 [German]On July 10, 2018 Microsoft released several (security) updates (KB4338818, KB4338823) for Windows 7 SP1 and other updates (KB4338815, KB4338824) for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.
[German]On July 10, 2018 Microsoft released several (security) updates (KB4338818, KB4338823) for Windows 7 SP1 and other updates (KB4338815, KB4338824) for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.
Updates for Windows 7/Windows Server 2008 R2
For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.
KB4338818 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB44338818 (July 10, 2018, Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in the previous month's update. The update addresses the following:
- Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.
- Updates Internet Explorer's Inspect Element feature to conform to the policy that disables the launch of Developer Tools.
- Addresses an issue where DNS requests disregard proxy configurations in Internet Explorer and Microsoft Edge.
- Security updates to Internet Explorer, Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows wireless networking, and Windows virtualization.
The update is automatically downloaded and installed by Windows Update. It can also be downloaded from the Microsoft Update Catalog. This update has the known issues since months that the NIC (network interface controller) no longer works due to a missing third-party .inf file. The remedy is to reinstall the NIC via the device manager.
KB4338823 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB4338823 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 and addresses the following items:
- Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.
- Security updates to Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows wireless networking, and Windows virtualization.
This update is available via WSUS or in Microsoft Update Catalog. There are no known issues. When installing the Security Only Update you must also install KB4339093 for IE.
Addendum: Compatibility update KB2952664 for Windows 7
I am also offered the compatibility update KB2952664 for Windows 7 on my machine. Microsoft writes about this:
This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.
The update is distributed via Windows Update and is classified as important. It can also be downloaded from the Microsoft Update Catalog. Due to previous experiences described in the blog post Windows 7/8.1: Updates KB2952664 & KB2976978 (02/08/2018), I would hide this update.
Updates for Windows 8.1/Windows Server 2012 R2
For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.
KB4338815 (Monthly Rollup) for Windows 8.1/Server 2012 R2
Update KB4338815 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the rollup for the previous month. It also addresses the following items.
- Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
- Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Control and AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
- Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.
- Updates Internet Explorer's Inspect Element feature to conform to the policy that disables the launch of Developer Tools.
- Addresses an issue where DNS requests disregard proxy configurations in Internet Explorer and Microsoft Edge.
- Addresses an issue that causes the mouse to stop working after a user switches between local and remote sessions.
- Security updates to Internet Explorer, Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows virtualization, and Windows kernel.
This update is automatically downloaded and installed from Windows Update, but is also available in the Microsoft Update Catalog. There are no known problems with the update.
KB4338824 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB4338824 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.
- Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
- Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Control and AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
- Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.
- Security updates to Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows virtualization, and Windows kernel.
The update is available via WSUS or in the Microsoft Update Catalog. Microsoft is currently not aware of any errors. When installing the Security Only Update you must also install KB4339093 for IE.
Similar articles:
Adobe Flash Player Version 30.0.0.134
Microsoft Office Patchday (July 3, 2018)
Patchday: Windows 10-Updates July 10, 2018
Patchday: Updates for Windows 7/8.1/Server July 10, 2018
Patchday Microsoft Office Updates (July 10, 2018)
Microsoft Patchday: Other Updates July 10, 2018
 
			



Updates KB4056254 (new release date 6/21/2018) & KB4023057 (new release date 7/5/2018) have also appeared as new updates for older versions of Windows 10.