August Windows 10 Patch Tuesday Updates Are Here – Bring Fixes to the Newly Disclosed Spectre-Class L1TF Attacks Affecting Intel
Microsoft has started rolling out Windows 10 cumulative updates today for all the supported versions of the desktop operating system. Updates are now live for Windows 10 April 2018 Update (Version 1803 – KB4343909), Fall Creators Update (Version 1709 – KB4343897), Creators Update (Version 1703 – KB4343885), Anniversary Update (Version 1607 – KB4343887), and the November Update (Version 1507 – KB4343892).
As usual, Patch Tuesday only brings fixes to bugs along with the ever so important security problems. Today’s updates are, however, even more important since they are fixing the newly disclosed Foreshadow aka L1TF Speculative Execution side-channel vulnerabilities affecting some of the Intel processors (more details in the changelog below).
Here is what is being fixed today for Windows 10 version 1803 (build number 17134.228):
- Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
- Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
- Addresses an issue that prevents apps from receiving mesh updates after resuming. This issue occurs for apps that use Spatial Mapping mesh data and participate in the Sleep or Resume cycle.
- Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
- Addresses an issue that prevents some applications running on HoloLens, such as Remote Assistance, from authenticating after upgrading from Windows 10, version 1607, to Windows 10, version 1803.
- Addresses an issue that significantly reduced battery life after upgrading to Windows 10, version 1803.
- Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update.
- Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement.” For more information, see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200 and https://aka.ms/PSModuleFunctionExport.
- Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
- Security updates to Windows Server.
Make sure you install today’s updates at earliest to stay secure. Head over to Settings > Windows Update. If you have been waiting for the new features and improvements, they won’t come at least until October when the upcoming version of the operating system is released.