New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Patch Tuesday — May 2018

This month, the Windows 10 April 2018 Update finally drops, although some Intel SSDs don’t seem to be happy about it, and a zero-day vulnerability is being exploited in the wild.

Windows 10 April 2018 Update

April’s Patch Tuesday was supposed to see the release of the Windows 10 April 2018 Update, or version 1803 as it is otherwise known. But as I reported last month, that didn’t happen because of a last-minute blocking bug. Microsoft decided to release another build (17134) to Insiders rather than release a cumulative update for build 17133, which was previously thought to have been the version that would be released to the masses.

Microsoft officially announced the Windows 10 April 2018 Update on April 27^th and made it available for download a few days later on April 30^th. The update was made more widely available on May 8^th via Windows Update. Timeline is the only major new feature in the update and it is part of Windows 10 Task View (WIN+TAB). Timeline is part of Project Rome, a set of APIs and features intended to drive deeper engagement by bringing together apps, people, and cloud services across different platforms. Other improvements in the update include Near Share, Focus Assist, enhancements to Microsoft Edge, including Service Workers for Progress Web Apps (PWAs), and improvements to Cortana.

For more information on Project Rome and Timeline, see Project Rome and Windows 10 Timeline on Petri.

Intel SSDs Stumble on April Update

On May 8^th, Microsoft acknowledged a problem with installing the April 2018 update on devices with Intel SSD 600p Series and Pro 6000p Series drives. Microsoft is blocking the update for devices with these drives. An update to fix the issue is expected by next month’s Patch Tuesday.

There are also reports of problems with Toshiba XG4 Series, Toshiba XG5 Series, and Toshiba BG3 Series SSDs causing battery performance issues. There hasn’t been an official announcement yet but according to a post on the Microsoft Answers forum:

“Microsoft is working with OEM partners and Toshiba to identify and block devices with Toshiba XG5 Series or Toshiba BG3 Series solid state disk (SSD) from installing the April 2018 Update due to a known incompatibility that may cause battery performance issues.”

Finally, if you use the PowerShell Integrated Scripting Environment (ISE), IntelliSense dropdowns and snippets are broken and CTRL+SPACE causes the ISE to crash. A fix is expected by the end of May.

Windows

This month’s update for Windows 10 for x64-based Systems (version 1709) patches forty-three vulnerabilities in total. Most of the vulnerabilities affect Microsoft Edge and Internet Explorer. There’s one patch for Adobe Flash and two vulnerabilities in the .NET Framework. Eight of the vulnerabilities are elevation of privilege, seven information disclosure, twenty remote code execution, and seven security feature bypass. Seventeen of the remote code execution vulnerabilities have a severity rating of ‘critical’. Microsoft says that remote code execution vulnerability CVE-2018-8174 is already being exploited and should be patched as soon as possible.

Windows 7 SP1 for x64-based systems gets patches for 19 vulnerabilities. Six elevation of privilege, three information disclosure, and ten remote code execution – eight of which are critical, including CVE-2018-8174, which I mentioned above.

Windows Server 2016 has patches for 27 vulnerabilities. Seven are elevation of privilege, three information disclosure, eleven remote code execution, and six security feature bypass. Three of the remote code execution vulnerabilities are critical, including CVE-2018-8174. Windows Server 2012 R2 gets patches for 19 vulnerabilities. Two are critical remote code execution: CVE-2018-0959 for Hyper-V and CVE-2018-8174. Server 2008 R2 SP1 for 64-bit systems also gets patches for 19 vulnerabilities, with the same critical remote code execution bugs as Server 2012 R2.

Microsoft Office

Office products get patches for 19 vulnerabilities. There is just one critical bug, CVE-2018-8154 Microsoft Exchange Memory Corruption Vulnerability for Exchange Server 2013 and 2016.

Follow Russell on Twitter @smithrussell.

by Russell Smith
May 21, 2018

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.