Microsoft Windows Security Updates April 2018 release overview - gHacks Tech News

Microsoft Windows Security Updates April 2018 release overview

Welcome to our monthly overview of Microsoft's Windows security updates. We provide you with full details of all released security and non-security updates for Windows and other Microsoft products.

Check out the executive summary at the top if you are in a hurry, or go through the list of released updates and click on the links that point to Microsoft's Knowledgebase to look up additional information.

The overview includes the vulnerability distribution per client and server operating system, as well as for Edge and Internet Explorer, the list of patches, download information, and information about Microsoft Office and security advisories.

Microsoft planned to release the Windows 10 Spring Creators Update, version 1803 today, but it appears that the release has been delayed.

Microsoft Windows Security Updates April 2018

You may download the following Excel spreadsheet that lists all published security updates for all Microsoft products on the April 2018 Patch day: Windows Security Updates April 2018

Executive Summary

  • Microsoft released security updates for all supported client and server versions of the Windows operating system.
  • All client and server versions of Windows are affected by critical vulnerabilities.
  • Other Microsoft products with patches are: Internet Explorer, Microsoft Office, Microsoft Edge, Adobe Flash Player, Microsoft Visual Studio, Microsoft Azure IoT SDK, ChakraCore
  • Microsoft lifted the update block restriction for Windows 7, Windows 8.1 and server variants on devices without HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc Registry setting.

Operating System Distribution

  • Windows 7: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
  • Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 1 moderate and 16 important
  • Windows 10 version 1607: 25 vulnerabilities of which 6 are rated critical and 19 important
  • Windows 10 version 1703: 28 vulnerabilities of which 6 are rated critical and 22 important
  • Windows 10 version 1709: 28 vulnerabilities of which 6 are rated critical and 22 important

Windows Server products

  • Windows Server 2008 R2: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
  • Windows Server 2012 and 2012 R2: 23 vulnerabilities which 6 are rated critical, 1 moderate and 16 important
  • Windows Server 2016: 27 vulnerabilities of which 6 are rated critical, 1 moderate and 20 important

Other Microsoft Products

  • Internet Explorer 11: 13 vulnerabilities, 8 critical, 5 important
  • Microsoft Edge: 10 vulnerabilities, 8 critical, 2 important

Windows Security Updates

Microsoft released an update for the Microsoft Malware Protection Engine on April 3, 2018.

KB4093112 -- Windows 10 version 1709

  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs).
  • Access violation issue in Internet Explorer.
  • Enterprise Mode redirect issue in IE and Edge.
  • SVG access violation issue when under high load in Internet Explorer.
  • Updated time zone information issues.
  • App-V service may stop working on RDS servers that host many users.
  • User accounts locking issue when moving apps to a shared platform using App-V.
  • ActiveX content printing issue in Internet Explorer.
  • Addresses an issue that causes document.execCommand("copy") to always return False in Internet Explorer.
  • Internet Explorer did not identify custom controls correctly in some instances.
  • Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.

KB4093107 -- Windows 10 version 1703

  • Same as KB4093112

KB4093119 -- Windows 10 version 1607

  • Same as KB4093112

KB4093108 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 -- Security Only

  • Lifted blocking of updates via Windows Update and WSUS if "antivirus compatibility" Registry key was not set.
  • Stop error when the update from previous month was applied on 32-bit systems with PAE mode disabled.
  • Kernel reliability improvements.
  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.

KB4093115 -- Windows 8.1 and Windows Server 2012 R2

  • Lifted blocking of updates via Windows Update and WSUS if "antivirus compatibility" Registry key was not set.
  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel , and Windows app platform and frameworks.

KB4093114 -- Windows 8.1 and Windows Server 2012 R2

  • ActiveX printing issue in IE.
  • SVG rendering issue causing high load issue in IE.
  • Custom controls identifying issue in IE.
  • and all of KB4093115.

KB4093118 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 -- Monthly Rollup

  • ActiveX printing issue in Internet Explorer
  • SVG high load rendering issue in Internet Explorer.
  • Issue with identifying custom controls in IE.
  • and all updates of KB4093108

KB4093110 -- Security update for Adobe Flash Player: April 10, 2018

KB4091756 -- Windows XP Embedded and Windows Server 2008 -- Denial of Server vulnerability

KB4092946 -- Cumulative Security Update for Internet Explorer

KB4093108 -- Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4093118 -- Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4093123 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4093122 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4093109 -- Cumulative Security Update for Windows 10 Version 1511

KB4093111 -- Cumulative Security Update for Windows 10

KB4093223 -- Security Update for Windows Server 2008 and Windows XP Embedded -- Patches Microsoft graphics remote code execution issue.

KB4093224 -- Security Update for Windows Server 2008 and Windows XP Embedded -- Fixes Microsoft graphics component denial of service vulnerability.

KB4093227 -- Security Update for Windows Server 2008 -- security update for the Windows Remote Desktop Protocol (RDP) denial of service vulnerability

KB4093257 -- Security Update Windows Server 2008 and Windows XP Embedded -- patches a buffer overflow vulnerability in the Microsoft JET Database engine and an elevation of privilege vulnerability in Windows Adobe Type Manager Font Driver.

KB4093478 -- Security Update for Windows Server 2008 -- patches information disclosure vulnerability.

KB4101864 -- Security Update for WES09 and POSReady 2009 for x86-based Systems

Known Issues

Windows 10 version 1709

Windows Update History reports that updates did not install because of 0x80070643 even though they did install.

Windows 7 and Windows Server 2008 R2

  • SMB Servers may leak memory
  • Stop error on PCs that don't support SIMD or SSE2

Security advisories and updates

ADV180007 -- April 2018 Adobe Flash Security Update

Non-security related updates

KB4089848 for Windows 10 version 1709 -- non security update that fixes lots of issues.

KB4093137 -- Update for Windows 10 Version 1607 -- Servicing stack update for Windows 10, version 1607

KB4093430 -- Update for Windows 10 Version 1507 --Servicing stack update for Windows 10, version 1507

KB4093432 -- Update for Windows 10 Version 1703 -- Servicing stack update for Windows 10, version 1703

KB4099989 -- Windows 10 Version 1709 -- Servicing stack update for Windows 10, version 1709

KB890830 -- Windows Malicious Software Removal Tool

Microsoft Office Updates

Office 2016

KB4018337 -- Excel 2016: security update that patches a remote code execution vulnerability and includes non-security improvements.

KB4011628 -- Office 2016: patches remote code execution vulnerability

KB4018319 -- Office 2016: patches remote code execution vulnerability and includes non-security improvements

KB4018328 -- Office 2016: patches remote code execution vulnerability and includes non-security improvements.

KB4018339 -- Word 2016: patches remote code execution vulnerability and includes non-security improvements.

KB4011667 -- Office 2016: fixes crash that occurs when adding an account that has already signed in.

KB4018322 -- Office 2016: blocks minors from running or obtaining add-ins without parental consent from the online store, and adds translation for the message why an Office add-on cannot be loaded.

KB4018329 -- Office 2016: update for Office 2016 Language Interface Pack.

KB4018326 -- Outlook 2016: adds support for Sync Slider, improves some translations, an issue with favorite folders disappearing under certain circumstances, and an issue where the recipients name may be removed from the recipient list if it matches the sender's display name.

KB4011726 -- PowerPoint 2016: adds help message for Microsoft Equation 3.0 and translation of the message that informs about the end of support for Microsoft Equation 3.0.

KB4018320 -- Project 2016:  fixes a Project opening issue that results in the error message "Sorry, we were unable to open your project. Please try again. If this happens again, contact your administrator.". Fixes a crash furthermore, an issue with Change Working Time dialog boxes, and introduces new information to projects saved in XML format.

Tip: you can restore simple saving by setting SimpleXmlexport to the value of 1 in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\MS Project\Options\Save\

KB4018323 -- Skype for Business 2016 update.

Office 2013

KB4018347 -- Word 2013: patches remote code execution and includes non-security improvements.

KB4018350 -- Excel 2013: patches remote code execution vulnerability and includes non-security improvements.

KB4018330 -- Office 2013: patches remote code execution vulnerability and includes non-security fixes.

KB4018288 -- Office 2013: Patches remote code execution vulnerability

KB3178636 -- Office 2013: fixes a crash in Outlook 2013 when opening messages that contain byte-order mark or zero-width non-breaking space characters in the body.

KB4018333 -- Office 2013: adds translations of messages that inform users why an Office add-in could not be loaded. Also, minors require parental consent to obtain or run add-ins from the online store.

KB4018303 -- Outlook 2013: fixes a crash in Outlook, custom forms with Visual Basic Script issue in shared calendars, sent emails appearing in the wrong Sent Items folder, and authentication prompt that were locked behind the main Outlook window.

KB4018289 -- Powerpoint 2013: same as KB4011726

KB4018335 -- Project 2013: same as KB4018320

KB4018334 -- Skype for Business 2015 update.

Office 2010

KB4018362 -- Excel 2010 security update

KB4018359 -- Word 2010 security update

KB4018357 -- Office 2013 security update

KB4018311 -- Office 2013 security update

KB2965234 -- PowerPoint 2010: Adds "appropriate help message" for Microsoft Equation 3.0.

KB4018312 -- same as KB2965234 but for PowerPoint Viewer.

KB3128038 -- Project 2010: adds new information to saved projects in XML format including name of views, tables, filters, groups, and more.

KB4018317 -- Outlook 2010: custom forms with Visual Basic Script doesn't run in shared calendars.

Update: Microsoft did release patches for Office 2007, SharePoint Server 2016, SharePoint Server 2013, Project Server 2013, and SharePoint Foundation 2013, and SharePoint Server 2013 as well.

How to download and install the March 2018 security updates

windows updates april 2018

Microsoft distributes updates via Windows Update to consumer systems. All versions of Windows are configured to check for, download and install important updates when they are published.

You may run a manual check for updates to pick up the updates as early as possible as the update checking does not happen in realtime.

  1. Tap on the Windows-key to open the Start Menu.
  2. Type Windows Updates and select the result.
  3. Click on the "check for updates" button if the update check is not run automatically.

Windows runs a check for updates and will download and install those it finds automatically.

Note: It is recommended that you create a backup of the system before you install updates as they may break things.

Direct update downloads

Updates for all supported versions of Windows may also be downloaded from the Microsoft Update Catalog website. Just click on the direct links below to do so.

Windows 7 SP1 and Windows Server 2008 R2 SP

  •  KB4093118— 2018-04 Security Monthly Quality Rollup for Windows 7
  •  KB4093108— 2018-04 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  •  KB4093114— 2018-04 Security Monthly Quality Rollup for Windows 8.1
  •   KB4093115— 2018-04 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  •  KB4093119— 2018-04 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4093107 — 2018-04 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4093112 — 2018-04 Cumulative Update for Windows 10 Version 1709

Additional resources

 

Summary
Microsoft Windows Security Updates April 2018 release overview
Article Name
Microsoft Windows Security Updates April 2018 release overview
Description
Welcome to our monthly overview of Microsoft's Windows security updates. We provide you with full details of all released security and non-security updates for Windows and other Microsoft products.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Franck said on April 10, 2018 at 8:14 pm
      Reply

      Thanks a lot for this great summary !

    2. Jay said on April 10, 2018 at 8:25 pm
      Reply

      Could you please double-check the downloadable Excel spreadsheet? The ZIP download is ~35.1KB but appears to be a corrupted archive.

      Thank you in advance!!

      1. Jay said on April 10, 2018 at 8:27 pm
        Reply

        The file’s MD5 hash is b5a96ce02f0f476d42c5ae402a2392f1

      2. Martin Brinkmann said on April 10, 2018 at 8:31 pm
        Reply

        Thanks, fixed it. Please try again.

        1. Jay said on April 10, 2018 at 8:32 pm
          Reply

          Thanks, Martin. Sidebar: I have to change some of my Patreon “budget” and have added GHacks. This site is increasingly a go-to. These spreadsheets and coverage of the MS monthly updates are worth a lot in and of themselves!

        2. Martin Brinkmann said on April 10, 2018 at 8:33 pm
          Reply

          Thank you, I appreciate it. And thanks again for letting me know about the download issue.

    3. Anonymous said on April 10, 2018 at 9:04 pm
      Reply

      Great work as always, thank you for the direct download links. It would be nice if we could have links for the .NET Framework security updates too.

      1. Martin Brinkmann said on April 10, 2018 at 10:19 pm
        Reply

        Did Microsoft release security updates for .NET? Can’t seem to find information.

        1. Anonymous said on April 11, 2018 at 5:43 pm
          Reply

          with WSUS until 16/02/2018:
          Info: Downloaded/validated 1 statically defined updates for dotnet x64-glb
          16/02/2018 12:52:48,72 – Info: Downloaded/validated 1 statically defined updates for dotnet x64-glb
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/01/ndp46-kb3127233-x64_a82f88c2a6e6eaa3d772ea72b36870a064306fe5.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/ndp45-kb4014566-x64_95b57712424a36cac3fc2f27fcc12e4555a80afd.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/ndp46-kb4014552-x64_32e1c3af9a27962c93682fc66584803baa729782.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/ndp46-kb4014558-x64_900b63e9c928af1224ba91e4a0d0a14cceee92f6.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/04/ndp45-kb4014599-x64_f97a3de2f8ba2a800ffab4889f1619b5731a0ce2.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/04/ndp46-kb4014511-x64_beab62b7d633d8cc6a207f52348c1954eaee6a03.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/04/ndp46-kb4014588-x64_924a413d7b285b2e5fe24fa80429d9746dc09045.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/04/ndp46-kb4014591-x64_9bcdec650701d5e98aa21b47b50771817c9504df.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/09/ndp45-kb4040960-x64_49acc241ffd0fe529497060f2da2e1aa81d7f405.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/09/ndp46-kb4040957-x64_25f36953431af3abd007e23f44950bc9b46134d7.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2018/01/ndp45-kb4054995-x64_b2405486e4813c3a68d518788f350986ce99e532.exe
          http://download.windowsupdate.com/c/msdownload/update/software/secu/2018/01/ndp47-kb4055002-x64_6ede64fcd4922eaf426438e69ac6f8e28e185ea4.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2013/06/ndp35sp1-kb2840629-x64_8bceaa39f0da28e17ce593830f2b7abd94740228.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2013/08/ndp35sp1-kb2861697-x64_77cfad96c417bcce3f919e6a0e29d656f9d8adc1.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/08/ndp46-kb3074233-x64_acb14defc9bcf8d65d47cf231d803fa285ab7f4e.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/08/ndp46-kb3074554-x64_a72b5b0e0014d967f238f4c851895d6471711aa2.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/10/ndp46-kb3098001-x64_6bc91fb7a58eb2f089356c52e55404f43b97bf5a.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/10/ndp46-kb3098786-x64_a0d5008a7455c75f0a918a576816f8a095f190bf.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/12/ndp46-kb3122661-x64_a1fb6e829522dda110a53fdc29038696b626f948.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/04/ndp46-kb3136000-v2-x64_133bd44462f529c6ccf3c5243c9102768241d71b.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/04/ndp46-kb3142037-x64_67f2f8b134085f9b99f97b7021ac317b4f58a6e7.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/04/ndp46-kb3143693-x64_8c97eb25e1243581447bfc9d8d1c4a6a1e72daee.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/12/ndp46-kb3204805-x64_236ebaf61075f997d769b38224c02bf4c95942d9.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/01/ndp45-kb4054172-x64_7821613e8a1810a7a4f247cebb151573a4c01ec2.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/01/ndp47-kb4054183-x64_a022ad5109b1208dff502d1be4477668b4fa258d.exe
          http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/01/ndp47-kb4074880-x64_7614e045d68cf219949917b18194b0bc8ee2b007.exe
          http://download.windowsupdate.com/msdownload/update/software/crup/2009/01/ndp35sp1-kb958484-x64_e69006433c1006c53da651914dc8162bbdd80d41.exe
          http://download.windowsupdate.com/msdownload/update/software/secu/2012/03/ndp35sp1-kb2604111-x64_01fb9c1c60d9729d07977a7b142aab80ce9cc389.exe
          http://download.windowsupdate.com/msdownload/update/software/secu/2012/12/ndp35sp1-kb2736416-x64_d1d9b33957bba14e31988dfdaf4f5d3b13f37943.exe

    4. Paul(us) said on April 10, 2018 at 9:20 pm
      Reply

      Thanks, Martin, For guiding me Christal clear thru the 1498 Microsoft flavors of updates this mount again made so I could update to version 1709 (What a bummer that Windows pulled the spring update Windows 10 version 1803 build 17133) to build 16299.371.

      The total update did go quite fast (around 10 minutes) and the installing like a hot knife through hot butter. Hopefully, the next update ( will that be Windows 10 vrsn 1803 bld 17133? ) will go the same way. Any change that you know when the Windows 10 version 1803 build 17133 will go true?

    5. Anders said on April 10, 2018 at 9:20 pm
      Reply

      +1 on what Jay said! Your summary is almost priceless and saves us in the community a huge chunk of time – thank you so much. Just also became a Patreon supporter – please keep up the good work, much appreciated!

      1. Martin Brinkmann said on April 10, 2018 at 10:17 pm
        Reply

        Thank you Anders!

    6. Peter said on April 11, 2018 at 3:09 am
      Reply

      Updates ran alright on my two Windows 7 64 bit systems. When I ran Windows Update on the Windows 7 x86 system, it caused a bluescreen every time the computer tried to start.

      It brought me into startup repair, and ran through a few things (and restarting a few times). Each time it would blue screen, and eventually just said that it couldn’t repair it (and would I like to send the report to Microsoft). I ran system restore to get it back up and running.

      I think it’s KB4093118 causing the trouble.

      This system didn’t get the March security updates due to Microsoft pulling them for x86. The March update still doesn’t appear as an option in Windows Update.

      1. TelV said on April 11, 2018 at 8:10 pm
        Reply

        Maybe try installing the Security Only update manually Peter. It’s only 14MB compared to the monthly quality rollup which is 130MB: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4093108

    7. Dave said on April 11, 2018 at 4:59 am
      Reply

      I got the new style update notice for this one that I thought was coming in the spring update.

      “Windows is a service, updates are normal, don’t worry”

      This is the first update I actually received “automatically” with out any user input for a long time.

    8. kanade said on April 11, 2018 at 7:06 pm
      Reply

      Is KB4100480 (https://support.microsoft.com/en-us/help/4100480/windows-kernel-update-for-cve-2018-1038) included in this month’s security update?

      After installing KB4093108, the above kernel update is missing from my Windows update list .

    9. TelV said on April 11, 2018 at 8:02 pm
      Reply

      My thanks also for all the hard work Martin.

      One thing I noticed especially this month was the difference in size between the security only installation for Windows 8.1 namely KB4093115 which was 16.3MB and its big brother, KB4093114 which is the quality rollup version weighing in at 321MB no less. Makes you wonder how much telemetry junkware M$ packed into that.

    10. psyherin said on April 12, 2018 at 4:26 am
      Reply

      KB4093118 doesnt seem to appear under windows update for all windows 2008 R2 servers

    11. Kris Reach said on April 12, 2018 at 3:52 pm
      Reply

      I had a bunch of our computers lose internet connectivity after this patch on April 10th. Did anyone else experience that?

    12. Jonny said on April 12, 2018 at 4:03 pm
      Reply

      For those of you that are still running Windows 2008 SP2
      Description of the security update for the Windows Remote Desktop Protocol (RDP) denial of service vulnerability in Windows Server 2008: April 10, 2018
      https://support.microsoft.com/en-sg/help/4093227/security-update-for-vulnerabilities-in-windows-server-2008
      breaks Smart Card login in a Remote Desktop Session

    13. Kira said on April 17, 2018 at 7:39 pm
      Reply

      Both KB4093110 and KB4089848 aren’t recognized as being installed & my laptop keeps restarting (thinks it needs to restart to complete installations). How do I have them as being recognized so my laptop stops restarting ?

    Leave a Reply