Cumulative Update KB4284819 Windows 10 v1709 Build 16299.492 - June 12

    Cumulative Update KB4284819 Windows 10 v1709 Build 16299.492 - June 12

    Cumulative Update KB4284819 Windows 10 v1709 Build 16299.492 - June 12


    Last Updated: 16 Jun 2018 at 09:57

    June 12, 2018 - KB4284819 (OS Build 16299.492)

    Applies to: Windows 10 version 1709


    Improvements and fixes

    This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

    • Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
    • Addresses an issue in Microsoft Edge that causes incorrect responses to XML requests.
    • Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer.
    • Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.
    • Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
      1. Temporarily suspending BitLocker.
      2. Immediately installing firmware updates before the next OS startup.
      3. Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.

    • Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows storage and filesystems, Windows app platform and frameworks, Windows virtualization and kernel, Windows wireless networking, and Windows Server.

    If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

    For more information about the resolved security vulnerabilities, see the Security Update Guide.

    Known issues in this update

    Symptom Workaround
    Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you've created and Device Guard is enabled Microsoft is working on a resolution and will provide an update in an upcoming release.
    When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

    • "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
    • "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."
    Microsoft is working on a resolution and will provide an update in an upcoming release.

    How to get this update

    This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

    File information

    For a list of the files that are provided in this update, download the file information for cumulative update 4284819.


    Source: https://support.microsoft.com/en-us/...date-kb4284819


    Direct download links for KB4284819 MSU file from Microsoft Update Catalog:

    Download KB4284819 MSU for Windows 10 v1709 32-bit (x86) - 434.5 MB

    Download KB4284819 MSU for Windows 10 v1709 64-bit (x64) - 796.3 MB


    Brink's Avatar Posted By: Brink
    12 Jun 2018


  1. Posts : 170
    Win 10 Pro 2004
       #1

    Updated via windows with a bunch of Office updates. Appears ok, read: no initial surprises.
      My Computers


  2. Posts : 7,871
    Windows 11 Pro 64 bit
       #2

    I checked out the Powershell security check script in the reference https://support.microsoft.com/en-us/...erabilities-in. I ran the following Powershell script:

    Install the PowerShell Module
    PS> Install-Module SpeculationControl
    Run the PowerShell module to validate the protections are enabled
    PS> # Save the current execution policy so it can be reset
    PS> $SaveExecutionPolicy = Get-ExecutionPolicy
    PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser
    PS> Import-Module SpeculationControl
    PS> Get-SpeculationControlSettings
    PS> # Reset the execution policy to the original state
    PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

    My PC has all security updates and has a BIOS update to protect against Spectre. The InSpectre tool reports I'm protected.

    However, the above script reports the following:

    Speculation control settings for CVE-2018-3639 [speculative store bypass]
    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass mitigation is present: False
    Windows OS support for speculative store bypass mitigation is present: True
    Windows OS support for speculative store bypass mitigation is enabled system-wide: False
    BTIHardwarePresent : True
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : True
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : False
    KVAShadowRequired : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled : True
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : False

    What is the significance of the report Windows OS support for speculative store bypass mitigation is enabled system-wide: False and is there something I need to set to enable protection?
      My Computers


  3. Posts : 170
    Win 10 Pro 2004
       #3

    MS certainly doesn't make much clear in one cogent assessment. Update microcode, BIOS and every MS update made available (including non-security) and then hack the registry. Why has MS left it to the user to enable mitigation? Has the exploit been seen in the wild? I'm cooling my jets on this one.
      My Computers


  4. Posts : 1
    Windows 10 Pro 1803
       #4

    Steve C said:
    What is the significance of the report Windows OS support for speculative store bypass mitigation is enabled system-wide: False and is there something I need to set to enable protection?
    This is the description of the return value:
    Windows OS support for branch target injection mitigation is enabled

    Maps to BTIWindowsSupportEnabled. This line tells you if Windows operating system support is enabled for the branch target injection mitigation. If it is True, hardware support and OS support for the branch target injection mitigation is enabled for the device, thus protecting against CVE-2017-5715. If it is False, one of the following conditions is the true:

    • Hardware support is not present.
    • OS support is not present.
    • The mitigation has been disabled by system policy.


    Understanding Get-SpeculationControlSettings PowerShell script output
      My Computer


  5. Posts : 23
    Windows 10, 64-bit
       #5

    Steve C said:
    What is the significance of the report Windows OS support for speculative store bypass mitigation is enabled system-wide: False and is there something I need to set to enable protection?
    https://support.microsoft.com/en-us/...erabilities-in
    Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown

    • Enable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) through the following registry settings (because they are not enabled by default)
    • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
    • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    • Note These registry changes require administrative rights and a restart.
      My Computers


  6. Posts : 7,871
    Windows 11 Pro 64 bit
       #6

    jeffrey said:
    https://support.microsoft.com/en-us/...erabilities-in
    Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown


    • Enable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) through the following registry settings (because they are not enabled by default)
    • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
    • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    • Note These registry changes require administrative rights and a restart.
    Thanks. I made the above changes and I still get the report "Windows OS support for speculative store bypass mitigation is enabled system-wide: False"
      My Computers


  7. Posts : 23
    Windows 10, 64-bit
       #7

    Steve C said:
    Thanks. I made the above changes and I still get the report "Windows OS support for speculative store bypass mitigation is enabled system-wide: False"
    What does the hardware support in that section show? As the other commenter stated:

    If it is False, one of the following conditions is the true:


    • Hardware support is not present.
    • OS support is not present.
    • The mitigation has been disabled by system policy.


    If hardware support is not present, check for a bios update from your OEM / device manufacturer.
      My Computers


  8. Posts : 7,871
    Windows 11 Pro 64 bit
       #8

    jeffrey said:
    What does the hardware support in that section show? As the other commenter stated:

    If it is False, one of the following conditions is the true:


    • Hardware support is not present.
    • OS support is not present.
    • The mitigation has been disabled by system policy.


    If hardware support is not present, check for a bios update from your OEM / device manufacturer.
    Hardware support is not present as in Post 2. Gigabyte appears uninterested in updating the BIOS for 6 year old motherboards.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:57.
Find Us




Windows 10 Forums