Microsoft Security Updates for March, 2018

[Corrine]

The March security release consists of 75 CVEs, of which 14 are listed as Critical, and 61 are rated Important in severity. Two are listed as being publicly known but none are listed as being under active attack. In particular, note CVE-2018-0886, CVE-2018-0940 and CVE-2018-0868 discussed in this month's Zero Day Initiative — The March 2018 Security Update Review by Dustin Childs.

The updates address Remote Code Execution, Elevation of Privilege, Denial of Service, Information Disclosure, Elevation of Privilege and Security Feature Bypass.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary. Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update History

Release Notes

 

[Sysnative Windows Update]

New influx of threads coming in 3... 2... 1... :grin1:

 

[Corrine]

:hysterical:

Just wait until the next version update, probably next month.

 

[x BlueRobot]

Are version updates essentially service packs?

 

[niemiro]

Are version updates essentially service packs?

Not really. Service packs were principally about taking all (well, most) of the already released security updates for that operating system since the last service pack, along with a bunch of minor and as yet unreleased bugfixes (quality updates) and rolling them into one (generally) easier to install service pack package.

Version updates are really about introducing new features and making Windows 10 better, rather than just rolling together the last year of updates into a new mega-package.

The install mechanism is also a little different. Windows 10 version updates are a bit more like a Windows 7 Repair Install than an update install. It's almost a little like (not that you can) taking a Windows 7 SP1 install, and Repairing Installing it with a Windows 7 SP2 disk.

The Windows 7 update store suffered from bloating over time - even with some newer updates superceding others, the layering of newer updates upon older updates did lead to increasing complexity and file size in the system store as time went on. Windows 10 version updates are much better at replacing old files - starting afresh, rather than layering on top of the old.

 

[Corrine]

Microsoft released Windows kernel update for CVE-2018-1038 for Windows 7 64-bit systems today.

Description of the Windows Kernel Elevation of Privilege Vulnerability: CVE-2018-1038

The update is available via Microsoft Update or via the catalog: Microsoft Update Catalog