March 13, 2018—KB4088878 (Security-only update)

Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1

Improvements and fixes


This security update includes quality improvements. No new operating system features are being introduced in this update. Important changes include the following:

  • Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.
  • Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Notes


Important Please apply KB4100480 immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038.

Known issues in this update


Symptom Workaround

After installing KB4056897 or any other recent monthly updates, SMB servers may experience a memory leak for some scenarios. This occurs when the requested path traverses a symbolic link, mount point, or directory junction and the registry key is set to 1:  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanManServer\Parameters\EnableEcp
This issue is resolved in KB4103718.
A Stop error occurs if this update is applied to a 32-Bit (x86) computer that has the Physical Address Extension (PAE) mode disabled. This issue is resolved in KB4093108.
A Stop error occurs on computers that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). Upgrade your machines with a processor that supports SSE2 or virtualize those machines.
Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

This issue is resolved in KB4093108. You no longer need the following ALLOW REGKEY to detect and be offered this update: 

HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc

 

After you apply this update, a new Ethernet Network Interface Card (NIC) that has default settings may replace the previous NIC and cause network issues. Any custom settings on the previous NIC persist in the registry but aren't used.

This issue can be resolved by installing KB4099950 prior to this update.

 

Static IP address settings are lost after you apply this update.

This issue can be resolved by installing KB4099950 prior to this update.

After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:
To resolve this issue, apply update KB4099467.
A 32-bit (x86) computer won’t boot or keeps restarting after applying this security update.

Before applying this security update and subsequent security updates, uninstall the following external drivers until they are fixed by the vendor that owns them:

  • HASP Kernel Device Driver (a.k.a. Haspnt.sys)
  • Hard Lock Key Drivers (a.k.a. hardlock.sys)
After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.
  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

How to get this update


This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for update 4088878