PSA: KB4056892 Released to Address Intel Processor Security Issue

Linking the whole thing here so you don’t have to search for it (Link to the official release here if needed). Pay particular attention to what I put in bold:

January 3, 2018—KB4056892 (OS Build 16299.192)

Applies to: Windows 10 version 1709

Improvements and fixes


This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
  • Addresses issue where printing an Office Online document in Microsoft Edge fails.
  • Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
  • Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
  • Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
  • Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
  • Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Known issues in this update


Symptom Workaround
Update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the Reset this PC functionality after installing KB4054022. Note This workaround uses c:\temp and the x64 architecture as examples. Update these examples as appropriate for your environment.

  1. Download the appropriate version of KB4054022 for your device architecture from the Microsoft Update Catalog to c:\temp. Then run the commands in the steps below from the administrative command prompt.
  2. Expand the .msu file that you downloaded in step 1.mkdir c:\temp
    expand -f:* windows10.0-kb4054022-x64.msu c:\temp
  3. End the existing TrustedInstaller processes and install KB4054022 using the Deployment Image Servicing and Management tool.taskkill /f /im tiworker.exe
    taskkill /f /im trustedinstaller.exe
    dism /online /add-package /packagepath:c:\temp\Windows10.0-KB4054022-x64.cab
  4. (Optional) Delete the CBS logs from the Windows Logs directory.

del /f %windir%\logs\cbs\*.log

Microsoft is working on a resolution and will provide an update in an upcoming release.

Windows Update History reports that KB4054517 failed to install because of Error 0x80070643. Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select Check for Updates to confirm that there are no additional updates available.

You can also type About your PC in the Search box on your taskbar to confirm that your device is using OS Build 16299.125.

Microsoft is working on a resolution and will provide an update in an upcoming release.

When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions. Microsoft is working on a resolution and will provide an update in an upcoming release.
Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. Contact your Anti-Virus AV to confirm that their software is compatible and have set the following  REGKEY on the machine
Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat”
Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”
Type=”REG_DWORD”
Data=”0x00000000”

 

How to get this update


This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

Note: On the catalog website you will also see the update for Server 2016.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s