Patch Tuesday — May 2018

computer time

This month, the Windows 10 April 2018 Update finally drops, although some Intel SSDs don’t seem to be happy about it, and a zero-day vulnerability is being exploited in the wild.



Windows 10 April 2018 Update

April’s Patch Tuesday was supposed to see the release of the Windows 10 April 2018 Update, or version 1803 as it is otherwise known. But as I reported last month, that didn’t happen because of a last-minute blocking bug. Microsoft decided to release another build (17134) to Insiders rather than release a cumulative update for build 17133, which was previously thought to have been the version that would be released to the masses.

Microsoft officially announced the Windows 10 April 2018 Update on April 27th and made it available for download a few days later on April 30th. The update was made more widely available on May 8th via Windows Update. Timeline is the only major new feature in the update and it is part of Windows 10 Task View (WIN+TAB). Timeline is part of Project Rome, a set of APIs and features intended to drive deeper engagement by bringing together apps, people, and cloud services across different platforms. Other improvements in the update include Near Share, Focus Assist, enhancements to Microsoft Edge, including Service Workers for Progress Web Apps (PWAs), and improvements to Cortana.

For more information on Project Rome and Timeline, see Project Rome and Windows 10 Timeline on Petri.

Intel SSDs Stumble on April Update

On May 8th, Microsoft acknowledged a problem with installing the April 2018 update on devices with Intel SSD 600p Series and Pro 6000p Series drives. Microsoft is blocking the update for devices with these drives. An update to fix the issue is expected by next month’s Patch Tuesday.

There are also reports of problems with Toshiba XG4 Series, Toshiba XG5 Series, and Toshiba BG3 Series SSDs causing battery performance issues. There hasn’t been an official announcement yet but according to a post on the Microsoft Answers forum:

“Microsoft is working with OEM partners and Toshiba to identify and block devices with Toshiba XG5 Series or Toshiba BG3 Series solid state disk (SSD) from installing the April 2018 Update due to a known incompatibility that may cause battery performance issues.”

Finally, if you use the PowerShell Integrated Scripting Environment (ISE), IntelliSense dropdowns and snippets are broken and CTRL+SPACE causes the ISE to crash. A fix is expected by the end of May.


This month’s update for Windows 10 for x64-based Systems (version 1709) patches forty-three vulnerabilities in total. Most of the vulnerabilities affect Microsoft Edge and Internet Explorer. There’s one patch for Adobe Flash and two vulnerabilities in the .NET Framework. Eight of the vulnerabilities are elevation of privilege, seven information disclosure, twenty remote code execution, and seven security feature bypass. Seventeen of the remote code execution vulnerabilities have a severity rating of ‘critical’. Microsoft says that remote code execution vulnerability CVE-2018-8174 is already being exploited and should be patched as soon as possible.

Windows 7 SP1 for x64-based systems gets patches for 19 vulnerabilities. Six elevation of privilege, three information disclosure, and ten remote code execution – eight of which are critical, including CVE-2018-8174, which I mentioned above.

Windows Server 2016 has patches for 27 vulnerabilities. Seven are elevation of privilege, three information disclosure, eleven remote code execution, and six security feature bypass. Three of the remote code execution vulnerabilities are critical, including CVE-2018-8174. Windows Server 2012 R2 gets patches for 19 vulnerabilities. Two are critical remote code execution: CVE-2018-0959 for Hyper-V and CVE-2018-8174. Server 2008 R2 SP1 for 64-bit systems also gets patches for 19 vulnerabilities, with the same critical remote code execution bugs as Server 2012 R2.

Microsoft Office

Office products get patches for 19 vulnerabilities. There is just one critical bug, CVE-2018-8154 Microsoft Exchange Memory Corruption Vulnerability for Exchange Server 2013 and 2016.

Follow Russell on Twitter @smithrussell.