018-Patches.
Adobe Flash Player Version 220.127.116.11
Microsoft Office Patchday (July 3, 2018)
Patchday: Windows 10-Updates July 10, 2018
Patchday: Updates for Windows 7/8.1/Server July 10, 2018
Patchday Microsoft Office Updates (10. Juli 2018)
Microsoft Patchday: Other Updates July 10, 2018
Windows 10: Update revisions July 16, 2018
Windows 7/8.1: Revised Updates July 16, 2018
Windows 7/8.1 Preview Rollup Updates (July 18, 2018)
Revised .NET Framework Update KB4340558 (July 19, 2018)
Windows 10: Cumulative Updates July 25, 2018
Intel Microcode Updates KB4100347, KB4090007 (July 2018)
NET-Framework Updates July 30, 2018 with Fixes
.Net-Framework Update July 2018 pulled?
Windows: Stop error 0xD1 in July 2018 updates explained
Microsoft’s July 2018 patch mess – put update install on hold