Skip to main content

Microsoft Security Updates January 2018 release

Welcome to the first Microsoft Patch Day review of the year 2018. Microsoft released security updates for all supported versions of Windows and other company products on January 9, 2018.

This overview offers information on the release. It covers all security updates and non-security updates that Microsoft released since the last Patch Day in December.

It begins with an executive summary that lists the highlights of this month’s Patch Day. The operating system distribution, and the actual patches that Microsoft released follow afterward. If Microsoft published Security Advisories and if there are Known Issues, those are covered as well.

The last part guides you through the downloading and installing of the updates on Windows PCs. You find direct downloads for all cumulative updates and a resource section there.

 

Microsoft Security Updates January 2018

The following Excel spreadsheet lists all security updates for all Microsoft products that the company released in January 2018. Download it with a click on the following link: Microsoft-windows-updates-january-2018.zip

Microsoft released an out-of-band update for Windows 10 and other supported versions of Windows on January 4, 2018. Microsoft expects users who use systems with 2015 or older CPUs to see a decrease in performance after installing the patches.

Executive Summary

  • Microsoft released security patches for all supported client and server versions of the Windows operating system.
  • Security updates are also released for Microsoft Edge, Internet Explorer, Microsoft Office, SQL Server, .NET Framework, .NET Core, ASP.NET Core and Adobe Flash
  • No critical updates for any supported version of Windows.
  • Cumulative updates are only distributed to systems who did not install them earlier (released as out-of-bound patches on January 4).

Operating System Distribution

  • Windows 7: 7 vulnerabilities of which 7 are rated important
  • Windows 8.1: 10 vulnerabilities of which 10 are rated important
  • Windows 10 version 1607: 11 vulnerabilities of which 11 are rated important
  • Windows 10 version 1703: 11 vulnerabilities of which 11 are rated important
  • Windows 10 version 1709: 11 vulnerabilities of which 11 are rated important

Windows Server products

  • Windows Server 2008: 7 vulnerabilities of which 7 are rated important
  • Windows Server 2008 R2: 7 vulnerabilities of which 7 are rated important
  • Windows Server 2012 and 2012 R2: 10 vulnerabilities of which 10 are rated important
  • Windows Server 2016: 9 vulnerabilities of which 9 are rated important

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities,  2 critical
  • Microsoft Edge: 17 vulnerabilities, 14 critical, 3 important

Security Updates

KB4054173 — Security Only Update for .NET Framework 4 on WES09 and POSReady 2009

KB4054178 — Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009

KB4055229 — Security Only Update for .NET Framework 3.0 on WES09 and POSReady 2009

KB4055265 — Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4055266 — Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4055267 — Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4055269 — Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4055270 — Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4055271 — Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Windows Server 2012 R2

KB4055272 — Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4055532 — Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4056888 — Windows 10 version 1511 cumulative update

  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows Graphics, Windows Kernel, Windows Datacenter Networking, Windows Virtualization and Kernel, and the Windows SMB Server.

KB4056899 — Security only Quality Update for Windows Server 2012 and Windows Embedded 8 Standard

KB4056890 — Windows 10 version 1607 cumulative update

  • Security updates to Microsoft Edge, Internet Explorer, Windows Graphics, Windows Kernel, Windows Datacenter Networking, and Windows SMB Server.

KB4056891 — Windows 10 version 1703 cumulative update

  • Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Graphics, Windows Kernel, Windows Subsystem for Linux, and the Windows SMB Server.

KB4056892 — Windows 10 version 1709 cumulative update

  • Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
  • Addresses issue where printing an Office Online document in Microsoft Edge fails.
  • Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
  • Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
  • Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
  • Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
  • Addresses issue where update installation may stop at 99% and may show elevated CPU or disk utilization. This occurs if a device was reset using the Reset this PC functionality after installing KB4054022.
  • Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.

KB4056893 — Windows 10 RTM cumulative update

  • Fixes an excessive memory usage issue with smart cards on a Windows Termina system.
  • Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics.

KB4056894 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

  • Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics.

KB4056895 — Windows 8.1 and Windows Server 2012 R2 cumulative update

KB4056568 — Cumulative security update for Internet Explorer: January 3, 2018

KB4056887 — Security Update for Adobe Flash Player for Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

Known Issues

  • Incompatibility with some antivirus programs. Workaround is to set a key in the Registry.
    • Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat”Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”Type=”REG_DWORD”Data=”0x00000000”
  • Unbootable State issues for some AMD devices. Windows OS updating halted until issue is resolved.

Security advisories and updates

ADV180001 | January 2018 Adobe Flash Security Update

ADV180002 — Guidance to mitigate speculative execution side-channel vulnerabilities

ADV180003 — Microsoft Office Defense in Depth Update

Non-security related updates

KB4056868 — Compatibility update for upgrading to Windows 10 1703

KB4057760

KB890830 — Windows Malicious Software Removal Tool – January 2018

KB4057903 — Update for Windows Server 2012 R2 for x64-based Systems  — Hyper-V integration components update for Windows virtual machines

KB4033339 — Microsoft .NET Framework 4.7.1 Language Packs

KB4033342 — Microsoft .NET Framework 4.7.1 for Windows 7 and Windows Server 2008 R2

KB4033343 — Microsoft .NET Framework 4.7.1 Language Packs for Windows Embedded 8 Standard and Windows Server 2012

KB4033345 — Microsoft .NET Framework 4.7.1 for Windows Embedded 8 Standard and Windows Server 2012

KB4033369 — Microsoft .NET Framework 4.7.1 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4033393 — Microsoft .NET Framework 4.7.1 for Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, and Windows 10

KB4033417 — Microsoft .NET Framework 4.7.1 Language Packs for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4033418 — Microsoft .NET Framework 4.7.1 Language Packs for Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, and Windows 10

Microsoft Office Updates

Microsoft released non-security patches for Office on January 3, 2018.

Office 2016

KB4011627 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.  Fixes a (non-security) crash issue in Excel during background error checking when copying sheets between workbooks.

KB4011574 — Security update for Microsoft Office 2016 fixes eight Common Vulnerabilities and Exposures.

KB4011632 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. Fixes non-security issues.

  • Attachment menus are disabled when you view Information Rights management e-mails.
  • PowerPoint 2016: Missing option to insert online pictures from OneDrive.
  • PowerPoint 2016: When using Insert Online Pictures or Insert Online Video, content is loaded in browser windows.
  • Improves Chinese Simplified and Chinese Traditional translations.

KB4011626 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. Fixes non-security issues in Outlook 2016.

  • Fixes an issue where cancelling one attachment would cancel them all.
  • Some attachments are not removed when forwarding emails that contain inline messages and the “read all mails as plain text” check box is checked.

KB4011643 — Fixes several vulnerabilities in Microsoft Word 2016.

KB4011622 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.. This update adds a registry key that enables authentication to be proceeded even if the Online Content is disabled.

Office 2013

KB4011639 — Excel 2013 —  This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

KB4011580 — Office 2013 — Same description as KB4011639

KB4011636 — Office 2013 — Same description as KB4011639. Fixes the following non-security issues:

  • PowerPoint 2013 — Same issues as described in KB4011632
  • This update adds support for Office add-ins that are signed by using catalog signatures in Office 2013.
  • Improves Chinese Simplified and Chinese Traditional translation.

KB4011637 — Outlook 2013 — Same security description as KB4011626. Fixes the following non-security issues:

  • Third-party MAPI providers may be blocked despite being in the Outlook profile.
  • When you send an email message from Outlook.com to a recipient outside of Office 365, the recipient always gets a winmail.dat attachment in the message.

KB4011651 — Word 2013 — Same as KB4011643

Office 2010

KB4011660 — Excel 2010 — Same description as KB4011639.

KB4011658 — Office 2010 — Resolves vulnerabilities on Office 2010.

KB4011610 — Office 2010 — Resolves even more vulnerabilities in Office 2010.

KB4011611 — Office 2010 — Same security description as KB4011639.

KB4011273 — Outlook 2010 — Same security description as KB4011639. Fixes a non-security issue with third-party MAPI providers.

KB4011659 — Word 2010 — Same as KB4011643

Office 2007

KB4011602 — Excel 2007 — Same description as KB4011639.

KB4011606 — Excel Viewer 2007 — Same description as KB4011639.

KB4011607 — Microsoft Office Compatibility Pack SP3 — Fixes several vulnerabilities.

KB4011605 — Microsoft Office Compatibility Pack SP3 — Same description as KB4011639.

KB4011201 — Microsoft Office Suite 2007 — Same description as KB4011639.

KB4011656 — Microsoft Office Suite 2007 — Fixes several vulnerabilities.

KB4011213 — Outlook 2007 — Same description as KB4011639.

KB4011657 — Word 2007 — Same as KB4011643

KB4011641 — Word Viewer 2007 — Same description as KB4011639.

Also, updates for SharePoint Server 2016, 2013, 2010, Project Server 2013 and 2010, and SharePoint Foundation 2013 and 2010.

How to download and install the January 2018 security updates

microsoft windows updates january 2018

We recommend that you back up the system partition before you install any Windows update. This gives you an option to restore the old state of the system if updates cause issues on the system.

Windows users may use Windows Update to download and install the patches, the Microsoft Update Catalog, or third-party programs. Windows Update does not check for updates in real-time. You can run an update check at any time in the following way:

  1. Tap on the Windows-key to bring up the Start menu.
  2. Type Windows Update, and select the result to load the interface.
  3. Windows may run a check for updates automatically, or with a click on the “check for updates” option on the page.
  4. Updates may be downloaded automatically then, or on user request.

Direct update downloads

The following links point to the Microsoft Update Catalog website. You can follow the links to download the updates to the local system.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4056894 — 2018-01 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4056897 — 2018-01 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

  • KB4056895 — 2018-01 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems

  • KB4056898 — 2018-01 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10  (version 1507)

  • KB4056893 — Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

  • KB4056890 — 2018-01 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4056891 — 2018-01 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4056892 — 2018-01 Cumulative Update for Windows 10 Version 1709

Additional resources

Now You: How was your updating experience this month?

 

This article was first seen on ComTek's "TekBits" Technology News

HOME