Microsoft as part of Patch Tuesday released new cumulative updates for Windows 10 users along with releasing cumulative updates for older versions, Windows 7 and Windows 8.1 which are getting the fixes for the recent Meltdown and Spectre Vulnerabilities. The updates include a couple of Servicing Stack updates, two previews of monthly rollups, a refreshed Windows Update cracker — and absolutely nothing that fixes the flaws in this month’s botched Windows 7 patch. The company has rolled out security fixes for close to 75 vulnerabilities out of which 15 have been deemed as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.
The fixes are mainly concentrated on ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, Microsoft Office Services, Web Apps, Internet Explorer, Microsoft Edge, Microsoft Windows, and Microsoft Exchange Server which have been addressed.
Microsoft is also rolling out updates for the Intel microcode which fixes the vulnerabilities for the Intel’s SkyLake processors. Microsoft is adding a software coverage for the Meltdown vulnerability for x86 editions of Windows 7 and Windows 8.1 which will continue to receive additional support from the company.
KB 4089848 brings 1709 (Windows10 Fall Creators Update) up to Build 16299.334 – seems to have fixed the problem with the January Delta update.
KB 4088891 brings 1703 (Windows10 Creators Update) up to build 15063.994
KB 4088889 brings 1607 (Windows 10 Anniversary Update) up to build 14393.2155 – this one’s a bit surprising because 1607 is due to go off life support in a couple of weeks.
One of the most significant patches was a vulnerability in Microsoft's Credential Security Support Provider protocol (CredSSP) which could allow a hacker to gain control of a domain server and other systems in the network. The company will be rolling out a new version of the RDP client next month.