New
#1
Thanks Shawn!
Installed earlier and it appears to supersede KB4100480 as that one has disappeared from the update list of my 64-Bit VMs. So April's security updates must include the Total Meltdown fix.
April 10, 2018—KB4093108 (Security-only update)
Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1
Improvements and fixes
This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Windows Update and WSUS will offer this update to applicable Windows client and server operating systems, regardless of the existence or value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" registry setting. This change has been made to protect user data.
- Improves reliability in the kernel, and addresses an issue that can cause applications to have unexpected memory contents on multi-processor systems.
- Addresses a stop error that occurred when the previous month’s update was applied to a 32-bit (x86) computer with a Physical Address Extension (PAE) mode disabled.
- Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Known issues in this update
Symptom
After installing KB4056897 or any other recent monthly updates, SMB servers may experience a memory leak for some scenarios. This occurs when the requested path traverses a symbolic link, mount point, or directory junction and the registry key is set to 1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanManServer\Parameters\EnableEcp
Workaround
Microsoft is working on a resolution and will provide an update in an upcoming release.
Symptom
A stop error occurs on computers that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).
Workaround
Microsoft is working on a resolution and will provide an update in an upcoming release.
How to get this update
This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website.
File information
For a list of the files that are provided in this update, download the file information for update 4093108.
Source: https://support.microsoft.com/en-us/help/4093108
Direct download links for KB4093108 MSU file from Microsoft Update Catalog:
Download KB4093108 MSU for Windows 7 32-bit (x86) - 14.8 MB
Download KB4093108 MSU for Windows 7 64-bit (x64) - 23.3 MB
Thanks Shawn!
Installed earlier and it appears to supersede KB4100480 as that one has disappeared from the update list of my 64-Bit VMs. So April's security updates must include the Total Meltdown fix.
Does the security only update always include security updates for IE 11? I have been getting the IE updates separately.
Micorsoft says "Improves reliability in the kernel, and addresses an issue that can cause applications to have unexpected memory contents on multi-processor systems."
Nothing is said about a privilege escalation issue which KB4100480 was said to deal with. Privilege escalation also applies to single-processor systems. I guess that my ancient AMD Sempron 3000+ single-core processor is susceptible to privilege escalation as much as the 8+ core beasts which roam today. What good does it do to be so vague? Why issue any information if it raises as many questions as it answers?
The problem is that I now have much diminished faith in Microsoft so I intend to backtrack and install KB4100480 and then repeat the installation of the April 2018 security rollup for Windows 7 x64. That way I can be sure.
With nervous trepidation I applied these updates, as well as the manual one, so thank you Brink for the link.
No BSOD, so all is well, and Lady F still has my empathy for what M$ did to her machine.
Hello Riley, :)
Looking at the Security Update Guide below, the IE update is included in only KB4093118, and not this one.
https://portal.msrc.microsoft.com/en...urity-guidance
Last edited by Brink; 11 Apr 2018 at 11:23.
Hi Riley,
If you're going down the Windows Security-only route the IE11 updates have to be installed separately. However, unlike the Windows Security-only updates which have to be installed every month, the IE11 security updates are cumulative so you only have to install the latest package to be up to date, as it will include all the past IE security updates.
The Windows monthly rollups also include all the IE security updates.
Originally the Windows Security-only updates DID include the IE updates for the first couple of months, however MS changed this and separated them later.
MS isn't always renowned for it's accurate KB articles. Even some of the Security-only updates in the past have stated they will be delivered through Windows update, which has never been the case. So, take what they write in their articles with a pinch of salt!