Description of the security update for the speculative execution side-channel vulnerabilities in Windows Server 2008: March 13, 2018


Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as "speculative execution side-channel attacks" that affect many modern processors and operating systems including Intel, AMD, and ARM.

To learn more about the vulnerabilities, go to ADV180002.

More Information

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues in this security update

Known issue Workaround

Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV has updated the ALLOW registry entry. 

This issue is resolved in security update 4093478.

Note: You no longer need the following ALLOW registry entry to detect and be offered this update:


A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled.

The issue is resolved in security update 4093478.

A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).

Microsoft is working on a resolution and will provide an update in an upcoming release.

This security update was rereleased on April 3, 2018. Customers that installed the original release version of this security update may have experienced the following issue:

The computer does not start after you apply this update and then restart.
The problem does not occur on English versions of Windows Server 2008.
The problem does not occur if you have all previous updates for Windows Server 2008 SP2 installed  from Windows Update.
This issue was resolved in the April 3, 2018 rerelease version of this security update.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

Windows Server 2008 file information

File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.