This security update includes improvements and fixes that were a part of update KB4284863 (released June 21, 2018) and addresses the following issues:
- Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
- Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Control and AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
- Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64) versions of Windows.
- Updates Internet Explorer's Inspect Element feature to conform to the policy that disables the launch of Developer Tools.
- Addresses an issue where DNS requests disregard proxy configurations in Internet Explorer and Microsoft Edge.
- Addresses an issue that causes the mouse to stop working after a user switches between local and remote sessions.
- Security updates to Internet Explorer, Windows apps, Windows graphics, Windows Shell, Windows datacenter networking, Windows virtualization, and Windows kernel.
For more information about the resolved security vulnerabilities, see the Security Update Guide.