Microsoft Windows Security Updates October 2018 release overview

Martin Brinkmann
Oct 9, 2018
Updated • Oct 9, 2018
Companies, Microsoft
|
10

Microsoft released security updates for all versions of Microsoft Windows, Microsoft Office, and other company products on the October 2018 Patch Day.

October has been quite the busy month for Microsoft so far. The company released the October 2018 Update for Windows 10 on October 2 but had to pause the distribution after user reports emerged that user files could be deleted during the upgrade to the new version.

Microsoft addressed the issue, or part of it, in KB4464330 for Windows 10 version 1809 it seems. The company has not updated the KB article for Windows 10 version 1809 so it is possible that the issue is not fixed fully.

The detailed overview provides system administrators and home users with information about released updates, known issues, links to support pages and other resources, and download instructions.

Note: We recommend to create backups of any system that you want to install updates. While updates usually install fine, last year has shown that updates may break things or delete important apps or files.

Microsoft Windows Security Updates October 2018

Download the following Excel spreadsheet that contains a list of all security updates that Microsoft released for company products on the October 2018 Patch Day: microsoft-windows-october-2018-updates.zip

Executive Summary

  • Microsoft released security updates for all client and server versions of Windows that it supports.
  • The company released security updates for other products such as Internet Explorer, Microsoft Edge, Microsoft Exchange Server, and Microsoft Office.
  • Windows 7 and Windows Server 2008 R2 PCs require the Servicing Stack Update 3177467 prior to installation of the October 2018 updates.

Operating System Distribution

  • Windows 7: 13 vulnerabilities of which 2 are critical and 11 are important.
  • Windows 8.1: 14 vulnerabilities of which 2 are critical and 12 are important.
  • Windows 10 version 1607: 19 vulnerabilities of which 3 are critical and 16 are important.
  • Windows 10 version 1703: 18 vulnerabilities of which 3 are critical and 15 are important.
  • Windows 10 version 1709: 20 vulnerabilities of which 3 are critical and 17 are important.
  • Windows 10 version 1803: 20 vulnerabilities of which 2 are critical and 18 are important.
  • Windows 10 version 1809: 19 vulnerabilities of which 3 are critical and 16 are important.

Windows Server products

  • Windows Server 2008 R2: 14 vulnerabilities of which 2 are critical and 12 are important.
  • Windows Server 2012 R2: 15 vulnerabilities of which 2 are critical and 13 are important.
  • Windows Server 2016: 19 vulnerabilities of which 3 are critical and 16 are important.
  • Windows Server 2019: 19 vulnerabilities of which 3 are critical and 16 are important.

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities, 2 critical
  • Microsoft Edge: 9 vulnerabilities, 6 critical, 2 important, 1 low

Windows Security Updates

KB4464330 -- Windows 10, version 1809

  • Security updates to Windows Kernel, Microsoft Graphics Component, Microsoft Scripting Engine, Internet Explorer, Windows Storage and Filesystems, Windows Linux, Windows Wireless Networking, Windows MSXML, the Microsoft JET Database Engine, Windows Peripherals, Microsoft Edge, Windows Media Player, and Internet Explorer.
  • Addresses an issue affecting group policy expiration where an incorrect timing calculation may prematurely remove profiles on devices subject to the "Delete user profiles older than a specified number of day.”

KB4462919 -- Windows 10, version 1803

  • Security updates to Internet Explorer, Windows Media Player, Microsoft Graphics Component, Windows Peripherals, Windows Shell, Windows Kernel, Windows Datacenter Networking, Windows Storage and Filesystems, Microsoft Edge, Microsoft Scripting Engine, Windows Linux, and the Microsoft JET Database Engine.

KB4462918 -- Windows 10, version 1709

  • Security updates to Internet Explorer, Windows Media Player, Microsoft Graphics Component, Windows Shell, Windows Kernel, Windows Datacenter Networking, Windows Storage and Filesystems, Microsoft Scripting Engine, and the Microsoft JET Database Engine .

KB4462937 -- Windows 10, version 1703

  • Security updates to Internet Explorer, Windows Media Player, Microsoft Graphics Component, Microsoft Edge, Windows Kernel, Windows Storage and Filesystems, and Microsoft Scripting Engine.

KB4462917 -- Windows 10, version 1607 and Windows Server 2016

  • Security updates to Internet Explorer, Windows Media Player, Microsoft Graphics Component, Microsoft Edge, Windows Kernel, Windows Datacenter Networking, Microsoft Scripting Engine, Microsoft JET Database Engine, and Windows Storage and Filesystems.

KB4462926 -- Windows 8.1 and Windows Server 2012 R2 Monthly Rollup

  • Security updates to Windows Media Player, Microsoft Graphics Component, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Kernel, and Microsoft JET Database Engine.

KB4462941 -- Windows 8.1 and Windows Server 2012 R2 Security-only update

  • Addresses an issue in which all guest virtual machines running Unicast NLB fail to respond to NLB requests after the virtual machines restart.
  • Same as KB4462926

KB4462923 -- Windows 7 Service Pack 1 and Windows Server 2008 R2 Monthly Rollup

and

KB4463104 -- Security Only Quality Update for Windows Server 2008

  • Security updates to Windows Media Player, Windows Graphics, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Kernel, and the Microsoft JET Database Engine.

KB4462915 -- Windows 7 Service Pack 1 and Windows Server 2008 R2 Security-only update

and

KB4463097 -- Security Monthly Quality Rollup for Windows Server 2008

  • Addresses an issue in which all guest virtual machines running Unicast NLB fail to respond to NLB requests after the virtual machines restart.
  • Same as KB4462923

KB4462949 -- Cumulative security update for Internet Explorer: October 09, 2018

KB4458008 -- Windows Embedded POSReady 2009 and Windows Embedded Standard

  • Remote Code Execution vulnerability in the Microsoft XML Core Services parser.

KB4462935 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009

  • Elevation of Privilege vulnerability in Filter Manager.

KB4462987 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009

  • Remove Code Execution vulnerability in Microsoft Graphics Components.

KB4463103 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009

  • Elevation of Privilege vulnerability in Windows Kernel.

KB4463361 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2000

  • Information Disclosure Vulnerability in the Windows Graphics Device Interface.

KB4463545 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009

  • Elevation of Privilege vulnerability in the Win32k component.

KB4463573 -- Windows Embedded POSReady 2009 and Windows Embedded Standard 2009

  • Remote Code Execution vulnerability in the Microsoft JET Database Engine.

KB3177467 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1

KB4465477 -- Servicing stack update for Windows 10, version 1809

Notes

Known Issues

Windows 10, version 1607 and Windows Server 2016

The installation of Windows Server 2019 Key Management Service host keys on Windows Server 2016 Key Management Service hosts does not work. Microsoft is working on a resolution.

Windows 7 SP1 and Windows Server 2008 R2

Network interface controller may stop working. Workarounds are to either install the driver for the network device or automatically rediscover it in the Device Manager.

Microsoft Exchange Server 2013

Files are not updated correctly if the update is installed without elevated privileges. Some services, Outlook Web Access or Exchange Control Panel, may stop working. To avoid or fix, right-click on the update and select "run as administrator".

Security advisories and updates

ADV180026 | Microsoft Office Defense in Depth Update

Non-security related updates

KB4465065 --Windows 10 version 1809

KB4100347 -- Windows 10 version 1803

  • Intel microcode updates

KB4459502 -- Windows 10 version 1803

  • Compatibility update for upgrading to Windows 10, version 1803

KB4090007 -- Windows 10 version 1709

  • Intel microcode updates

KB4091663 -- Windows 10 version 1703

  • Intel microcode updates

KB4091664 -- Update for Windows Server 2019, Windows 10 Version 1809, Windows Server Version 1803, Windows 10 Version 1803, Windows Server 2016, Windows Server Version 1709, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, and Windows 10

  • Intel microcode updates

KB4462930 -- Update for Adobe Flash Player

KB4459922 -- Security and Quality Rollup updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP

KB4459923 -- Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012

KB4459924 -- Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2

KB4459925 -- Security and Quality Rollup for .NET Framework 2.0 on Windows Server 2008

KB890830 -- Windows Malicious Software Removal Tool - October 2018

KB4458469 -- Windows 10, version 1803

  • See our coverage of the update here.

KB4457136 -- Windows 10, version 1709

  • See our coverage of the update here.

KB4457141 -- Windows 10, version 1703

  • See our coverage of the update here.

KB4464218 -- Windows 10, version 1803

  • Fixed a Microsoft Intune issue.

KB4464217 -- Windows 10, version 1709

  • Fixed a Microsoft Intune issue.

Microsoft Office Updates

Check out our overview of non-security updates for Office that Microsoft released here. Below are only the security updates for Office released in October 2018.

Office 2016

KB4461448 for Excel 2016 -- Fixes a remote code execution vulnerability in Excel 2016, a freeze issue when clicking on the Show Details command, and a Unicode IVS character display issue.

KB4461437 for Office 2016 -- Fixes a remote code execution issue in Office, updates Irish Gaelic translation for OneNote 2016, fixes a non-recurring meeting turning into a recurring meeting issue, and addresses the Unicode issue described above as well.

KB4461440 for Outlook 2016 -- Resolves several vulnerabilities in Outlook 2016 described in ADV180026. Includes a huge number of non-security improvements and fixes.

KB4461434 for PowerPoint 2016 -- Fixes a remote code execution vulnerability in PowerPoint 2016.

KB4461449 for Word 2016 -- Fixes a remote code execution vulnerability.

Office 2013

KB4461460 for Excel 2013

KB4461445 for Office 2013

KB4092477 for Outlook 2013

KB4092453 for PowerPoint 2013

KB4461457 for Word 2013

All address a remote code execution vulnerability. The Outlook 2013 update includes other non-security changes.

Office 2010

KB4461466 for Excel 2010

KB4092483 for Office 2010

KB4092437 for Office 2010

KB4227170 for Outlook 2010

KB4092482 for PowerPoint 2010

KB4092439 for Word 2010

All address a remote code execution vulnerability.

See other Office products with security updates here.

How to download and install the October 2018 security updates

windows security updates october 2018

The October 2018 updates for Windows and products integrated into Windows are made available via Windows Update and the Microsoft Update Catalog website for home users, and services such as WSUS for organizations and Enterprise customers.

Windows Update is configured to run update checks regularly and to download and install these updates automatically. The checks are made frequently but not in real-time.

Users who want to download the updates as soon as possible may run manual update checks in the following way (create a backup):

  1. Open the Start menu.
  2. Type Windows Update.
  3. Select the Windows Update result.
  4. Click on "check for updates" to run the check.

Direct update downloads

All cumulative updates for supported versions of Windows are also provided as direct downloads from Microsoft's Download Center site.

Windows 7 SP1 and Windows Server 2008 R2 SP

  •  KB4462923 -- 2018-10 Security Monthly Quality Rollup for Windows 7
  •  KB4462915 — 2018-10 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4462926 — 2018-10 Security Monthly Quality Rollup for Windows 8.1
  • KB4462941  — 2018-10 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  • KB4462917 — 2018-10 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

  •  KB4462937 — 2018-10 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  •  KB4462918 — 2018-10 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  •  KB4462919 — 2018-10 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1803)

  • KB4464330 — 2018-10 Cumulative Update for Windows 10 Version 1809

Additional resources

Summary
Microsoft Windows Security Updates October 2018 release overview
Article Name
Microsoft Windows Security Updates October 2018 release overview
Description
Microsoft released security updates for all versions of Microsoft Windows, Microsoft Office, and other company products on the October 2018 Patch Day.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

    1. E. Fromme said on September 29, 2023 at 1:32 pm
      Reply

      EMRE ÇITAK posts are useless because they are fraught with inaccuracies and are irrelevant.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

  9. sean conner said on September 27, 2023 at 6:21 am
    Reply

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.