Lucene search

K
mskbMicrosoftKB4467708
HistoryNov 13, 2018 - 8:00 a.m.

November 13, 2018—KB4467708 (OS Build 17763.134)

2018-11-1308:00:00
Microsoft
support.microsoft.com
91

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

November 13, 2018—KB4467708 (OS Build 17763.134)

Notes:

  • This release also contains updates for Microsoft HoloLens (OS Build 17763.134) released November 13, 2018.
  • Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
  • Addresses an issue that prevents users from signing in to a Microsoft account (MSA) as a different user if signing in a second time.
  • Addresses an issue that denies file system access to Internet of Things (IoT) Universal Windows Platform (UWP) apps that require this capability.
  • Addresses an issue that causes the on-screen keyboard to appear when running automated tests or when you install a physical keyboard.
  • Security updates to Microsoft Edge, Windows Scripting, Internet Explorer, Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Kernel, Windows Server, and Windows Wireless Networking.
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
After installing this update, some users cannot set Win32 program defaults for certain app and file type combinations using the Open with… command or**Settings **>**Apps **>Default apps.In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default. This issue is resolved in KB4469342.
After installing this update, users may not be able to use the Seek Bar in Windows Media Player when playing specific files. This issue does not affect normal playback. This issue is resolved in KB4471332.
nVidia has notified Microsoft of an issue where Microsoft Edge may crash or hang while playing video. This issue occurs following an nVidia driver update. nVidia has released an updated driver to address this issue. Please follow the instructions found in _nVidia’s support article. _

How to get this update

Before installing this updateMicrosoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see Servicing stack updates.If you are using Windows Update, the latest SSU (KB4465664) will be offered to you automatically. To get the stand-alone package for the latest SSU, go to the Microsoft Update Catalog.Install this updateThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for cumulative update 4467708.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%