Microsoft released security updates for all versions of Microsoft Windows, Microsoft Office, and other company products on the October 2018 Patch Day.
October has been quite the busy month for Microsoft so far. The company released the October 2018 Update for Windows 10 on October 2 but had to pause the distribution after user reports emerged that user files could be deleted during the upgrade to the new version.
Microsoft addressed the issue, or part of it, in KB4464330 for Windows 10 version 1809 it seems. The company has not updated the KB article for Windows 10 version 1809 so it is possible that the issue is not fixed fully.
The detailed overview provides system administrators and home users with information about released updates, known issues, links to support pages and other resources, and download instructions.
Note: We recommend to create backups of any system that you want to install updates. While updates usually install fine, last year has shown that updates may break things or delete important apps or files.
Download the following Excel spreadsheet that contains a list of all security updates that Microsoft released for company products on the October 2018 Patch Day: microsoft-windows-october-2018-updates.zip
Windows Server products
Other Microsoft Products
KB4464330 -- Windows 10, version 1809
KB4462919 -- Windows 10, version 1803
KB4462918 -- Windows 10, version 1709
KB4462937 -- Windows 10, version 1703
KB4462917 -- Windows 10, version 1607 and Windows Server 2016
KB4462926 -- Windows 8.1 and Windows Server 2012 R2 Monthly Rollup
KB4462941 -- Windows 8.1 and Windows Server 2012 R2 Security-only update
KB4462923 -- Windows 7 Service Pack 1 and Windows Server 2008 R2 Monthly Rollup
and
KB4463104 -- Security Only Quality Update for Windows Server 2008
KB4462915 -- Windows 7 Service Pack 1 and Windows Server 2008 R2 Security-only update
and
KB4463097 -- Security Monthly Quality Rollup for Windows Server 2008
KB4462949 -- Cumulative security update for Internet Explorer: October 09, 2018
KB4458008 -- Windows Embedded POSReady 2009 and Windows Embedded Standard
KB4462935 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009
KB4462987 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009
KB4463103 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009
KB4463361 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2000
KB4463545 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009
KB4463573 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009
KB3177467 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1
KB4465477 -- Servicing stack update for Windows 10, version 1809
Windows 10, version 1607 and Windows Server 2016
The installation of Windows Server 2019 Key Management Service host keys on Windows Server 2016 Key Management Service hosts does not work. Microsoft is working on a resolution.
Windows 7 SP1 and Windows Server 2008 R2
Network interface controller may stop working. Workarounds are to either install the driver for the network device or automatically rediscover it in the Device Manager.
Microsoft Exchange Server 2013
Files are not updated correctly if the update is installed without elevated privileges. Some services, Outlook Web Access or Exchange Control Panel, may stop working. To avoid or fix, right-click on the update and select "run as administrator".
ADV180026 | Microsoft Office Defense in Depth Update
KB4465065 --Windows 10 version 1809
KB4100347 -- Windows 10 version 1803
KB4459502 -- Windows 10 version 1803
KB4090007 -- Windows 10 version 1709
KB4091663 -- Windows 10 version 1703
KB4091664 -- Update for Windows Server 2019, Windows 10 Version 1809, Windows Server Version 1803, Windows 10 Version 1803, Windows Server 2016, Windows Server Version 1709, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, and Windows 10
KB4462930 -- Update for Adobe Flash Player
KB4459922 -- Security and Quality Rollup updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP
KB4459923 -- Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012
KB4459924 -- Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2
KB4459925 -- Security and Quality Rollup for .NET Framework 2.0 on Windows Server 2008
KB890830 -- Windows Malicious Software Removal Tool - October 2018
KB4458469 -- Windows 10, version 1803
KB4457136 -- Windows 10, version 1709
KB4457141 -- Windows 10, version 1703
KB4464218 -- Windows 10, version 1803
KB4464217 -- Windows 10, version 1709
Check out our overview of non-security updates for Office that Microsoft released here. Below are only the security updates for Office released in October 2018.
Office 2016
KB4461448 for Excel 2016 -- Fixes a remote code execution vulnerability in Excel 2016, a freeze issue when clicking on the Show Details command, and a Unicode IVS character display issue.
KB4461437 for Office 2016 -- Fixes a remote code execution issue in Office, updates Irish Gaelic translation for OneNote 2016, fixes a non-recurring meeting turning into a recurring meeting issue, and addresses the Unicode issue described above as well.
KB4461440 for Outlook 2016 -- Resolves several vulnerabilities in Outlook 2016 described in ADV180026. Includes a huge number of non-security improvements and fixes.
KB4461434 for PowerPoint 2016 -- Fixes a remote code execution vulnerability in PowerPoint 2016.
KB4461449 for Word 2016 -- Fixes a remote code execution vulnerability.
Office 2013
KB4461460 for Excel 2013
KB4461445 for Office 2013
KB4092477 for Outlook 2013
KB4092453 for PowerPoint 2013
KB4461457 for Word 2013
All address a remote code execution vulnerability. The Outlook 2013 update includes other non-security changes.
Office 2010
KB4461466 for Excel 2010
KB4092483 for Office 2010
KB4092437 for Office 2010
KB4227170 for Outlook 2010
KB4092482 for PowerPoint 2010
KB4092439 for Word 2010
All address a remote code execution vulnerability.
See other Office products with security updates here.
The October 2018 updates for Windows and products integrated into Windows are made available via Windows Update and the Microsoft Update Catalog website for home users, and services such as WSUS for organizations and Enterprise customers.
Windows Update is configured to run update checks regularly and to download and install these updates automatically. The checks are made frequently but not in real-time.
Users who want to download the updates as soon as possible may run manual update checks in the following way (create a backup):
All cumulative updates for supported versions of Windows are also provided as direct downloads from Microsoft's Download Center site.
Windows 7 SP1 and Windows Server 2008 R2 SP
Windows 8.1 and Windows Server 2012 R2
Windows 10 and Windows Server 2016 (version 1607)
Windows 10 (version 1703)
Windows 10 (version 1709)
Windows 10 (version 1803)
Windows 10 (version 1803)
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
Thanks, Martin for your 2018-10-09 – M.s.® Windows security updates October 2018 release overview and explanations of what is offered this month.
Personly when I was updating from version 1803 release 13134.285 to the version 1803. release 17134.345 the first incoming update Kb4462919 directly (without downloading and installing the other updates like KB890830, KB 4462930 and others) tried to implement himself and restart the system. By doing so the update did not take and the system restored himself tot main previous version 1803 release 13134.285.
My second update attempt did go much better and al main seven new updates were picked up by main system downloaded and implement.
Why do I feel so INSECURE about Microsoft updates of any kind?
I think it’s time for another full backup.
Anybody knows when Microsoft is expecting to fix “Action Center” bug introduced in version 1803?
Hey Martin,
New WPD 1.2.938 is out! please make a reference in you site
WPD has been bumped-up to version 1.2.940.
Well, this is interesting. According to the .NET blog, there are no new security patches in this month’s update: https://blogs.msdn.microsoft.com/dotnet/2018/10/09/net-framework-october-2018-security-and-quality-rollup/
The total package for Windows 8.1 x64 is 150MB according to the MS Catalog site https://www.catalog.update.microsoft.com/Search.aspx?q=KB4459924.
How much of that is telemetry crap I wonder. Anyway, to split them up:
* .NET Framework 3.5 = KB4457009
* .NET Framework 4.5.2 = KB4457017
* .NET Framework 4.6 upwards = KB4457015
Theoretically, you can skip the updates altogether if all you want are security patches. :)
Thanks a lot for the excellent summary !!!
Looks like some more mishaps in the works. Bleeping Computer reports that HP systems are suffering BSODs caused by a keyboard filter driver called HpqKbFiltr.sys which needs to be renamed otherwise the machine won’t boot: https://www.bleepingcomputer.com/news/microsoft/hp-pcs-getting-wdf-violation-bsod-after-installing-windows-10-updates/
…Just a reminder, MS is still posting monthly security updates for Windows Server 2008 SP2 (and this also works on old legacy Vista computers) for those still running legacy systems…
https://www.catalog.update.microsoft.com/Search.aspx?q=server+2008+security+x86
FYI…
in SCCM, what product category do select to see the .NET updates for Windows Server 2016?