KB4343897

詳細情報

KB番号 KB4343897
リリース日 2018/08/14
Windowsバージョン Windows 10 1709
ビルド番号 16299.611
URL(英語) https://support.microsoft.com/en-us/help/4343897
URL(日本語) https://support.microsoft.com/ja-jp/help/4343897
ダウンロード Microsoft Update Catalog

ハイライト

改良点

  • Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)

  • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).

  • Updates support for the draft version of the Token Binding protocol v0.16.

  • Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after the May 2018 Cumulative Update is installed.

  • Ensures that Internet Explorer and Microsoft Edge support the preload="none" tag.

  • Addresses an issue that displays “AzureAD” as the default domain on the sign-in screen after installing the July 24, 2018 update on a Hybrid Azure AD-joined machine. As a result, users may fail to sign in in Hybrid Azure AD-joined scenarios when users provide only their username and password.

  • Addresses an issue that adds additional spaces to content that's copied from Internet Explorer to other apps.

  • Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement”. For more information, see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200 and https://aka.ms/PSModuleFunctionExport .

  • Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.

  • Addresses a vulnerability issue by correcting the way that the .NET Framework handles high-load or high-density network connections. For more information, see CVE-2018-8360.

  • Security updates to Windows Server.

既知の不具合

Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you've created and Device Guard is enabled

After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time for Windows 10, version 1709. 

If you believe that you are affected by this issue, please contact Microsoft Support.

When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

  • "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."

  • "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."

After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time for Windows 10, version 1709. 

If you believe that you are affected by this issue, please contact Microsoft Support.

After installing this update, Windows no longer recognizes the Personal Information exchange (PFX) certificate that’s used for authenticating to a Wi-Fi or VPN connection. As a result, Microsoft Intune takes a long time to deliver user profiles because it doesn’t recognize that the required certificate is on the device.

This issue is resolved in KB4464217.

ハイライト

準備中です

改良点

準備中です

既知の不具合

準備中です