Microsoft Security Updates January 2018 release

RSS Content from Martin Brinkmann


Welcome to the first Microsoft Patch Day review of the year 2018. Microsoft released security updates for all supported versions of Windows and other company products on January 9, 2018.

This overview offers information on the release. It covers all security updates and non-security updates that Microsoft released since the last Patch Day in December.

It begins with an executive summary that lists the highlights of this month’s Patch Day. The operating system distribution, and the actual patches that Microsoft released follow afterward. If Microsoft published Security Advisories and if there are Known Issues, those are covered as well.

The last part guides you through the downloading and installing of the updates on Windows PCs. You find direct downloads for all cumulative updates and a resource section there.

Check out the December 2017 Patch Day for information on last month’s patches.

Microsoft Security Updates January 2018

The following Excel spreadsheet lists all security updates for all Microsoft products that the company released in January 2018. Download it with a click on the following link:
Microsoft-windows-updates-january-2018.zip

Microsoft released an out-of-band update for Windows 10 and other supported versions of Windows on January 4, 2018. Microsoft expects users who use systems with 2015 or older CPUs to see a decrease in performance after installing the patches.

Executive Summary

  • Microsoft released security patches for all supported client and server versions of the Windows operating system.
  • Security updates are also released for Microsoft Edge, Internet Explorer, Microsoft Office, SQL Server, .NET Framework, .NET Core, ASP.NET Core and Adobe Flash
  • No critical updates for any supported version of Windows.

Operating System Distribution

  • Windows 7: 7 vulnerabilities of which 7 are rated important
  • Windows 8.1: 10 vulnerabilities of which 10 are rated important
  • Windows 10 version 1607: 11 vulnerabilities of which 11 are rated important
  • Windows 10 version 1703: 11 vulnerabilities of which 11 are rated important
  • Windows 10 version 1709: 11 vulnerabilities of which 11 are rated important

Windows Server products

  • Windows Server 2008: 7 vulnerabilities of which 7 are rated important
  • Windows Server 2008 R2: 7 vulnerabilities of which 7 are rated important
  • Windows Server 2012 and 2012 R2: 10 vulnerabilities of which 10 are rated important
  • Windows Server 2016: 9 vulnerabilities of which 9 are rated important

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities,  2 critical
  • Microsoft Edge: 17 vulnerabilities, 14 critical, 3 important

Security Updates

KB4056888 — Windows 10 version 1511 cumulative update

  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows Graphics, Windows Kernel, Windows Datacenter Networking, Windows Virtualization and Kernel, and the Windows SMB Server.

KB4056899 — Security only Quality Update for Windows Server 2012 and Windows Embedded 8 Standard

KB4056890 — Windows 10 version 1607 cumulative update

  • Security updates to Microsoft Edge, Internet Explorer, Windows Graphics, Windows Kernel, Windows Datacenter Networking, and Windows SMB Server.

KB4056891 — Windows 10 version 1703 cumulative update

  • Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Graphics, Windows Kernel, Windows Subsystem for Linux, and the Windows SMB Server.

KB4056892 — Windows 10 version 1709 cumulative update

  • Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
  • Addresses issue where printing an Office Online document in Microsoft Edge fails.
  • Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
  • Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
  • Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
  • Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
  • Addresses issue where update installation may stop at 99% and may show elevated CPU or disk utilization. This occurs if a device was reset using the Reset this PC functionality after installing KB4054022.
  • Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.

KB4056893 — Windows 10 RTM cumulative update

  • Fixes an excessive memory usage issue with smart cards on a Windows Termina system.
  • Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics.

KB4056894 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

  • Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics.

KB4056895 — Windows 8.1 and Windows Server 2012 R2 cumulative update

KB4056568 — Cumulative security update for Internet Explorer: January 3, 2018

Known Issues

  • Incompatibility with some antivirus programs. Workaround is to set a key in the Registry.
    • Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat”Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”Type=”REG_DWORD”Data=”0x00000000”
  • Unbootable State issues for some AMD devices. Windows OS updating halted until issue is resolved.

Security advisories and updates

ADV180002 — Guidance to mitigate speculative execution side-channel vulnerabilities

Non-security related updates

Microsoft Office Updates

Microsoft released non-security patches for Office on January 3, 2018.

Office 2016

KB4011627 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.  Fixes a (non-security) crash issue in Excel during background error checking when copying sheets between workbooks.

KB4011574 — Security update for Microsoft Office 2016 fixes eight Common Vulnerabilities and Exposures.

KB4011632 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. Fixes non-security issues.

  • Attachment menus are disabled when you view Information Rights management e-mails.
  • PowerPoint 2016: Missing option to insert online pictures from OneDrive.
  • PowerPoint 2016: When using Insert Online Pictures or Insert Online Video, content is loaded in browser windows.
  • Improves Chinese Simplified and Chinese Traditional translations.

KB4011626 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. Fixes non-security issues in Outlook 2016.

  • Fixes an issue where cancelling one attachment would cancel them all.
  • Some attachments are not removed when forwarding emails that contain inline messages and the “read all mails as plain text” check box is checked.

KB4011643 — Fixes several vulnerabilities in Microsoft Word 2016.

KB4011622 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.. This update adds a registry key that enables authentication to be proceeded even if the Online Content is disabled.

Office 2013

KB4011639 — Excel 2013 —  This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

KB4011580 — Office 2013 — Same description as KB4011639

KB4011636 — Office 2013 — Same description as KB4011639. Fixes the following non-security issues:

  • PowerPoint 2013 — Same issues as described in KB4011632
  • This update adds support for Office add-ins that are signed by using catalog signatures in Office 2013.
  • Improves Chinese Simplified and Chinese Traditional translation.

KB4011637 — Outlook 2013 — Same security description as KB4011626. Fixes the following non-security issues:

  • Third-party MAPI providers may be blocked despite being in the Outlook profile.
  • When you send an email message from Outlook.com to a recipient outside of Office 365, the recipient always gets a winmail.dat attachment in the message.

KB4011651 — Word 2013 — Same as KB4011643

Office 2010

KB4011660 — Excel 2010 — Same description as KB4011639.

KB4011658 — Office 2010 — Resolves vulnerabilities on Office 2010.

KB4011610 — Office 2010 — Resolves even more vulnerabilities in Office 2010.

KB4011611 — Office 2010 — Same security description as KB4011639.

KB4011273 — Outlook 2010 — Same security description as KB4011639. Fixes a non-security issue with third-party MAPI providers.

KB4011659 — Word 2010 — Same as KB4011643

Office 2007

How to download and install the January 2018 security updates

I recommend that you back up the system partition before you install any Windows update. This gives you an option to restore the old state of the system if updates cause issues on the system.

Windows users may use Windows Update to download and install the patches, the Microsoft Update Catalog, or third-party programs. Windows Update does not check for updates in real-time. You can run an update check at any time in the following way:

  1. Tap on the Windows-key to bring up the Start menu.
  2. Type Windows Update, and select the result to load the interface.
  3. Windows may run a check for updates automatically, or with a click on the “check for updates” option on the page.
  4. Updates may be downloaded automatically then, or on user request.

Direct update downloads

The following links point to the Microsoft Update Catalog website. You can follow the links to download the updates to the local system.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4056894 — 2018-01 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4056897 — 2018-01 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

  • KB4056895 — 2018-01 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems

  • KB4056898 — 2018-01 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10  (version 1507)

  • KB4056893 — Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

  • KB4056890 — 2018-01 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4056891 — 2018-01 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4056892 — 2018-01 Cumulative Update for Windows 10 Version 1709

Additional resources

Now You: How was your updating experience this month?

Ghacks needs you. You can find out how to support me here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post Microsoft Security Updates January 2018 release appeared first on gHacks Technology News.

The independent technology news blog

Via: Martin Brinkmann – https://www.ghacks.net/feed/

Powered by WPeMatico

Hits: 45

Leave a Reply