October 2018 Security Updates

October 2018 Security Updates






The October security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Core
  • PowerShell Core
  • SQL Server Management Studio
  • Microsoft Exchange Server
  • Azure IoT Edge
  • Hub Device Client SDK for Azure IoT
  • Yammer Desktop Application

Please note the following information regarding the security updates:

  • Customers running Windows 7 or Windows Server 2008 R2 need to ensure they have Servicing Stack Update (SSU) 3177467 installed before installing the October 2018 security updates, to avoid a failure to install. See Microsoft Knowledge Base Article 3177467 for more information about this SSU.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

Known Issues

 

10/19/2018 Yammer Desktop App What’s New In Yammer Security Update Remote Code Execution CVE-2018-8569
10/09/2018 Windows 8.1 for x64-based systems 4462926 Monthly Rollup Information Disclosure CVE-2018-8493
4462941 Security Only
10/09/2018 Windows 10 Version 1607 for x64-based Systems 4462917 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1607 for 32-bit Systems 4462917 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 for x64-based Systems 4462922 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows Server 2012 R2 4462926 Monthly Rollup Information Disclosure CVE-2018-8493
4462941 Security Only
10/09/2018 Windows 10 for 32-bit Systems 4462922 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows RT 8.1 4462926 Monthly Rollup  Information Disclosure CVE-2018-8493
10/09/2018 Windows Server 2016 4462917 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows Server 2016 (Server Core installation) 4462917 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1703 for x64-based Systems 4462937 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1703 for 32-bit Systems 4462937 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1709 for 32-bit Systems 4462918 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1709 for 64-based Systems 4462918 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows Server, version 1709 (Server Core Installation) 4462918 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1803 for 32-bit Systems 4462919 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows 10 Version 1803 for x64-based Systems 4462919 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows Server, version 1803 (Server Core Installation) 4462919 Security Update Information Disclosure CVE-2018-8493
10/09/2018 Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 Monthly Rollup Remote Code Execution CVE-2018-8494
4463104 Security Only
10/09/2018 Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462923 Monthly Rollup Remote Code Execution CVE-2018-8494
4462915 Security Only