{"id":5390,"date":"2018-04-05T10:15:20","date_gmt":"2018-04-05T08:15:20","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=5390"},"modified":"2024-10-05T21:18:28","modified_gmt":"2024-10-05T19:18:28","slug":"windows-kb4090450-kb4088875-kb4088878-kb4088881","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/04\/05\/windows-kb4090450-kb4088875-kb4088878-kb4088881\/","title":{"rendered":"Windows Update revisions KB4090450, KB4088875, KB4088878, KB4088881"},"content":{"rendered":"

\"Windows[German<\/a>]On April 4, 2018 Microsoft has revised the updates KB4090450, KB4088875, KB4088878, KB408888881 for Windows. I collected some details, and there are other details about Windows bugs. <\/p>\n

<\/p>\n

German \"\"blog reader Sebastian noticed that the updates are offered again at WSUS, so he left a comment<\/a>. <\/p>\n

\n

WSUS today announced that KB4088875, KB4088878 and KB408888881 have been revised. <\/p>\n

But nothing has changed in the KB article? Bugs still present. <\/p>\n

Who has the latest information?<\/p>\n<\/blockquote>\n

I then checked the Microsoft Update Catalog and found the Windows Update KB4090450 with release date April 4, 2018.  <\/p>\n

\"Update <\/p>\n

The updates are described in the following KB articles at Microsoft, and the revision date has been adjusted. I once compared my old descriptions with the current KB articles on the updates as well as old versions by wayback machine. The following seems to have changed – hope I haven't overlooked anything. <\/p>\n

Update KB4090450 for Windows Server 2008<\/h2>\n

Update KB4090450<\/a> (Description of the security update for the speculative execution side-channel vulnerabilities in Windows Server 2008: March 13, 2018) article has been revised on April 3, 2018. <\/p>\n

I haven't found any details of what has been revised here. However, since this is a Spectre V2 patch, it could be that the microcode has been updated for additional CPUs.    <\/p>\n

Update KB4088875 for Windows 7\/Server 2008 R2<\/h2>\n

Update KB4088875<\/a> is the March 13, 2018 (Monthly Rollup) for Windows 7 SP1 and Windows Server 2008 R2 SP1. The kb article has been revised on April 5, 2018. They added the following text:<\/p>\n

\n

Important <\/strong>Please apply KB4100480<\/a> immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038<\/a>.<\/p>\n<\/blockquote>\n

And there is an extension within the known issues section:<\/p>\n

\n

After you install this update, you may receive a Stop error message that resembles the following when you log off the computer: <\/p>\n

SESSION_HAS_VALID_POOL_ON_EXIT (ab)<\/p>\n<\/blockquote>\n

To solve this issue, install update KB4099467<\/a>.<\/p>\n

Update KB4088878 for Windows 7\/Server 2008 R2<\/h2>\n

Update KB4088878 is the March 13, 2018 (Security-only update) for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. It contains also: <\/p>\n

\n

Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130<\/a> update that was offered to disable mitigation against Spectre Variant 2.<\/p>\n<\/blockquote>\n

and the kb article has been revised on April 5, 2018. Microsoft added the section dealing with the SESSION_HAS_VALID_POOL_ON_EXIT bug (see previous section above). Maybe some micro codes has been updated. <\/p>\n

Update KB4088881 fo\u00fcr Windows 7\/Server 2008 R2<\/h2>\n

Update KB4088881<\/a> is the March 23, 2018 (Preview of Monthly Rollup) for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. The kb article has been revised on April 5, 2018 \u2013 Microsoft added.<\/p>\n

\n

Important <\/strong>Please apply KB4100480<\/a> immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038<\/a>.<\/p>\n<\/blockquote>\n

Addendum to Update KB4088883<\/h2>\n

Another small addendum to update KB408888883 for Windows 8.1\/Windows Server 2012\/R2 (from 03\/21\/2018). The preview rollup update is described in the blog post Updates for Windows 8.1\/Windows Server 2012\/R2 (03\/21\/2018)<\/a>. Askwoody reports here<\/a> that the update can trigger the BlueScreen 0x00000000C4.<\/p>\n

\n

askwoody.com also has this<\/a> article mentions also some update revisions. <\/p>\n<\/blockquote>\n

The Very Last \u2026<\/h2>\n

Just stumbled uppon this tweet from Alex Ionescu, that mentions a bug on all Windows versions causing a blue screen (BSOD). <\/p>\n

\n

Six months ago I submitted an unprivileged local DoS (BSOD) in all versions of Windows. It was closed as \"Won't fix\" and marked that it would be looked into for vNext. I kept the tweetable PoC to myself. The next release is RTM and still has the bug. The fix is a one line change.<\/p>\n

\u2014 Alex Ionescu (@aionescu) 4. April 2018<\/p><\/blockquote>\n