Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

March 13, 2018—KB4088878 (Security-only update)


View products that this article applies to.

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Important changes include the following:

  • Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.
  • Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

↑ Back to the top


Notes

Important Please apply KB4100480 immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038.

↑ Back to the top


Known issues in this update

Symptom Workaround

After installing KB4056897 or any other recent monthly updates, SMB servers may experience a memory leak for some scenarios. This occurs when the requested path traverses a symbolic link, mount point, or directory junction and the registry key is set to 1:  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanManServer\Parameters\EnableEcp
This issue is resolved in KB4103718.
A Stop error occurs if this update is applied to a 32-Bit (x86) computer that has the Physical Address Extension (PAE) mode disabled. This issue is resolved in KB4093108.
A Stop error occurs on computers that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). Upgrade your machines with a processor that supports SSE2 or virtualize those machines.
Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

This issue is resolved in KB4093108. You no longer need the following ALLOW REGKEY to detect and be offered this update: 

HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc

 

After you apply this update, a new Ethernet Network Interface Card (NIC) that has default settings may replace the previous NIC and cause network issues. Any custom settings on the previous NIC persist in the registry but aren't used.

This issue can be resolved by installing KB4099950 prior to this update.

 

Static IP address settings are lost after you apply this update.

This issue can be resolved by installing KB4099950 prior to this update.

After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:
To resolve this issue, apply update KB4099467.
A 32-bit (x86) computer won’t boot or keeps restarting after applying this security update.

Before applying this security update and subsequent security updates, uninstall the following external drivers until they are fixed by the vendor that owns them:

  • HASP Kernel Device Driver (a.k.a. Haspnt.sys)
  • Hard Lock Key Drivers (a.k.a. hardlock.sys)
After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.
  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

↑ Back to the top


How to get this update

This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for update 4088878

↑ Back to the top


Keywords: Windows Server 2008 R2 Service Pack 1, windows 7 SP1

↑ Back to the top

Article Info
Article ID : 4088878
Revision : 70
Created on : 9/10/2018
Published on : 9/10/2018
Exists online : False
Views : 474

Minor Releases