Content Modification: Patches for Windows published 2019-07-17

bma · July 17, 2019, 8:24pm

Content in the Patches for Windows site has been modified.

Modified:

[Major] 4072698: Enable mitigations to help protect against speculative execution side-channel vulnerabilities CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown) - Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 / Windows Server 201 (ID: 407269801)
[Major] 4072698: Enable mitigations to help protect against CVE 2018-3639 (Speculative Store Bypass), CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown),(CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) - Windows Server 2008 / Windows Ser (ID: 407269805)
[Major] 4073119: Enable mitigations to help protect against CVE 2018-3639 (Speculative Store Bypass), CVE-2017-5715 (Spectre Variant 2), and CVE-2017-5754 (Meltdown),(CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) - Windows 7 / Windows 8.1 / Win (ID: 407311905)
[Major] 4072698: Disable mitigations to help protect against speculative execution side-channel vulnerabilities - Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 / Windows Server 2012 R2 / Windows 2016 (ID: 407269803)
[Major] 4073119: Enable mitigations to help protect against speculative execution side-channel vulnerabilities CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown) - Windows 7 / Windows 8.1 / Windows 10 (ID: 407311901)
[Major] 4073119: Disable mitigations to help protect against speculative execution side-channel vulnerabilities - Windows 7 / Windows 8.1 / Windows 10 (ID: 407311903)
[Minor] MS06-009: Vulnerability in the Korean IME Could Allow Elevation of Privilege - Visio 2003 Korean MUI (Superseded) (ID: 600907)
[Minor] MS07-001: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution - Visio 2003 Portuguese (Brazil) MUI (Network/Local Installation) (Superseded) (ID: 700108)
[Minor] MS07-037: Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (Superseded) (ID: 703701)
[Minor] MS15-059: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office 2013 SP1 - KB3039782 (Superseded) (ID: 1505905)

Superseded:

[Major] MS17-004: Security Only Quality Update - Security Only - Windows Server 2008 R2 SP1 - KB3212642 (x64) (Superseded) (ID: 1700401)
[Major] MS16-055: Security Update for Microsoft Graphics Component - Windows Server 2008 R2 SP1 - KB3156019 (x64) (Superseded) (ID: 1605559)
[Major] MS16-082: Security Update for Microsoft Windows Search Component - Windows Server 2008 R2 SP1 - KB3161958 (x64) (Superseded) (ID: 1608207)
[Major] 2966583: Improvements for the System Update Readiness tool in Windows 7 and Windows Server 2008 R2 - Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 296658307)
[Major] 3092627: Update to fix Windows or application freezes after you install security update 3076895 - Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 309262717)
[Major] 4020507: Update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 - Windows Server 2008 R2 SP1 - .NET Framework 4.5.2 - KB4020507 (x64) (Superseded) (ID: 402050703)
[Major] 4508646: Cumulative update for Internet Explorer - Windows Server 2008 R2 SP1 - IE 11 - KB4508646 (x64) (Superseded) (ID: 450864601)
[Major] 4508646: Cumulative update for Internet Explorer - Windows Server 2012 - IE 10 - KB4508646 (x64) (Superseded) (ID: 450864607)
[Major] 4505050: Cumulative update for Internet Explorer - Windows Server 2012 - IE 11 - KB4505050 (x64) (Superseded) (ID: 450505007)
[Major] MS16-065: Security Update for .NET Framework - Windows Server 2012 - .NET Framework 3.5 - KB3142025 (x64) (Superseded) (ID: 1606533)
[Major] 4505050: Cumulative update for Internet Explorer - Windows Server 2012 R2 - IE 11 - KB4505050 (x64) (Superseded) (ID: 450505011)
[Major] 4508646: Cumulative update for Internet Explorer - Windows Server 2012 R2 - IE 11 - KB4508646 (x64) (Superseded) (ID: 450864611)
[Major] MS18-JAN: Security update for SQL Server 2014 SP2 GDR - SQL Server 2014 SP2 - KB4057120 (x64) (Superseded) (ID: 405712001)
[Major] MS18-JAN: Security update for SQL Server 2014 SP2 GDR - SQL Server 2014 SP2 - KB4057120 (Superseded) (ID: 405712003)
[Major] 4506933: Servicing Stack Update for Windows 10 Version 1903 - Windows 10 Version 1903 - KB4506933 (Superseded) (ID: 450693303)
[Major] 4506933: Servicing Stack Update for Windows 10 Version 1903 - Windows 10 Version 1903 - KB4506933 (x64) (Superseded) (ID: 450693301)
[Major] MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution - Windows Script 5.8 - Windows 7 SP1 (Superseded) (ID: 1309923)
[Major] MS14-030: Vulnerability in Remote Desktop Could Allow Tampering - Windows 7 SP1 - KB2965788 (Superseded) (ID: 1403003)
[Major] MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3075222 (Superseded) (ID: 1508205)
[Major] MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure - Windows 7 SP1 - KB3076895 (Superseded) (ID: 1508403)
[Major] MS16-082: Security Update for Microsoft Windows Search Component - Windows 7 SP1 - KB3161958 (Superseded) (ID: 1608213)
[Major] 4508646: Cumulative update for Internet Explorer - Windows 7 SP1 - IE 11 - KB4508646 (Superseded) (ID: 450864605)
[Major] MS16-055: Security Update for Microsoft Graphics Component - Windows 7 SP1 - KB3156019 (Superseded) (ID: 1605513)
[Major] 2966583: Improvements for the System Update Readiness tool in Windows 7 and Windows Server 2008 R2 - Windows 7 SP1 (Superseded) (ID: 296658303)
[Major] 3092627: Update to fix Windows or application freezes after you install security update 3076895 - Windows 7 SP1 (Superseded) (ID: 309262709)
[Major] MS15-067: Vulnerability in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3067904 (Superseded) (ID: 1506709)
[Major] MS17-004: Security Only Quality Update - Security Only - Windows 7 SP1 - KB3212642 (Superseded) (ID: 1700405)
[Major] 2952664: Compatibility update for keeping Windows up-to-date in Windows 7 - Windows 7 SP1 - KB2952664 (V24.0) (Superseded) (ID: 295266401)
[Major] MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass - Windows 7 SP1 - KB3003743 (Superseded) (ID: 1407411)
[Major] 4505050: Cumulative update for Internet Explorer - Windows 7 SP1 - IE 11 - KB4505050 (Superseded) (ID: 450505005)
[Major] 4020507: Update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 - Windows 7 SP1 - .NET Framework 4.5.2 - KB4020507 (Superseded) (ID: 402050705)
[Major] MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege - Windows 7 SP1 - KB3126446 (Superseded) (ID: 1601705)
[Major] MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3075220 (Superseded) (ID: 1508223)
[Major] MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution - Windows Script 5.8 - Windows 7 SP1 (x64) (Superseded) (ID: 1309925)
[Major] 4508646: Cumulative update for Internet Explorer - Windows 7 SP1 - IE 11 - KB4508646 (x64) (Superseded) (ID: 450864603)
[Major] MS15-067: Vulnerability in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3067904 (x64) (Superseded) (ID: 1506707)
[Major] MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure - Windows 7 SP1 - KB3076895 (x64) (Superseded) (ID: 1508411)
[Major] MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege - Windows 7 SP1 - KB3126446 (x64) (Superseded) (ID: 1601701)
[Major] 3092627: Update to fix Windows or application freezes after you install security update 3076895 - Windows 7 SP1 (x64) (Superseded) (ID: 309262707)
[Major] MS16-082: Security Update for Microsoft Windows Search Component - Windows 7 SP1 - KB3161958 (x64) (Superseded) (ID: 1608209)
[Major] MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass - Windows 7 SP1 - KB3003743 (x64) (Superseded) (ID: 1407409)
[Major] MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3075220 (x64) (Superseded) (ID: 1508209)
[Major] MS17-004: Security Only Quality Update - Security Only - Windows 7 SP1 - KB3212642 (x64) (Superseded) (ID: 1700403)
[Major] 2966583: Improvements for the System Update Readiness tool in Windows 7 and Windows Server 2008 R2 - Windows 7 SP1 (x64) (Superseded) (ID: 296658305)
[Major] 4505050: Cumulative update for Internet Explorer - Windows 7 SP1 - IE 11 - KB4505050 (x64) (Superseded) (ID: 450505001)
[Major] MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3075222 (x64) (Superseded) (ID: 1508203)
[Major] MS16-055: Security Update for Microsoft Graphics Component - Windows 7 SP1 - KB3156019 (x64) (Superseded) (ID: 1605507)
[Major] 2952664: Compatibility update for keeping Windows up-to-date in Windows 7 - Windows 7 SP1 - KB2952664 (x64) (V24.0) (Superseded) (ID: 295266403)
[Major] MS14-030: Vulnerability in Remote Desktop Could Allow Tampering - Windows 7 SP1 - KB2965788 (x64) (Superseded) (ID: 1403011)
[Major] 4508646: Cumulative update for Internet Explorer - Windows 8.1 - IE 11 - KB4508646 (Superseded) (ID: 450864613)
[Major] 4508646: Cumulative update for Internet Explorer - Windows 8.1 - IE 11 - KB4508646 (x64) (Superseded) (ID: 450864609)
[Major] MS15-074: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege - Windows Server 2008 SP2 - KB3072630 (Superseded) (ID: 1507429)
[Major] MS18-JUL: Security update for the Win32k elevation of privilege vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4339854 (Superseded) (ID: 433985403)
[Major] 3092627: Update to fix Windows or application freezes after you install security update 3076895 - Windows Server 2008 SP2 (Superseded) (ID: 309262715)
[Major] MS15-024: Vulnerability in PNG Processing Could Allow Information Disclosure - Windows Server 2008 SP2 - KB3035132 (Superseded) (ID: 1502423)
[Major] MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure - Windows Server 2008 SP2 - KB3076895 (Superseded) (ID: 1508405)
[Major] MS16-055: Security Update for Microsoft Graphics Component - Windows Server 2008 SP2 - KB3156019 (Superseded) (ID: 1605521)
[Major] MS17-OCT: Security update for the Windows GDI information disclosure vulnerability - Windows Server 2008 SP2 - KB4042121 (Superseded) (ID: 404212103)
[Major] MS18-AUG: Security update for the remote code execution vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4340937 (Superseded) (ID: 434093703)
[Major] MS17-JUL: Security update for the Kerberos SNAME security feature bypass vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4022746 (Superseded) (ID: 402274603)
[Major] MS17-JUL: Security update for the Microsoft browser security feature bypass vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4025240 (Superseded) (ID: 402524003)
[Major] MS17-MAY: Security update for the Windows SMB Information Disclosure Vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4018466 (Superseded) (ID: 401846603)
[Major] 4020507: Update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 - Windows Server 2008 SP2 - .NET Framework 4.5.2 - KB4020507 (Superseded) (ID: 402050709)
[Major] MS18-JUN: Security update for the Windows kernel information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4234459 (Superseded) (ID: 423445903)
[Major] MS16-075, MS16-076: Security Update for Windows SMB Server, Netlogon - Windows Server 2008 SP2 - KB3161561 (Superseded) (ID: 1607511)
[Major] MS18-APR: Security update - Windows Server 2008 SP2 - KB4093257 (Superseded) (ID: 409325703)
[Major] MS17-OCT: Security update for the Windows SMB vulnerabilities in Windows Server 2008 - Windows Server 2008 SP2 - KB4041995 (Superseded) (ID: 404199503)
[Major] MS17-NOV: “Unexpected error from external database driver” error when you create or open Microsoft Excel .Xls files - Windows Server 2008 SP2 - KB4050795 (Superseded) (ID: 405079503)
[Major] MS18-AUG: Security update for the GDI vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4343674 (Superseded) (ID: 434367403)
[Major] MS18-AUG: Security update for the font library vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4344104 (Superseded) (ID: 434410403)
[Major] MS17-004: Security Update for Local Security Authority Subsystem Service - Windows Server 2008 SP2 - KB3216775 (Superseded) (ID: 1700411)
[Major] MS18-JUL: Security update for the Win32k elevation of privilege vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4339854 (x64) (Superseded) (ID: 433985401)
[Major] MS15-024: Vulnerability in PNG Processing Could Allow Information Disclosure - Windows Server 2008 SP2 - KB3035132 (x64) (Superseded) (ID: 1502413)
[Major] MS17-004: Security Update for Local Security Authority Subsystem Service - Windows Server 2008 SP2 - KB3216775 (x64) (Superseded) (ID: 1700409)
[Major] MS17-JUL: Security update for the Kerberos SNAME security feature bypass vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4022746 (x64) (Superseded) (ID: 402274601)
[Major] MS17-OCT: Security update for the Windows SMB vulnerabilities in Windows Server 2008 - Windows Server 2008 SP2 - KB4041995 (x64) (Superseded) (ID: 404199501)
[Major] MS17-APR: Security update for the Hyper-V vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB3211308 (x64) (Superseded) (ID: 321130801)
[Major] MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure - Windows Server 2008 SP2 - KB3076895 (x64) (Superseded) (ID: 1508427)
[Major] MS16-055: Security Update for Microsoft Graphics Component - Windows Server 2008 SP2 - KB3156019 (x64) (Superseded) (ID: 1605503)
[Major] 3092627: Update to fix Windows or application freezes after you install security update 3076895 - Windows Server 2008 SP2 (x64) (Superseded) (ID: 309262711)
[Major] MS17-MAY: Security update for the Windows SMB Information Disclosure Vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4018466 (x64) (Superseded) (ID: 401846601)
[Major] MS17-NOV: “Unexpected error from external database driver” error when you create or open Microsoft Excel .Xls files - Windows Server 2008 SP2 - KB4050795 (x64) (Superseded) (ID: 405079501)
[Major] MS18-AUG: Security update for the GDI vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4343674 (x64) (Superseded) (ID: 434367401)
[Major] MS16-075, MS16-076: Security Update for Windows SMB Server, Netlogon - Windows Server 2008 SP2 - KB3161561 (x64) (Superseded) (ID: 1607513)
[Major] 4020507: Update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 - Windows Server 2008 SP2 - .NET Framework 4.5.2 - KB4020507 (x64) (Superseded) (ID: 402050707)
[Major] MS18-APR: Security update - Windows Server 2008 SP2 - KB4093257 (x64) (Superseded) (ID: 409325701)
[Major] MS18-JUN: Security update for the Windows kernel information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4234459 (x64) (Superseded) (ID: 423445901)
[Major] MS18-AUG: Security update for the font library vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4344104 (x64) (Superseded) (ID: 434410401)
[Major] MS17-JUL: Security update for the Microsoft browser security feature bypass vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4025240 (x64) (Superseded) (ID: 402524001)
[Major] MS17-OCT: Security update for the Windows GDI information disclosure vulnerability - Windows Server 2008 SP2 - KB4042121 (x64) (Superseded) (ID: 404212101)
[Major] MS18-AUG: Security update for the remote code execution vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 - Windows Server 2008 SP2 - KB4340937 (x64) (Superseded) (ID: 434093701)
[Major] MS15-074: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege - Windows Server 2008 SP2 - KB3072630 (x64) (Superseded) (ID: 1507405)
[Major] MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution - Windows Script 5.8 - Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 1309927)
[Major] 4505050: Cumulative update for Internet Explorer - Windows Server 2008 R2 SP1 - IE 11 - KB4505050 (x64) (Superseded) (ID: 450505003)
[Major] MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure - Windows Server 2008 R2 SP1 - KB3076895 (x64) (Superseded) (ID: 1508419)
[Major] MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution - Windows Server 2008 R2 SP1 - KB3075222 (x64) (Superseded) (ID: 1508229)
[Major] MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass - Windows Server 2008 R2 SP1 - KB3003743 (x64) (Superseded) (ID: 1407425)

Reason for Update:
Additional content superseded.
Spectre mitigation fixlets were not evaluating to False after the latest settings were enabled.
Other modified fixlets listed have had their MS bulletin url links updated.

Actions to Take:
None

Published site version:
Patches for Windows, version 3337

Additional links:
None

Application Engineering Team
BigFix

dosborn · July 23, 2019, 5:58pm

Hi there! Can you confirm for me that the registry value that the fixlets (4073119 & 4072698) is correct?
4073119 Action 1: regset64 “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]” “FeatureSettingsOverride”=dword:00000072
4072698 Action 1: regset64 “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]” “FeatureSettingsOverride”=dword:00000072

This setting modifies the Decimal to a value of 114 & Hexadecimal to 72. If you run Microsoft’s command “reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 72 /f” the Decimal changes to 72 & Hexadecimal to 48.

https://support.microsoft.com/kb/4073119

Thanks!

bma · July 23, 2019, 8:12pm

I think you’re right @dosborn
Passing this on to the team.

bma · July 26, 2019, 11:43pm

Updated fixlets have been released in Patches for Windows, version 3343.

system · August 16, 2019, 8:24pm

This topic was automatically closed after 30 days. New replies are no longer allowed.