MicrosoftKB4457128September 11, 2018—KB4457128 (OS Build 17134.285)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
September 11, 2018—KB4457128 (OS Build 17134.285)
NoteThis release also contains updates for Microsoft HoloLens (OS Build 17134.285) released September 11, 2018.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Provides protection against a Spectre Variant 2 vulnerability (CVE-2017-5715) for ARM64 devices.
- Addresses an issue that causes the Program Compatibility Assistant (PCA) service to have excessive CPU usage. This occurs when the concurrency of two simultaneous add and remove programs (ARP) monitoring threads is not handled correctly.
- Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Microsoft Graphics Component, Windows media, Windows Shell, Windows Hyper-V, Windows datacenter networking, Windows virtualization and kernel, Windows Linux, Windows kernel, Microsoft JET Database Engine, Windows MSXML, and Windows Server.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, see the Security Update Guide.
Known issues in this update
| Symptom | Workaround |
|---|---|
| After installing this update, Windows no longer recognizes the Personal Information exchange (PFX) certificate that’s used for authenticating to a Wi-Fi or VPN connection. As a result, Microsoft Intune takes a long time to deliver user profiles because it doesn’t recognize that the required certificate is on the device. | This issue is resolved in KB4464218. |
| All Guest Virtual Machines running Unicast NLB fail to respond to NLB requests after the Virtual Machines restart. | This issue is resolved in KB4458469. |
| After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates | This issue is resolved in KB4480976. |
How to get this update
This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.ImportantWhen installing the servicing stack update (SSU) KB4456655and the latest cumulative update (LCU) (KB4457128) from the Microsoft Update Catalog, install the SSU first to mitigate potential issues while installing the LCU.File informationFor a list of files provided in this update, download thefile information for cumulative update 4457128.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%