Microsoft Windows Security Updates April 2018 release overview

Martin Brinkmann
Apr 10, 2018
Updated • May 8, 2018
Microsoft
|
22

Welcome to our monthly overview of Microsoft's Windows security updates. We provide you with full details of all released security and non-security updates for Windows and other Microsoft products.

Check out the executive summary at the top if you are in a hurry, or go through the list of released updates and click on the links that point to Microsoft's Knowledgebase to look up additional information.

The overview includes the vulnerability distribution per client and server operating system, as well as for Edge and Internet Explorer, the list of patches, download information, and information about Microsoft Office and security advisories.

Microsoft planned to release the Windows 10 Spring Creators Update, version 1803 today, but it appears that the release has been delayed.

Microsoft Windows Security Updates April 2018

You may download the following Excel spreadsheet that lists all published security updates for all Microsoft products on the April 2018 Patch day: Windows Security Updates April 2018

Executive Summary

  • Microsoft released security updates for all supported client and server versions of the Windows operating system.
  • All client and server versions of Windows are affected by critical vulnerabilities.
  • Other Microsoft products with patches are: Internet Explorer, Microsoft Office, Microsoft Edge, Adobe Flash Player, Microsoft Visual Studio, Microsoft Azure IoT SDK, ChakraCore
  • Microsoft lifted the update block restriction for Windows 7, Windows 8.1 and server variants on devices without HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc Registry setting.

Operating System Distribution

  • Windows 7: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
  • Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 1 moderate and 16 important
  • Windows 10 version 1607: 25 vulnerabilities of which 6 are rated critical and 19 important
  • Windows 10 version 1703: 28 vulnerabilities of which 6 are rated critical and 22 important
  • Windows 10 version 1709: 28 vulnerabilities of which 6 are rated critical and 22 important

Windows Server products

  • Windows Server 2008 R2: 21 vulnerabilities of which 6 are rated critical, 1 moderate and 14 important
  • Windows Server 2012 and 2012 R2: 23 vulnerabilities which 6 are rated critical, 1 moderate and 16 important
  • Windows Server 2016: 27 vulnerabilities of which 6 are rated critical, 1 moderate and 20 important

Other Microsoft Products

  • Internet Explorer 11: 13 vulnerabilities, 8 critical, 5 important
  • Microsoft Edge: 10 vulnerabilities, 8 critical, 2 important

Windows Security Updates

Microsoft released an update for the Microsoft Malware Protection Engine on April 3, 2018.

KB4093112 -- Windows 10 version 1709

  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs).
  • Access violation issue in Internet Explorer.
  • Enterprise Mode redirect issue in IE and Edge.
  • SVG access violation issue when under high load in Internet Explorer.
  • Updated time zone information issues.
  • App-V service may stop working on RDS servers that host many users.
  • User accounts locking issue when moving apps to a shared platform using App-V.
  • ActiveX content printing issue in Internet Explorer.
  • Addresses an issue that causes document.execCommand("copy") to always return False in Internet Explorer.
  • Internet Explorer did not identify custom controls correctly in some instances.
  • Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.

KB4093107 -- Windows 10 version 1703

  • Same as KB4093112

KB4093119 -- Windows 10 version 1607

  • Same as KB4093112

KB4093108 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 -- Security Only

  • Lifted blocking of updates via Windows Update and WSUS if "antivirus compatibility" Registry key was not set.
  • Stop error when the update from previous month was applied on 32-bit systems with PAE mode disabled.
  • Kernel reliability improvements.
  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.

KB4093115 -- Windows 8.1 and Windows Server 2012 R2

  • Lifted blocking of updates via Windows Update and WSUS if "antivirus compatibility" Registry key was not set.
  • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel , and Windows app platform and frameworks.

KB4093114 -- Windows 8.1 and Windows Server 2012 R2

  • ActiveX printing issue in IE.
  • SVG rendering issue causing high load issue in IE.
  • Custom controls identifying issue in IE.
  • and all of KB4093115.

KB4093118 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 -- Monthly Rollup

  • ActiveX printing issue in Internet Explorer
  • SVG high load rendering issue in Internet Explorer.
  • Issue with identifying custom controls in IE.
  • and all updates of KB4093108

KB4093110 -- Security update for Adobe Flash Player: April 10, 2018

KB4091756 -- Windows XP Embedded and Windows Server 2008 -- Denial of Server vulnerability

KB4092946 -- Cumulative Security Update for Internet Explorer

KB4093108 -- Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4093118 -- Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4093123 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4093122 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4093109 -- Cumulative Security Update for Windows 10 Version 1511

KB4093111 -- Cumulative Security Update for Windows 10

KB4093223 -- Security Update for Windows Server 2008 and Windows XP Embedded -- Patches Microsoft graphics remote code execution issue.

KB4093224 -- Security Update for Windows Server 2008 and Windows XP Embedded -- Fixes Microsoft graphics component denial of service vulnerability.

KB4093227 -- Security Update for Windows Server 2008 -- security update for the Windows Remote Desktop Protocol (RDP) denial of service vulnerability

KB4093257 -- Security Update Windows Server 2008 and Windows XP Embedded -- patches a buffer overflow vulnerability in the Microsoft JET Database engine and an elevation of privilege vulnerability in Windows Adobe Type Manager Font Driver.

KB4093478 -- Security Update for Windows Server 2008 -- patches information disclosure vulnerability.

KB4101864 -- Security Update for WES09 and POSReady 2009 for x86-based Systems

Known Issues

Windows 10 version 1709

Windows Update History reports that updates did not install because of 0x80070643 even though they did install.

Windows 7 and Windows Server 2008 R2

  • SMB Servers may leak memory
  • Stop error on PCs that don't support SIMD or SSE2

Security advisories and updates

ADV180007 -- April 2018 Adobe Flash Security Update

Non-security related updates

KB4089848 for Windows 10 version 1709 -- non security update that fixes lots of issues.

KB4093137 -- Update for Windows 10 Version 1607 -- Servicing stack update for Windows 10, version 1607

KB4093430 -- Update for Windows 10 Version 1507 --Servicing stack update for Windows 10, version 1507

KB4093432 -- Update for Windows 10 Version 1703 -- Servicing stack update for Windows 10, version 1703

KB4099989 -- Windows 10 Version 1709 -- Servicing stack update for Windows 10, version 1709

KB890830 -- Windows Malicious Software Removal Tool

Microsoft Office Updates

Office 2016

KB4018337 -- Excel 2016: security update that patches a remote code execution vulnerability and includes non-security improvements.

KB4011628 -- Office 2016: patches remote code execution vulnerability

KB4018319 -- Office 2016: patches remote code execution vulnerability and includes non-security improvements

KB4018328 -- Office 2016: patches remote code execution vulnerability and includes non-security improvements.

KB4018339 -- Word 2016: patches remote code execution vulnerability and includes non-security improvements.

KB4011667 -- Office 2016: fixes crash that occurs when adding an account that has already signed in.

KB4018322 -- Office 2016: blocks minors from running or obtaining add-ins without parental consent from the online store, and adds translation for the message why an Office add-on cannot be loaded.

KB4018329 -- Office 2016: update for Office 2016 Language Interface Pack.

KB4018326 -- Outlook 2016: adds support for Sync Slider, improves some translations, an issue with favorite folders disappearing under certain circumstances, and an issue where the recipients name may be removed from the recipient list if it matches the sender's display name.

KB4011726 -- PowerPoint 2016: adds help message for Microsoft Equation 3.0 and translation of the message that informs about the end of support for Microsoft Equation 3.0.

KB4018320 -- Project 2016:  fixes a Project opening issue that results in the error message "Sorry, we were unable to open your project. Please try again. If this happens again, contact your administrator.". Fixes a crash furthermore, an issue with Change Working Time dialog boxes, and introduces new information to projects saved in XML format.

Tip: you can restore simple saving by setting SimpleXmlexport to the value of 1 in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\MS Project\Options\Save\

KB4018323 -- Skype for Business 2016 update.

Office 2013

KB4018347 -- Word 2013: patches remote code execution and includes non-security improvements.

KB4018350 -- Excel 2013: patches remote code execution vulnerability and includes non-security improvements.

KB4018330 -- Office 2013: patches remote code execution vulnerability and includes non-security fixes.

KB4018288 -- Office 2013: Patches remote code execution vulnerability

KB3178636 -- Office 2013: fixes a crash in Outlook 2013 when opening messages that contain byte-order mark or zero-width non-breaking space characters in the body.

KB4018333 -- Office 2013: adds translations of messages that inform users why an Office add-in could not be loaded. Also, minors require parental consent to obtain or run add-ins from the online store.

KB4018303 -- Outlook 2013: fixes a crash in Outlook, custom forms with Visual Basic Script issue in shared calendars, sent emails appearing in the wrong Sent Items folder, and authentication prompt that were locked behind the main Outlook window.

KB4018289 -- Powerpoint 2013: same as KB4011726

KB4018335 -- Project 2013: same as KB4018320

KB4018334 -- Skype for Business 2015 update.

Office 2010

KB4018362 -- Excel 2010 security update

KB4018359 -- Word 2010 security update

KB4018357 -- Office 2013 security update

KB4018311 -- Office 2013 security update

KB2965234 -- PowerPoint 2010: Adds "appropriate help message" for Microsoft Equation 3.0.

KB4018312 -- same as KB2965234 but for PowerPoint Viewer.

KB3128038 -- Project 2010: adds new information to saved projects in XML format including name of views, tables, filters, groups, and more.

KB4018317 -- Outlook 2010: custom forms with Visual Basic Script doesn't run in shared calendars.

Update: Microsoft did release patches for Office 2007, SharePoint Server 2016, SharePoint Server 2013, Project Server 2013, and SharePoint Foundation 2013, and SharePoint Server 2013 as well.

How to download and install the April 2018 security updates

windows updates april 2018

Microsoft distributes updates via Windows Update to consumer systems. All versions of Windows are configured to check for, download and install important updates when they are published.

You may run a manual check for updates to pick up the updates as early as possible as the update checking does not happen in realtime.

  1. Tap on the Windows-key to open the Start Menu.
  2. Type Windows Updates and select the result.
  3. Click on the "check for updates" button if the update check is not run automatically.

Windows runs a check for updates and will download and install those it finds automatically.

Note: It is recommended that you create a backup of the system before you install updates as they may break things.

Direct update downloads

Updates for all supported versions of Windows may also be downloaded from the Microsoft Update Catalog website. Just click on the direct links below to do so.

Windows 7 SP1 and Windows Server 2008 R2 SP

  •  KB4093118— 2018-04 Security Monthly Quality Rollup for Windows 7
  •  KB4093108— 2018-04 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  •  KB4093114— 2018-04 Security Monthly Quality Rollup for Windows 8.1
  •   KB4093115— 2018-04 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  •  KB4093119— 2018-04 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4093107 — 2018-04 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4093112 — 2018-04 Cumulative Update for Windows 10 Version 1709

Additional resources

 

Summary
Microsoft Windows Security Updates April 2018 release overview
Article Name
Microsoft Windows Security Updates April 2018 release overview
Description
Welcome to our monthly overview of Microsoft's Windows security updates. We provide you with full details of all released security and non-security updates for Windows and other Microsoft products.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Some Dude said on March 19, 2023 at 11:42 am
    Reply

    Are these articles AI generated?

    Now the duplicates are more obvious.

    1. boris said on March 19, 2023 at 11:48 pm
      Reply

      This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.

  2. Paul(us) said on March 20, 2023 at 1:32 am
    Reply

    Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
    1.) Excel Keyboard Shortcuts by Trevor Monteiro.
    2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro

    Why oh why?

    1. Clairvaux said on September 6, 2023 at 11:30 am
      Reply

      Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?

  3. John G. said on August 18, 2023 at 4:36 pm
    Reply

    Probably they will announce that the taskbar will be placed at top, right or left, at your will.

    Special event by they is a special crap for us.

  4. yanta said on August 18, 2023 at 11:59 pm
    Reply

    If it’s Microsoft, don’t buy it.
    Better brands at better prices elsewhere.

  5. John G. said on August 20, 2023 at 4:22 am
    Reply

    All new articles have zero count comments. :S

  6. Anonymous said on September 5, 2023 at 7:48 am
    Reply

    WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
    It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage

    I have O365 until end of this year, mostly for onedrive and probably will jump into google one

  7. St Albans Digital Printing Inc said on September 5, 2023 at 11:53 am
    Reply

    Photo storage must be kept free because customers chose gadgets just for photos and photos only.

  8. Anonymous said on September 5, 2023 at 12:47 pm
    Reply

    What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?

    1. GG said on September 6, 2023 at 8:24 am
      Reply

      Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.

      I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.

      And now that they discovered what poor management results in do they go back and do the album feature properly?

      Nope, just charge the customer twice.

      Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.

  9. d3x said on September 5, 2023 at 7:33 pm
    Reply

    When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?

  10. Scroogled said on September 5, 2023 at 10:47 pm
    Reply

    Instead of a software company, Microsoft is now a fraud company.

  11. ard said on September 7, 2023 at 4:59 pm
    Reply

    For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
    quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
    unquote

    so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.

  12. Andy Prough said on September 7, 2023 at 6:52 pm
    Reply

    >”Now You: what is your theory?”

    That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.

    Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.

  13. TelV said on September 8, 2023 at 12:04 pm
    Reply

    Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.

  14. Anonymous said on September 18, 2023 at 1:23 pm
    Reply

    The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.