Today, a security vulnerability was found that affects pretty much every PC on the market. Chips from Intel, AMD, and ARM are affected, as are Windows, macOS, and Linux, on the software end. macOS and Linux have already been patched, and Microsoft planned to update Windows on Tuesday, but then the news broke, and it was time to release some emergency updates.
If you're on the Fall Creators Update, or version 1709, you're going to see KB4056892, or build 16299.192. It can be manually downloaded here, and contains the following fixes:
Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
Addresses issue where printing an Office Online document in Microsoft Edge fails.
Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.
It also contains some known issues to be aware of:
| Symptom | Workaround |
|---|---|
| Update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the Reset this PC functionality after installing KB4054022. |
Note: This workaround uses c:\temp and the x64 architecture as examples. Update these examples as appropriate for your environment.
Microsoft is working on a resolution and will provide an update in an upcoming release. |
| Windows Update History reports that KB4054517 failed to install because of Error 0x80070643. |
Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select Check for Updates to confirm that there are no additional updates available. You can also type About your PC in the Search box on your taskbar to confirm that your device is using OS Build 16299.125. Microsoft is working on a resolution and will provide an update in an upcoming release. |
| When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions. | Microsoft is working on a resolution and will provide an update in an upcoming release. |
| Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. | Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” |
The rest of the updates contain smaller changelogs. If you're on the Creators Update, or version 1703, you'll see KB4056891, or build 15063.850, which can be manually downloaded here. This one really only contains the security fixes:
Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Graphics, Windows Kernel, Windows Subsystem for Linux, and the Windows SMB Server.
There are also a couple of known issues:
| Symptom | Workaround |
|---|---|
| When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions. | Microsoft is working on a resolution and will provide an update in an upcoming release. |
| Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. | Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” |
Those on the Anniversary Update, or version 1607, will get KB4056890, or build 14393.2007, and those on version 1511 will get KB4056888, or build 10586.1356. They can be manually downloaded here and here, respectively, and contain the same changelogs as build 15063.850.
As for the original version of Windows 10, now called version 1507, it can be manually downloaded here and contains the following fixes:
Addresses issue where using smart cards on a Windows Terminal Server system may cause excessive memory usage.
Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Graphics, Windows Kernel, Windows Datacenter Networking, and Windows SMB Server.
It contains the same two known issues as the other older versions of the OS.
Naturally, you don't need to download any of them manually. You can go to Settings -> Update & security -> Windows Update -> Check for updates, and you'll automatically get the ones for your version of Windows 10. You'll also need some firmware updates before you're completely protected from today's security issue.
25 Comments - Add comment