Description of the security update for vulnerabilities in Windows Server 2008 and WES09 and POSReady 2009: March 13, 2018

2018-03-1307:00:00

Microsoft

support.microsoft.com

5.5 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Description of the security update for vulnerabilities in Windows Server 2008 and WES09 and POSReady 2009: March 13, 2018

Summary

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory.

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.

To learn more about the vulnerabilities, go to the Security Update Guide.Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues in this security update

Symptom	Resolution
After you install this security update, you may receive a Stop error message that resembles the following when you log off the computer:

SESSION_HAS_VALID_POOL_ON_EXIT (ab)

| To resolve this known issue, apply update KB 4096310.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: March 13, 2018

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Windows Server 2008 file information

File hash information

File name	SHA1 hash	SHA256 hash
Windows6.0-KB4089344-x86.msu	B96BC90A07AB76FE4459C2605437139E756FE763	3EDAE9B12F90F48676BA6CC675466CCB8D618C37989D6A96165735576E292C18
Windows6.0-KB4089344-x64.msu	E259933A384777735D9F65EC0FF891B6069563DE	C91DA10E4D50F63ED235F8C98F7E35F456E4C2C007729D371C3C1CBC5ABC7EF3
Windows6.0-KB4089344-ia64.msu	EB731B076666ACA766403E3980F6A5827C93CA15	2A9D2CF6BA6731A8EE75D9E84D729E37E8F98934EC67E0069D343674F1C5F09C