Skip to main content

Microsoft Windows Security Updates August 2018 release overview

Microsoft released security updates for Windows, Office, and other company products on the August 2018 Patch Tuesday (Update Tuesday).


Last month's Patch Day was not the the smoothest of them all as it had issues that affected all supported versions of Windows. Microsoft released three cumulative updates for Windows 10, one designed solely to fix issues caused by another. The Windows 7 and Windows 8.1 updates had bugs, and the .Net Framework patches caused issues on some systems they were installed on.


We recommend to wait with the installation of the updates for at least a couple of days to monitor reports about issues. If you have to install the updates, make sure you back up the system before you do so.


The overview covers updates for client and server versions of Windows, Microsoft Office, and other company products. It links to security advisories and support pages, lists direct downloads, and other information that is important for home users and system administrators alike.


Microsoft Windows Security Updates August 2018


You can download an Excel spreadsheet that contains all security updates that Microsoft released today. Just click on the following link to download it:
microsoft-windows-august-2018-updates.zip


Executive Summary



  • Microsoft released updates for all versions of Windows, Microsoft Edge, Internet Explorer Microsoft Office, and other company products including Visual Studio, .NET Framework, Microsoft SQL Server, Microsoft Exchange Server, and Adobe Flash Player.

  • All client and server versions of Windows are affected by critical vulnerabilities.

  • Microsoft does not provide a general overview of resolved security issues anymore on support pages.


Operating System Distribution



  • Windows 7: 15 vulnerabilities of which  3 are critical and 12 are important.

  • Windows 8.1: 12 vulnerabilities of which 2 are critical and 10 are important.

  • Windows 10 version 1607: 21 vulnerabilities of which 2 are critical and 17 are important.

  • Windows 10 version 1703: 21 vulnerabilities of which 3 are critical and 18 are important.

  • Windows 10 version 1709: 22 vulnerabilities of which 3 are critical and 19 are important.

  • Windows 10 version 1803: 21 vulnerabilities of which 3 are critical and 18 are important.


Windows Server products



  • Windows Server 2008 R2: 15 vulnerabilities of which 3 are critical and 12 are important.

  • Windows Server 2012 R2: 13 vulnerabilities of which 2 are critical and 10 are important.

  • Windows Server 2016: 20 vulnerabilities of which 2 are critical and 18 are important.


Other Microsoft Products



  • Internet Explorer 11: 11 vulnerabilities, 6 critical, 5 important

  • Microsoft Edge: 16 vulnerabilities, 10 critical, 5 important, 1 low


Windows Security Updates


KB4343909 -- Windows 10 version 1803



  • Protection against a new speculative execution side-channel vulnerability known as L2 Terminal Fault affecting Intel Copre and Intel Xeon processors.

  • Fixed high CPU usage issue for AMD Family processors of the 15th and 16th generation  after installing the June or July 2018 updates from Microsoft and microcode updates.

  • Fixed an issue that prevent apps from receiving mesh updates.

  • IE and Edge support the preload="none" tag.

  • Fixed authentication issue for apps running on HoloLens.

  • Addressed a battery life issue that reduced battery significantly after the upgrade to version 1803.

  • Fixed Device Guard blocking some ieframe.dll class IDs after the May 2018 update.

  • Addressed a vulnerability related to Export-Modulemember() function.


KB4343897 -- Windows 10 version 1709



  • Similar to Windows 10 version 1803.

  • Fixed copy adding additional spaces to content copied from IE.

  • Fixed AzureAD being displayed as the default domain after the July 24, 2018 updates.

  • Token Binding protocol draft updated to 0.16


KB4343885 -- Windows 10 version 1703



  • Similar to Windows 10 version 1803.

  • Fixed a issue that caused Internet Explorer to stop working on some sites.


KB4343887 -- Windows 10 version 1607 and Server 2016



  • Similar to Windows 10 version 1703.


KB4343898 -- Windows 8.1 Monthly Rollup Update



  • Protections against L1 Terminal Fault as in the Windows 10 updates

  • Support for preload="none" tag. Microsoft lists Edge but that is a copy/paste error.

  • Fixed device startup issue by installing KB3033055 released in September 2015 after installing any November 2017 or later update.


KB4343888 -- Windows 8.1 Security-only



  • Protections against L1 Terminal Fault as in the Windows 10 updates


KB4343900 -- Windows 7 SP1 Monthly Rollup Update



  • Protections against L1 Terminal Fault as in the Windows 10 updates

  • Fixed high cpu usage issue for some AMD processors after installing June or July 2018 updates and AMD microcode updates.

  • Protections against Lazy Floating Point (FP) State Restore for 32-bit versions.


KB4343899 -- Windows 7 SP1 Security-only



  • Identical to KB4343900


KB4343205 -- Cumulative Update for Internet Explorer


KB4338380 -- Windows Server 2008 -- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.


KB4340937 -- Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 -- A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects.


KB4340939 -- Windows Server 2008 -- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.


KB4341832 -- Windows Server 2008 -- L1TF variant vulnerabilities update.


KB4343674 -- Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 -- fixes remote code execution vulnerability and information disclosure vulnerability in GDI.


KB4343902 -- Security update for Adobe Flash Player


KB4344104 -- Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 -- Remote code execution vulnerability in the Windows font library.


KB4344159 -- Security Only Update for .NET Framework 4.0 on WES09 and POSReady 2009


KB4344180 -- Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009


KB4345590 --Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2


KB4345591 -- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012


KB4345592 -- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2


KB4345593 -- Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008


KB4345679 -- Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2


KB4345680 -- Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012


KB4345681 -- Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2


KB4345682 -- Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008


Notes


The following CVEs have FAQs that offer additional information and may also list additional steps required to update.



Known Issues


Windows 10 version 1803


Windows 10 version 1703



  • Issues caused by the July 2018 Net Framework update -- Microsoft is working on a solution.


Windows 10 version 1709



  • Localization issues for some languages that may display a few strings in English and not the local version.


Windows 7 SP1



  • Issue with third-party software related to missing oem.inf file still exists.


Microsoft Exchange Server 2013



  • Some files are not properly update when the updates KB4340731 or KB4340733 are installed without elevated privileges. Outlook Web Access and Exchange Control Panel may stop working.


Security advisories and updates


ADV180017 -- July 2018 Adobe Flash Security Update


ADV180018 -- Microsoft Guidance to mitigate L1TF variant


ADV180020 -- August 2018 Adobe Flash Security Update


ADV180021 | Microsoft Office Defense in Depth Update


Non-security related updates


KB4339284 -- Time zone and DST changes in Windows for North Korea


KB4340689 -- Dynamic Update for Windows 10 Version 1709


KB890830 -- Windows Malicious Software Removal Tool - August 2018


KB4346877 -- Update for Windows 10 version 1607 and Server 2016 -- Fixes the .Net Framework update issues introduced by the July 2018 .Net updates.


KB4340917 -- Update for Windows 10 version 1803 -- See our coverage of KB4340917 here.


KB4338817 -- Update for Windows 10 version 1709 -- Lots of bug fixes.


KB4338827 -- Update for Windows 10 version 1703 -- Lots of bug fixes.


KB4338822 -- Update for Windows 10 version 1607 and Server 2016 -- Lots of bug fixes.


KB4345421 -- Update for Windows 10 version 1803 -- See our coverage of KB4345421 here.


KB4345420 -- Update for Windows 10 version 1709 -- attempts to fix issues caused by the July 2018 updates.


KB4345419 -- Update for Windows 10 version 1703 -- attempts to fix issues caused by the July 2018 updates.


KB4345418 -- Update for Windows 10 version 1607 and Server 2016 -- attempts to fix issues caused by the July 2018 updates.


Microsoft Office Updates


Check out our coverage of all released non-security updates for Office in August 2018 here.


Office 2016


KB4032233 -- Security update for Office 2016 that patches an information disclosure vulnerability.


KB4032235 -- Security update for Outlook 2016 detailed in ADV180021. Includes a number of improvements as well:



  • Restricts users from adding cloud files as attachments to digitally signed, rights-protected, or encrypted email messages.

  • Improves first, middle, and last names label translations in French.

  • Fixes a crash in third-party MAPI applications.

  • Adds various translations.

  • Outlook 2016 may start in offline mode even when you set it to start in online mode. (Fixed?)

  • Fixes accessibility issue with the Security Support Provider Interface authentication prompt.

  • Dynamic CRM functionality is blocked. See for help.


KB4032229 -- Security update for Excel 2016 that resolves a remote code execution vulnerability. Also includes improvements:



  • Fixes hangs in Excel

  • Addresses high CPU usage when you unprotect workbookx in Protected View and edit them.

  • Fixes an Excel crash when you open a workbook with an XLL add-in to store and retrieve binary data.

  • German translation update for VLOOKUP function assistant help text.


Office 2013


KB4032239 -- Resolves information disclosure vulnerability. Enables People Picker control in the Office Document Information Panel.


KB4032241 --Resolves various security vulnerabilities in Excel 2013.


KB4032240 -- Fixes security issues in Outlook 2013. Includes the following improvements:



  • Same as KB4032235 for the most part.


Office 2010


KB3213636 -- Fixes vulnerabilities in Microsoft Office 2010 - CVE-2018-8378.


KB4022198 -- Fixes vulnerabilities in Microsoft Office 2010 - CVE-2018-8378.


KB4032223 -- Excel 2010 update that addresses CVE-2018-8375, CVE-2018-8379 and CVE-2018-8382.


KB4018310 -- PowerPoint 2010 security update that addresses CVE-2018-8376.


KB4032222 -- Outlook 2010 security update. See ADV180021


Other Office products


KB4092433 -- Word Viewer


KB4092434 -- Word Viewer


KB4032213 -- Excel Viewer 2007


KB4032212 -- Microsoft Office Compatibility Pack Service Pack 3


KB4022195 - Microsoft Office Viewers and Office Compatibility Pack


Also: SharePoint Server 2016, 2013 and 2010.


How to download and install the August 2018 security updates


microsoft windows security updates august 2018


Most home PCs that run Windows use Windows Update for update checks, downloads, and installs. Organizations use Enterprise-specific update tools usually to download and deploy updates.


The Microsoft Update Catalog website offers a third-option to download and install updates.


Windows users who use Windows Update can run manual checks for updates to get updates installed immediately when they are released.


While it is recommended that you wait before you install updates, as updates may break things (and have numerous times in the past), you may do the following to install them when they are available:



  1. Tap on the Windows-key to display the Start menu.

  2. Type Windows Update and select the option.

  3. Select check for updates to install the updates.


Note: We recommend that you create a backup of the system partition and important data before you install Windows updates.


Direct update downloads


All cumulative updates for supported versions of Windows are also provided as direct downloads from Microsoft's Download Center site.


Just click on the direct links below to do so.


Windows 7 SP1 and Windows Server 2008 R2 SP



  •  KB4343900-- 2018-08 Security Monthly Quality Rollup for Windows 7

  •  KB4343899 — 2018-08 Security Only Quality Update for Windows 7


Windows 8.1 and Windows Server 2012 R2



  •  KB4343898 — 2018-08 Security Monthly Quality Rollup for Windows 8.1

  •  KB4343888 — 2018-08 Security Only Quality Update for Windows 8.1


Windows 10 and Windows Server 2016 (version 1607)



  •  KB4343887 — 2018-08 Cumulative Update for Windows 10 Version 1607


Windows 10 (version 1703)



  •   KB4343885 — 2018-08 Cumulative Update for Windows 10 Version 1703


Windows 10 (version 1709)



  •  KB4343897 — 2018-08 Cumulative Update for Windows 10 Version 1709


Windows 10 (version 1803)



  •  KB4343909 — 2018-08 Cumulative Update for Windows 10 Version 1709


Additional resources




 



Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates August 2018 release overview appeared first on gHacks Technology News.

Original post: https://www.bardtech.com/microsoft-windows-security-updates-august-2018-release-overview/

Comments

  1. Christina BedfordJanuary 4, 2021 at 10:17 AM

    Outlook is the mail client application of the Microsoft Office suite. This is the kind of Outlook that is locally installed on your computer. ... 2 Outlook Web App (aka OWA) is the web based mail client for subscribers of Office 365 for Business and Exchange Online. Also sometimes called “Outlook for Office 365.
    for more information click here: how to add another email account to outlook 2016

    ReplyDelete

Post a Comment

Popular posts from this blog

How A/B Partitions and Seamless Updates Affect Custom Development on XDA

When Android Nougat released, it had us talking about all kinds of new features . We got a newly updated user interface for starters along with long-awaited multiwindow capabilities and Vulkan Graphics API support. But one under-the-hood addition flew over the heads of most users. Android Nougat introduced “Seamless Updates” on devices that support A/B partitions. The vast majority of existing Android devices (excluding the new Google Pixel and Google Pixel XL ) did not have A/B partitions at the time and thus couldn’t take advantage of seamless updates. The basic premise of this feature is that the device has a second set of the system, boot, vendor, and other important partitions, and when you get an OTA update the update happens in the background while the second set of partitions are patched which lets you reboot into an updated software build seamlessly. If an update fails, you’ll be kicked back to a working build, meaning companies will have fewer headaches to deal with and con...
2 comments
Read more

Huawei Mate 20 Pro launched in India with Kirin 980 for ₹69,990 ($988)

For years, the highest-end Android flagship used to be defined by Samsung’s Galaxy Note series as the “best-of-the-best” Android phones. Google entered the premium smartphone segment in 2016 with the Google Pixel . In addition, one company that has been steadily improving its flagship phones is Huawei. Huawei has also been steadily increasing the prices of its flagship phones at the same rate. Indian consumers, however, were left out as Huawei had not opted to launch any Mate series phone in India before. This year, as the company’s strategy has changed, high-end flagship smartphone buyers now have another option to choose from. The Huawei P20 Pro was launched in India in April . Now, Huawei has launched the Huawei Mate 20 Pro in India—the first ever launch of a Mate series phone in the country. The Huawei Mate 20 Pro is the successor of the Huawei Mate 10 Pro . It’s positioned as a higher-end variant of the standard Huawei Mate 20. It should be noted that Huawei didn’t launch the s...
Post a Comment
Read more

Can you use the Tor Browser without Tor connection?

Tor Browser is a web browser specifically designed for privacy and anonymity. The web browser is a modified version of Firefox ESR that includes privacy tweaks and even some extensions to improve privacy and security on the Internet. What makes it special is that all connections go through several severs of the Tor network before they connect to the destination. Connections to Tor improve privacy when you are online but could you, in theory, run Tor Browser without Tor? Tor Browser without Tor would still provide better out-of-the-box privacy than Firefox ESR or Firefox Stable -- and other browsers. It is arguably the browser with the best default privacy configuration which might make it attractive to some users. Dropping Tor reduces privacy while online but that can be compensated, e.g. by connecting to a VPN or even chaining VPN services  and it would speed things up significantly. Tor is the better choice when it comes to critical tasks, e.g. leaking documents or communication...
Post a Comment
Read more