Microsoft has started rolling out new cumulative updates for Windows 10 April 2018 Update (version 1803) and Windows 10 Fall Creators Update (version 1709). The update fixes a variety of issues in Windows 10. 

To install the latest patch on your system, head to Settings -Update & Security -Windows Update and select Check for updates. As always, you can download and install this update manually from here.

Build 17134.228 for Windows 10 April 2018 Update

If you are currently using Windows 10 April 2018 Update, you will be offered KB4343909 by Windows Update and after installing it, Windows will be upgraded to build 17134.228.

The full list of changes are below:

  • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). We reported on this new vulnerability here.

    To make sure that previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled, you can use the registry settings explained in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
  • Addresses an issue that prevents apps from receiving mesh updates after resuming. This issue occurs for apps that use Spatial Mapping mesh data and participate in the Sleep or Resume cycle. 
  • Ensures that Internet Explorer and Microsoft Edge support the preload="none" tag. 
  • Addresses an issue that prevents some applications running on HoloLens, such as Remote Assistance, from authenticating after upgrading from Windows 10, version 1607, to Windows 10, version 1803. 
  • Addresses an issue that significantly reduced battery life after upgrading to Windows 10, version 1803. 
  • Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update. 
  • Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement.” 
  • Security updates to Windows Server.

Microsoft has stated that there are no known issues with this build and it should be safe to install for everyone.

For more detailed information about the vulnerabilities fixed in this release, you can view our dedicated security update article.

Build 16299.611 for Windows 10 Fall Creators Update

If you are using Windows 10 Fall Creators Update, then you will be KB4343897 instead. Once installed, this update will change the build number of Windows 10 to 16299.611. For those interested, you can manually download it from here.

It contains the following fixes:

  • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646).  A dedicated article on this vulnerability can be found here.

    Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)

  • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).

  • Updates support for the draft version of the Token Binding protocol v0.16.

  • Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after the May 2018 Cumulative Update is installed.

  • Ensures that Internet Explorer and Microsoft Edge support the preload="none" tag.

  • Addresses an issue that displays “AzureAD” as the default domain on the sign-in screen after installing the July 24, 2018 update on a Hybrid Azure AD-joined machine. As a result, users may fail to sign in in Hybrid Azure AD-joined scenarios when users provide only their username and password.

  • Addresses an issue that adds additional spaces to content that's copied from Internet Explorer to other apps.

  • Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement”. For more information, see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200 and https://aka.ms/PSModuleFunctionExport.

  • Security updates to Windows Server.

For more detailed information about the vulnerabilities fixed in this release, you can view our dedicated security update article.

There are three known issues that Windows 10 users need to be aware of when installing the KB4343897 update.

According to the knowledge base article, the following issues exist and Microsoft is working on a fix for all three of them. These fixes will be released at a later date when they become available.

Known Issue #1:

Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you've created and Device Guard is enabled"

Known Issue #2:

When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

  • "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
  • "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."

Known Issue #3:

After you install any of the July 2018 .NET Framework Security Updates, a COM component fails to load because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors. The most common failure signature is the following:

Exception type: System.UnauthorizedAccessException

Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Related Articles:

Microsoft September 2018 Patch Tuesday Fixes 16 Critical Vulnerabilities

Microsoft Releases Windows 10 Cumulative Updates KB4346783 and KB4343893

Microsoft Plans to Make Monthly Windows 10 Updates Smaller in Size

Microsoft Released the Windows 7 & 8.1 KB4343901 & KB4343898 Cumulative Updates

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days