Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019

[German]On January 8, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.


Advertising


Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4480970 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4480970 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in last month’s update. The update addresses the following:

  • Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
  • Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:
  • “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”
  • Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

This update is automatically downloaded and installed by Windows Update. The package is also available via Microsoft Update Catalog. Installation requires that the latest SSU is already installed.

Note: The KB article again mentions that the update has the known problem for many months that the NIC (network interface controller) no longer works due to a missing third-party .inf file. A remedy is to reinstall the NIC via the device manager.

KB4480960 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4480960 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the same issues as the Monthly Quality Rollup Update KB4480970.

The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU, KB3177467). If you install the Security Only Update, you must also install KB4480965 for IE.


Advertising

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4480963 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4480963 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the previous month’s rollup. It also addresses the following issues.

  • Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
  • Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:
  • “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”
  • Security updates to Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog. After you install this update, third-party applications may have difficulty authenticating hotspots. Microsoft is investigating this issue.

KB4480964 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4480964 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same items as update KB4480963 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2).

The update is available via WSUS or in the Microsoft Update Catalog. According to Microsoft there are no known problems. If the Security Only Update is installed, KB4480965 need also be installed for IE.

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019


Advertising


This entry was posted in Security, Update, Windows and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *