Security 10809 Published by

Microsoft has published the March 2018 Security Updates



The March security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Exchange Server
ASP.NET Core
.NET Core
PowerShell Core
ChakraCore
Adobe Flash

Please note the following information regarding the security updates:

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
After May 9, 2018, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
To be fully protected against CVE-2018-0886, users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems and users must follow the instructions documented HERE to be fully protected.

Known Issues

March 13, 2018—KB4088787 (OS Build 14393.2125)
Windows 10 Version 1607/Windows Server 2016

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Addresses issue with printing XML documents with Internet Explorer and Microsoft Edge.

Addresses issue where Internet Explorer stops working when using F12-based developer tools.

Updates legacy Document Mode cell visibility in Internet Explorer.

Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.

Addresses issue that causes online video playback to stop responding.

Addresses issue where an AD FS server issue causes the WID AD FS database to become unusable after a restart. This might prevent the AD FS service from starting.

Lifts the Anti-Virus (AV) compatibility check to expand the number of Windows 10 devices that are offered cumulative Windows security updates. This includes cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Addresses issue that only affects some versions of antivirus software and only applies to computers on which the antivirus ISV updated the ALLOW REGKEY.

Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Microsoft Windows Search component, Windows Desktop Bridge, Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Datacenter Networking, Windows Installer, and Windows Hyper-V.

Note This update isn't available with express installation files for Windows Server 2016.

March 13, 2018—KB4088782 (OS Build 15063.966)
Windows 10 Version 1703

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Addresses issue with printing XML documents in Internet Explorer and Microsoft Edge.

Addresses issue where Internet Explorer stops working when using F12-based developer tools.

Updates legacy Document Mode cell visibility in Internet Explorer.

Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.

Addresses issue that causes online video playback to stop responding.

Addresses issue where, after installing KB4056891, KB4057144, or KB4074592 on a server, you may not be able to access SMB shared files in directory junction points or volume mount points hosted on that server. The error is "ERROR_INVALID_REPARSE_DATA”. As a result, editing some group policies using GPMC or AGPM 4.0 may fail with the error "The data present in the reparse point buffer is invalid. (Exception from HRESULT: 0x80071128)".

Lifts the Anti-Virus (AV) compatibility check to expand the number of Windows 10 devices that are offered cumulative Windows security updates. This includes cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Addresses issue that only affects some versions of antivirus software and only applies to computers on which the antivirus ISV updated the ALLOW REGKEY.
Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Windows Desktop Bridge, Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088776 (OS Build 16299.309)
Windows 10 version 1709

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Addresses issue where Internet Explorer stops working when using F12-based developer tools.
Addresses issue with printing XML documents with Internet Explorer and Microsoft Edge.
Updates legacy Document Mode cell visibility in Internet Explorer.
Addresses issue with pinch and zoom gestures on some hardware in Internet Explorer.
Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.
Addresses issue to prevent media and other applications from becoming unresponsive or failing when upgrading graphics drivers.
Addresses issue where customers receive "Check your account, you don't own this content” errors when attempting to play or install owned content. This issue can also result in customers getting kicked out of a game in the middle of play.
Addresses issue where, after installing KB4056892,KB4073291, KB4058258, KB4077675, or KB4074588 on a server, you may not be able to access SMB shared files in directory junction points or volume mount points hosted on that server. The error is "ERROR_INVALID_REPARSE_DATA”. As a result, editing some group policies using GPMC or AGPM 4.0 may fail with the error "The data present in the reparse point buffer is invalid. (Exception from HRESULT: 0x80071128)".
Addresses issue where an AD FS server issue causes the WID AD FS database to become unusable after a restart. This might prevent the AD FS service from starting.
Addresses issue where, after installing KB4090913, the Mixed Reality Portal may fail to initialize. This results in an “SXXXXXXX-X” error or a “We couldn’t download the Windows Mixed Reality Software” message may appear after the software is successfully downloaded.
Lifts the Anti-Virus (AV) compatibility check to expand the number of Windows 10 devices that are offered cumulative Windows security updates. This includes cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.
Addresses issue that only affects some versions of antivirus software and only applies to computers on which the antivirus ISV updated the ALLOW REGKEY.
Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Windows Desktop Bridge, Windows Kernel, Windows Shell, Windows MSXML, Device Guard, Windows Hyper-V, Windows Installer, and the Microsoft Scripting Engine.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088786 (OS Build 10240.17797)
Windows 10 Enterprise released in July 2015

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Addresses issue with printing XML documents with Internet Explorer and Microsoft Edge.

Addresses issue with Internet Explorer and Microsoft Outlook integration.

Addresses issue where Internet Explorer stops working when using F12-based developer tools.

Updates legacy Document Mode cell visibility in Internet Explorer.

Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.

Addresses issue where files protected with the Encrypting File System (EFS) may become corrupted during BitLocker decryption or drive encryption.

Addresses issue where booting with Unified Write Filter (UWF) enabled may lead to stop error 0xE1 on embedded devices, particularly when using a USB hub.

Addresses issue where IoT devices may stop working because of an “unmountable_boot_volume” error when UWF is enabled.

Lifts the Anti-Virus (AV) compatibility check to expand the number of Windows 10 devices that are offered cumulative Windows security updates. This includes cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Addresses issue that only affects some versions of antivirus software and only applies to computers on which the antivirus ISV updated the ALLOW REGKEY.
Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, Device Guard, and Windows Hyper-V.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088779 (OS Build 10586.1478)
Windows 10 Version 1511

This update can only be applied to Windows 10 Enterprise and Windows 10 Education editions.

Reminder: The additional servicing offer for Windows 10, version 1511 ends on April 10, 2018 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.


Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Addresses issue where Internet Explorer stops working when using F12-based developer tools.

Lifts the Anti-Virus (AV) compatibility check to expand the number of Windows 10 devices that are offered cumulative Windows security updates. This includes cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Addresses issue that only affects some versions of antivirus software and only applies to computers on which the antivirus ISV updated the ALLOW REGKEY.
Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Device Guard, Windows Installer, and Windows Hyper-V.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088876 (Monthly Rollup)
Windows 8.1/Windows Server 2012 R2 Standard

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4075212 (released February 21, 2018) and addresses the following issues:

Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.

Updates legacy Document Mode cell visibility in Internet Explorer.

Addresses issue where Internet Explorer stops working in certain printing scenarios.

Addresses issue where Internet Explorer stops working when using F12-based developer tools.

Addresses issue in Internet Explorer that caused the Outlook web app to slow down under certain circumstances.

Addresses issue where customers sometimes can't sign in to Windows 2012 R2 servers when using a custom credential provider on a console or RDP.

Provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Security updates to Internet Explorer, the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088879 (Security-only update)
Windows 8.1/Windows Server 2012 R2 Standard

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Addresses issue where customers sometimes can't sign in to Windows 2012 R2 servers when using a custom credential provider on a console or RDP.

Provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088875 (Monthly Rollup)
Windows 7 Service Pack 1/Windows Server 2008 R2 Service Pack 1

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4075211 (released February 21, 2018) and addresses the following issues:

Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.

Updates legacy Document Mode cell visibility in Internet Explorer.

Addresses issue where Internet Explorer stops working in certain printing scenarios.

Addresses issue where Internet Explorer stops working when using F12-based developer tools.

Provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

Security updates to Internet Explorer, the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

March 13, 2018—KB4088878 (Security-only update)
Windows 7 Service Pack 1/Windows Server 2008 R2 Service Pack 1

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.
Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

  Microsoft March 2018 Security Updates