Description of the security update for the Windows Kernel vulnerabilities in Windows Server 2008: March 13, 2018

Applies to: Windows Server 2008 Service Pack 2Windows Server 2008 Web Edition

Summary


An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass.

To learn more about the vulnerabilities, go to the Security Update Guide.

More Information


Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues in this security update


Symptom

Workaround

Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV has updated the ALLOW registry entry.

Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following registry entry configured on the computer:

Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

Data="0x00000000”

A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled.

Microsoft is working on a resolution for this issue. Because of this issue, this update is currently available only to computers that have Physical Address Extension (PAE) mode enabled.

A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).

Microsoft is working on a resolution and will provide an update in an upcoming release.

After you apply this update, the following symptoms may occur:

  • A new Ethernet Network Interface Card (NIC) that has default settings may replace the previous NIC and cause network issues. Any custom settings on the previous NIC persist in the registry but aren't used.
  • IP address settings are lost.

Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

Before you install security update 4089229, run the following VBS script. Copy and paste this script into Notepad, and then save the file with a .vbs extension.

Instructions
Before you run the script, make sure that you back up the following registry key and subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PnP\Pci\HackFlags

Note The script includes binary version checks around PCI.SYS file and sets the HackFlags registry key. For more information about this issue and the HackFlags registry key, see KB 2710558.

Set WshShell = WScript.CreateObject("WScript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")

Dim WindirFilePath,strPciFileVersion,strAryFileVersion1
WindirFilePath = WshShell.ExpandEnvironmentStrings("%WinDir%")
strPciFileVersion = fs.getfileversion(WindirFilePath & "\\system32\\drivers\\pci.sys")
strAryFileVersion1 = Split(strPciFileVersion, ".")

'pci.sys version check
If (strAryFileVersion1(0) = 6 And strAryFileVersion1(1) = 0 And strAryFileVersion1(2) = 6002 And strAryFileVersion1(3) < 22567) Then

                Dim curFlag,hackFlag,path
                curFlag = 0
                path="HKLM\System\CurrentControlSet\Control\PnP\Pci\HackFlags"
                
                'Get current HackFlags
                On Error Resume next
                curFlag = WshShell.RegRead(path)
                On Error Goto 0

                'Set new HackFlags
                hackFlag = curFlag or 262144
                WshShell.RegWrite path,hackFlag,"REG_DWORD"

                Wscript.echo "HackFlags set"
Else
                Wscript.echo "pci.sys is already updated. No need to set HackFlags"
End If

 

Note: If the IP address settings are lost after installing security update 4089229, you can manually adjust the HackFlags registry key.


Location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\PnP\Pci
Key: HackFlags
Type: REG_DWORD

Set the following registry value and then restart the computer:

  • If HackFlags doesn’t exist: 
    Value: 0x00040000

  • If HackFlags does exist:
    New Value: (<Existing Flags> | 0x00040000)

If the registry key already exists, combine the existing value with the "0x00040000" bitmask to change the existing Flags value to: <Existing Flags value> (bitwise OR) 0x00040000. This method respects both the previous and new values.

Examples:

Existing value: 0x0000001
New value: 0x00040001

Existing value: 0x0000020
New value: 0x00040020

Existing value: 0x0800001
New value: 0x08040001

 

How to obtain and install the update


Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information


For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

More Information


Windows Server 2008 file information



File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.