Microsoft Security Updates February 2018 release

Martin Brinkmann
Feb 13, 2018
Updated • Feb 14, 2018
Companies, Microsoft
|
54

Microsoft released updates for the company's Windows operating system, Microsoft Office, and other company products on today's February 2018 Patch Day.

Our overview lists all important information to make it as easy as possible to keep an overview, download updates, look up additional information, and make better decisions in regards to the installation of updates.

It is recommended that you back up your system before you install any patches. The past has shown over and over again that updates may have negative effects on systems and that backups are the best option when it comes to rolling back.

Our guide lists all security and non-security updates that Microsoft released since the January Patch Day. Each patch is listed with its name, description, and link to Microsoft.

We list how Windows products and Microsoft browsers are affected by this month's updates, post known issues and security advisories. You find information on downloads and even direct links to downloads at the end of the article.

Microsoft Security Updates February 2018

Click on the following link to download an Excel spreadsheet that lists all security updates that Microsoft released in February 2018: microsoft-windows-february-2018-updates.zip

Executive Summary

  • Microsoft released updates for all supported client and server versions of Windows.
  • Security updates are available for Microsoft Office, Adobe Flash, Microsoft Edge and Internet Explorer as well.
  • All Windows systems are affected by one critical vulnerability.

Operating System Distribution

  • Windows 7: 15 vulnerabilities of which 1 is rated critical and 14 are rated important
  • Windows 8.1: 12 vulnerabilities of which 1 is rated critical, 10 are important, and 1 is moderate
  • Windows 10 version 1607: 17 vulnerabilities of which 1 is rated critical and 16 are rated important
  • Windows 10 version 1703: 18 vulnerabilities of which 1 is rated critical and 17 are rated important
  • Windows 10 version 1709: 19 vulnerabilities of which 1 is rated critical and 18 are rated important

Windows Server products

  • Windows Server 2008: 11 vulnerabilities of which 1 is rated critical and 10 are rated important
  • Windows Server 2008 R2: 14 vulnerabilities of which 1 is rated critical and 13 are rated important
  • Windows Server 2012 and 2012 R2: 12 vulnerabilities of which 1 is rated critical 11 are rated important
  • Windows Server 2016: 17 vulnerabilities of which 1 is rated critical and 16 are rated important

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities, 1 critical, 1 important
  • Microsoft Edge: 14 vulnerabilities, 11 critical, 2 important, 1 moderate

Security Updates

KB4074588 -- Cumulative Update for Windwos 10 version 1709 to build 16299.248.

  • Addresses issue where child accounts are able to access InPrivate mode on ARM devices even though their browsing and search history is sent to their parents. This occurs only on Microsoft accounts belonging to children that are managed using the Microsoft Family service and for which parents have enabled activity reporting. This applies to Microsoft Edge and Internet Explorer.
  • Addresses issue with docking and undocking Internet Explorer windows.
  • Addresses issue in Internet Explorer where pressing the delete key inserted a new line in input boxes in an application.
  • Addresses issue in Internet Explorer where selected elements wouldn't update under certain circumstances.
  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.
  • Updates time zone information.
  • Addresses issue with browser Compatibility View settings that occurs during updates.
  • Addresses issue where, in certain hardware configurations, the frame rates of DirectX Games were unintentionally limited to a factor of the display's vertical synchronization.
  • Addresses issue that causes delays when switching keyboard languages using Alt+Shift.
  • Addresses issue where surround sound audio endpoints reverted to stereo after restarting.
    Improves and reduces conditions where certain Bluetooth keyboards drop keys during reconnection scenarios.
  • Corrects mouse delays for devices that incorrectly report the battery level status.
  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method".
  • Prevents use of the Pre-production Onesettings endpoint for Windows Setup when test signing is enabled.
  • Addresses issue where installations of Windows Server, version 1709 are not automatically activated using the Automated Virtual Machine Activation (AVMA) feature on Hyper-V hosts that have been activated.
  • Addresses issue with the Auto-register Inbox templates feature for UEV where the Scheduled Task didn't have the proper trigger.
  • Addresses issue where the App-V client didn't read the policy for SyncOnBatteriesEnabled when the policy was set using a Group Policy Object (GPO).
  • Addresses issue where the Supported On field for the Enable App-V Client policy is blank in the Group Policy editor.
  • Addresses issue where the user’s hive data in the registry is not maintained correctly when some App-V packages belong to the connection group.
  • Provides additional logging for administrators to take action, such as picking a proper configuration for their App-V package, when there are multiple configuration files for a single package.
  • Addresses issue with App-V packages that aren't compatible with registry virtualization using kernel containers. To address the issue, we changed the registry virtualization to use the earlier (non-container) method by default. Customers who would like to use the new (kernel container) method for registry virtualization can still switch to it by setting the following registry value to 1:
    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Compatibility
    Setting: ContainerRegistryEnabled
    DataType: DWORD
  • Security updates to Microsoft Scripting Engine, Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Windows Kernel, Windows Authentication, Device Guard, Common Log File System driver, and the Windows storage and file systems.

KB4074591 -- Cumulative Update for Windwos 10 Version 1511 to build 10586.1417

  • Updates time zone information.
  • Addresses issue that causes services.exe to stop working after applying the "Obtain an impersonation token for another user in the same session” privilege to Windows Server 2012 R2 computers. These computers then enter a restart loop. The system may report the SceCli event ID 1202 with error 0x4b8. It may also report the Application Error event ID 1000 with the faulting module name scesrv.dll and the exception code 0xc0000409. This privilege was first introduced in Windows Server 2016.
  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."
  • Addresses issue with URL redirects in Internet Explorer.
  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.
  • Addresses issue with browser Compatibility View settings that occur during updates.
  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Windows Kernel, Device Guard, Windows storage and file systems, Common Log File System driver, and the Microsoft Scripting Engine.

KB4074590 -- Cumulative Update for Windows 10 Version 1607 to build 14393.2068

  • Addresses issue with fragment identifier contained in links opened using the Enterprise Mode Site List to redirect from Microsoft Edge to Internet Explorer.
  • Addresses issue with rendering graphics elements with Internet Explorer.
  • Addresses a script-related issue that caused Internet Explorer to stop working in some cases.
  • Addresses issue in Internet Explorer where pressing the Delete key inserted a new line in input boxes in an application.
  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.
  • Addresses issue with browser Compatibility View settings that occured during updates.
  • Updates time zone information.
  • Addresses issue where telemetry data couldn't be uploaded using UTC because of networking environments that prevent access to the necessary CRL servers.
  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."
  • Addresses issue where a failover in MPIO while throttling input and output requests may cause all available paths to fail.
  • Addresses issue where the application pool CPU throttles when running IIS.
  • Updates Microsoft HoloLens CPU Microcode to address vulnerability CVE-2017-5715 - Branch target injection. Installing this KB for HoloLens applies all relevant OS and Microcode updates. See Advisory 180002 for more details.
  • Addresses issue where, after installing KB4057142 or KB4056890 on an SMB server, accessing files in directory junction points or volume mount points hosted on the server may fail. The error is “ERROR_INVALID_REPARSE_DATA”. For example, this symptom may be observed:
  • Editing some group policies using GPMC or AGPM 4.0 may fail with the error "The data present in the reparse point buffer is invalid. (Exception from HRESULT: 0x80071128)".
    Security updates to Microsoft Edge, Internet Explorer, Adobe Flash Player, Microsoft Windows Search Component, Windows Kernel, Device Guard, Common Log File System Driver, and Windows storage and file systems.

KB4074592 -- Cumulative Update for Windows 10 Version 1703 to build 15063.909.

  • Addresses issue with a fragment identifier contained in links opened using the Enterprise Mode Site List to redirect from Microsoft Edge to Internet Explorer.
  • Addresses issue with scrolling through customer applications in Microsoft Edge.
  • Addresses a script-related issue that caused Internet Explorer to stop working in some cases.
  • Addresses issue with launching files using linked shortcuts in Internet Explorer.
  • Addresses issue with rendering graphics elements in Internet Explorer.
  • Addresses issue in Internet Explorer where pressing the Delete key inserted a new line in input boxes in an application.
  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.
  • Updates time zone information.
  • Addresses issue where telemetry data couldn't be uploaded using UTC because of networking environments that prevent access to the necessary CRL servers.
  • Addresses issue where the certutil.exe -MergePfx feature couldn't produce a merged EPF file for multiple V1 certificates.
  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."
  • Addresses issue where booting with Unified Write Filter (UWF) turned on may lead to stop error 0xE1 in embedded devices, particularly when using a USB HUB.
  • Improves performance of Intel processors that have Hardware P-States (HWP) enabled.
  • Addresses issue where customers sometimes see the error message "Something went wrong" after completing the out-of-box experience.
  • Security updates to Microsoft Scripting Engine, Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Windows Kernel, Device Guard, Windows storage and file systems, and the Common Log File System driver.

KB4074593 -- Windows Embedded 8 Standard

KB4074594 — 2018-02 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2

KB4074597 — 2018-02 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2

All three address the following security issues:

  • Security updates to Windows Graphics, Windows Kernel, Common Log File System driver, Microsoft Windows Search component, and Windows storage and file systems.

KB4074598 — 2018-02 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2

KB4074587 -- 2018-02 Security Only Quality Update for Windows 7 and Windows Server 2008 R2

Both address the following security issues:

  • Security updates to Windows Graphics, Windows Kernel, Common Log File System driver, Microsoft Windows Search component, and Windows storage and file systems.

KB4074736 -- Cumulative security update for Internet Explorer: February 13, 2018

KB4034044 -- Security Update for Windows Server 2008 and Windows XP Embedded that fixes an information disclosure vulnerability in VBScript.

KB4057893 -- Security Update for Windows XP Embedded SP3 for x86-based Systems  --

KB4058165 -- 2018-02 Security Update for Windows Server 2008 -- addresses a security issue in Windows Kernel that could be abused for information disclosure attacks.

KB4073079 -- 2018-02 Security Update for Windows Server 2008 -- addresses an elevation of privileges vulnerability in the Windows Common Log File System driver.

KB4073080 -- 2018-02 Security Update for Windows Server 2008 -- Fixes an information disclosure vulnerability and an elevation of privilege vulnerability in Windows kernel.

KB4074589 -- 2018-02 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4074595 -- 2018-02 Security Update for Adobe Flash Player for Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, and Windows 10

KB4074603 -- 2018-02 Security Update for Windows Server 2008 and Windows XP Embedded

KB4074836 -- 2018-02 Security Update for Windows Server 2008 and Windows XP Embedded

KB4074851 -- 2018-02 Security Update for Windows Server 2008

KB4074852 -- 2018-02 Security Update for Windows XP Embedded SP3 for x86-based Systems

Known Issues

  • Windows Update History reports that KB4054517 failed to install because of error 0x80070643. -- Workaround: run a manual check for updates to make sure no further updates are available.
  • Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

Security advisories and updates

ADV180004 -- February 2018 Adobe Flash Security Update

Non-security related updates

KB4019276 -- Update for WES09 and POSReady 2009

KB4056446 -- Update for Windows Server 2008

KB4076492 -- 2018-02 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4076493 -- 2018-02 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4076494 -- 2018-02 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4076495 -- 2018-02 Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4077944 -- 2018-02 Dynamic Update for Windows 10 Version 1709

KB4077962 -- 2018-02 Dynamic Update for Windows 10 Version 1703

KB4078408 -- 2018-02 Dynamic Update for Windows 10 Version 1709

KB4087256 -- 2018-02 Update for Windows 10 Version 1709

KB4058258 -- Windows 10 Version 1709 update to build 16299.214

KB890830 -- Windows Malicious Software Removal Tool - February 2018

A big non-security update with improvements and fixes.

KB4073291 -- Windows 10 Version 1709 update to build 16299.201

Adds additional lprotections for 32-bit versions of Windows 10 version 1709. Also addresses issue originally patched in KB4056892.  Has known issues

KB4057144 -- Windows 10 Version 1703 update to build 15063.877

Fixes lots of issues including unbootable state issues for some AMD systems, printing PDF issues in Microsoft Edge, or Windows Defender security issues.

KB4057142 -- Windows 10 Version 1607 update to build 14393.2034

The update includes quality improvements. Lots of fixes, some match KB4057144.

KB4075200 -- Windows 10 Version 1511 update to build 10586.1358

Non-security update for the November update version of Windows 10. Includes some fixes.

KB2952664 -- Compatibility update for keeping Windows up-to-date in Windows 7

Microsoft Office Updates

Microsoft released non-security updates for Office products last week. Check out this overview if you have not already.

Office 2016

KB4011686 -- Fixes remote code execution vulnerabilities in Office 2016.

KB4011143 --Fixes remote code execution vulnerabilities in Office 2016.

Office 2013

KB4011690 -- Patches vulnerabilities in Microsoft Office that could be exploited for remote code execution.

KB3172459 -- Security Update for Microsoft Office to address remote code execution vulnerabilities.

Office 2010

KB4011707 -- Fixes remote code execution vulnerabilities in Office 2010.

KB3114874 -- Fixes remote code execution vulnerabilities in Office 2010.

How to download and install the February 2018 security updates

windows microsoft february 2018 updates

All security updates for Windows are distributed via Windows Update and other update distributions services already. Users who want to install the updates right away may need to run manual checks for updates as these don't happen in real-time.

Do the following to run a check for updates:

  1. Tap on the Windows-key, type Windwos Update and select the result.
  2. Windows will either run a check automatically when the page opens, or after you select "check for updates".
  3. Updates should get downloaded and installed automatically after the scan. If they are not, click on the download button to start the process.

Direct update downloads

The following links point to the Microsoft Update Catalog website where you can download the updates as standalone files.

Windows 7 SP1 and Windows Server 2008 R2 SP

KB4074598— 2018-02 Security Monthly Quality Rollup for Windows 7
KB4074587 — 2018-02 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

KB4074594 — 2018-02 Security Monthly Quality Rollup for Windows 8.1

KB4074597  — 2018-02 Security Only Quality Update for Windows 8.1

Windows 10 (version 1511)

KB4074591 — Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

KB4074590  — 2018-02 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

KB4074592 — 2018-02 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

KB4074588 — 2018-02 Cumulative Update for Windows 10 Version 1709

Additional resources

Summary
Microsoft Security Updates February 2018 release
Article Name
Microsoft Security Updates February 2018 release
Description
Microsoft released updates for the company's Windows operating system, Microsoft Office, and other company products on today's February 2018 Patch Day.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.