August 'Patch Tuesday' updates now rolling out

By Dan Thorp-Lancaster
published

The latest monthly batch of Windows 10 fixes is now available.

It's the second Tuesday of August, which means it's time for another batch of "Patch Tuesday" updates from Microsoft. As with previous Patch Tuesday releases, these cumulative updates don't contain any new features. Rather, you'll find a slew of fixes on board for supported versions of Windows.

If you're on Microsoft's latest Windows 10 release, the April 2018 Update, you'll find today's fixes in KB4343909 (build 17134.228) (opens in new tab). This release also packs updates for Microsoft HoloLens. Here's a look at what's new:

  • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
  • Addresses an issue that prevents apps from receiving mesh updates after resuming. This issue occurs for apps that use Spatial Mapping mesh data and participate in the Sleep or Resume cycle. Ensures that Internet Explorer and Microsoft Edge support the preload="none" tag.
  • Addresses an issue that prevents some applications running on HoloLens, such as Remote Assistance, from authenticating after upgrading from Windows 10, version 1607, to Windows 10, version 1803.
  • Addresses an issue that significantly reduced battery life after upgrading to Windows 10, version 1803. Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update. Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is "This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement." For more information, see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200 and https://www.windowscentral.com/e?link=https%3A%2F%2Fclick.linksynergy.com%2Fdeeplink%3Fid%3DkXQk6%252AivFEQ%26mid%3D24542%26u1%3DUUwpUdUnU57966%26murl%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-us%252F%253Fref%253Daka&token=RPOeV2k0

If you're still running a PC on the Fall Creators Update, you'll find a similarly short set of fixes with KB4343897 (build 16299.611) (opens in new tab). Here's a look:

  • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
  • Updates support for the draft version of the Token Binding protocol v0.16.
  • Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after the May 2018 Cumulative Update is installed.
  • Ensures that Internet Explorer and Microsoft Edge support the preload="none" tag.
  • Addresses an issue that displays "AzureAD" as the default domain on the sign-in screen after installing the July 24, 2018 update on a Hybrid Azure AD-joined machine. As a result, users may fail to sign in in Hybrid Azure AD-joined scenarios when users provide only their username and password.
  • Addresses an issue that adds additional spaces to content that's copied from Internet Explorer to other apps.
  • Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is "This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement". For more information, see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200 and https://www.windowscentral.com/e?link=https%3A%2F%2Fclick.linksynergy.com%2Fdeeplink%3Fid%3DkXQk6%252AivFEQ%26mid%3D24542%26u1%3DUUwpUdUnU57966%26murl%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-us%252F%253Fref%253Daka&token=RPOeV2k0
  • Security updates to Windows Server.

A similar set of updates are also rolling out across older versions of Windows 10, including for PCs on the Creators Update and Anniversary Update. If you're ready to get your hands on these fixes, you can grab the latest updates now via Windows Update.

Dan Thorp-Lancaster
Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

19 Comments
  • Downloading it now on Lumia 950....
    OS Build: 15254.527
  • Has been a scary one for my 950. It stayed on the blue windows logo screen for about 35 minutes. I just hooked it to my computer and was about to start WDRT and it just kicked into "WE'RE GETTING THERE.. ..and it will be worth the wait".
  • Same happened to mine...I guess it just needed an oomph from the AC/DC juice to get rid of its hiccup! It's all good now. Make sure to soft reset it after the update is complete...
  • Downloading it now on Lumia 650....
  • Downloading it now on my LG V30.... Oh wait, I almost forgot this isn't a Microsoft made OS.
  • Do you get regular updates on your LG V30? I've had my eye on this phone for a while but I have no idea how good/bad LG is at updating.
  • In my experience (on the LG G5), not very. Definitely hoping they get smart fast and start pushing software updates more quickly with the help of Project Treble, since that would put a good bit ahead of Samsung's phones (for those users who care about OS updates, at least).
  • This is one of the reasons I passed on the LG phones when I was forced off my Lumia 950 XL in order to keep access to work-related data on my phone. Ultimately I went for a Pixel 2 XL to avoid OEM and carrier delays to updates. Still miss my W10M home screen.
  • Downloading on my Idol 4S with Windows 10, Lumia 950, Lumia 950XL.
  • Downloaded on my Microsoft Lumia 640 LTE, moving the build from 10.0.15063.1206 to 10.0.15063.1266.
  • I got it and it somehow made my PC (running an AMD Ryzen 2500U) a bit snappier/faster....don't know what it changed but I'm glad!
  • It's got some speed improvements for Ryzen.
  • Really? Where did you read that? I know the changelog says it fixed issues on some AMD CPUs but it referred to
    previous generation ones before Ryzen.
  • While true, it mentioned fixed performance degradations related to AMD exploits firmware/updates. That's what I though lt as least, it would apply to all their CPUs.
  • Yeah, figures. In any case, I am one happy camper. My laptop also runs cooler, too (average used to be 48C at idle now it's at 44-42ish)
  • This patch seems cool. The lag is gone for now. Fingers crossed
  • Lumia 1520 had an update waiting for restart when I got home and I checked after reading this. Good to hear about the Ryzen optimizations/fixes. I just built a Ryzen rig. I'll watch to see if there are any improvements. Thanks Windows Central and the community for pointing it out!!
  • I want to know of mocrosoft wilp be sending regular firmware updates to the surface go like they do all orher surfaces except surface 3
  • Of course it does. And the S3 is also still supported. It also got the massive waive of updates the SP3 and SP4 got as well