Lucene search

K
mskbMicrosoftKB4093118
HistoryApr 10, 2018 - 7:00 a.m.

April 10, 2018—KB4093118 (Monthly Rollup)

2018-04-1007:00:00
Microsoft
support.microsoft.com
76

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

April 10, 2018—KB4093118 (Monthly Rollup)

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4088881(released March 23, 2018) and addresses the following issues:

  • Addresses an issue where a new Ethernet Network Interface Card (NIC) that has default settings may replace the previously existing NIC, causing network issues

  • Addresses an issue where static IP address settings can be lost

  • Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” registry setting. This change has been made to protect user data.

  • Improves reliability in the kernel, and addresses an issue that can cause applications to have unexpected memory contents on multiprocessor systems.

  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.

  • Addresses an access violation on certain pages in Internet Explorer when it renders SVGs under high load.

  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.

  • Addresses a stop error that occurred when the previous month’s update was applied to a 32-bit (x86) computer with a Physical Address Extension (PAE) mode disabled.

  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.
    For more information about the resolved security vulnerabilities, see the Security Update Guide.Note:

  • This update supercedes update 4100480, Windows kernel update for CVE-2018-1038.

  • Resync is required to get newer revision of this KB for WSUS environment

Known issues in this update

Symptom Workaround
After installing KB4056897 or any other recent monthly updates, SMB servers may experience a memory leak for some scenarios. This occurs when the requested path traverses a symbolic link, mount point, or directory junction and the registry key is set to 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanManServer\Parameters\EnableEcp This issue is resolved in KB4103718.
A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). Upgrade your machines with a processor that supports SSE2 or virtualize those machines.
After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.
  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from theAction menu.
    a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then chooseSearch automatically for updated driver softwareorBrowse my computer for driver software.
    After installing this update, some Windows 7.0 SP1 files reverted to older versions.| This issue is resolved in KB4103713.

How to get this update

This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4093118.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%