Patch Tuesday: Here's what's new for Windows 7 and 8.1

Today is Patch Tuesday, the second Tuesday of the month, when Microsoft releases updates for all supported versions of Windows. Along with various cumulative updates for Windows 10, older versions got patched as well.

If you're on the oldest supported version of Windows, Windows 7 SP1 (or Windows Server 2008 R2 SP1), you'll get KB4338818. You can manually download it here, and it contains the following fixes:

  • Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.

  • Updates Internet Explorer's Inspect Element feature to conform to the policy that disables the launch of Developer Tools.

  • Addresses an issue where DNS requests disregard proxy configurations in Internet Explorer and Microsoft Edge.

  • Security updates to Internet Explorer, Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows wireless networking, and Windows virtualization.

There's also a known issue to be aware of:

Symptom

Workaround

There is an issue with Windows and third-party software related to a missing file (oem.inf). Because of this issue, after you apply this update, the network interface controller will stop working.
  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
    a. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.


There's also a security-only update, KB4338823, which contains a subset of the fixes. You can grab that here. That update does not contain any known issues.

If you're on Windows 8.1 or Windows Server 2012 R2, you'll get KB4338815. You can manually download it here, and it has the following fixes:

  • Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).

  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Control and AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.

  • Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.

  • Updates Internet Explorer's Inspect Element feature to conform to the policy that disables the launch of Developer Tools.

  • Addresses an issue where DNS requests disregard proxy configurations in Internet Explorer and Microsoft Edge.

  • Addresses an issue that causes the mouse to stop working after a user switches between local and remote sessions.

  • Security updates to Internet Explorer, Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows virtualization, and Windows kernel.

The security-only update is KB4338824, and you can download that here. Neither of the updates have any known issues.

Finally, those on Windows Server 2012 will get KB4338830, which can be downloaded here and contains the following fixes:

  • Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).

  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Control and AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.

  • Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.

  • Security updates to Windows apps, Windows graphics, Windows datacenter networking, Windows virtualization, and Windows kernel.

The security-only update is KB4338820, which can be manually downloaded here. Neither update for Windows Server 2012 has any known issues.

Report a problem with article
Previous Story

Microsoft releases Windows Server 2019 and SDK Preview build 17709

Next Story

Mozilla premieres Test Pilot program on mobile devices with Lockbox and Notes

16 Comments - Add comment

Advertisement