08
May 18

Microsoft Patch Tuesday, May 2018 Edition

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness.

First, the Flash Tuesday update, which brings Flash Player to v. 29.0.0.171. Some (present company included) would argue that Flash Player is itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.

You can check if your browser has Flash installed/enabled and what version it’s at by pointing your browser at this link. Adobe is phasing out Flash entirely by 2020, but most of the major browsers already take steps to hobble Flash. And with good reason: It’s a major security liability.

Google Chrome blocks Flash from running on all but a handful of popular sites, and then only after user approval. Disabling Flash in Chrome is simple enough. Paste “chrome://settings/content” into a Chrome browser bar and then select “Flash” from the list of items. By default it should be set to “Ask first” before running Flash, although users also can disable Flash entirely here or whitelist/blacklist specific sites. If you spot an upward pointing arrow to the right of the address bar in Chrome, that means there’s an update to the browser available, and it’s time to restart Chrome.

For Windows users with Mozilla Firefox installed, the browser prompts users to enable Flash on a per-site basis.

Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user’s preference on subsequent visits. Microsoft users will need to install this month’s batch of patches to get the latest Flash version for IE/Edge, where most of the critical updates in this month’s patch batch reside.

According to security vendor Qualys, one Microsoft patch in particular deserves priority over others in organizations that are testing updates before deploying them: CVE-2018-8174 involves a problem with the way the Windows scripting engine handles certain objects, and Microsoft says this bug is already being exploited in active attacks.

Some other useful sources of information on today’s updates include the Zero Day Initiative and Bleeping Computer. And of course there is always the Microsoft Security Update Guide.

As always, please feel free to leave a comment below if you experience any issues applying any of these updates.

Tags: , , , , , , ,

46 comments

  1. The Sunshine State

    Has anyone had problems with Windows 10 1803 with the May 2018 cumulative updates?

    • I personally haven’t. I’ve installed it on 2 x99 based desktops, a surface pro 3 & 4, a Dell laptop that’s about a year old with an i5 (unsure what model i5) and a Ryzen 1700 based system.

      All installed fine and haven’t had issues afterwards but I’ve heard some people have…I’ve also heard some people forced the last creators update early and that might be causing the issue…but I also did that and it didn’t cause problems for me despite Microsoft telling me 1709 was incompatible with my hardware.

      All I can say besides that is all my firmware and drivers were up to date when I ran win update EXCEPT I didn’t have the Intel microcode firmware update installed on my motherboard bios which was on purpose although it was installed on the 2nd too system I have so that’s probably a dead end too.

      • The Sunshine State

        Thanks

      • Yes, I have had problems. I installed 1803 and had it working fine for several days when the May Patch Tuesday update came out. The May update seemed to download and install OK, but when it came time to restart I got a “Please Wait” with the circular rotating dots…. forever. It’s still going — some 2 hours later. PC is a Dell XPS8930.

        • How could you solve the issue? I also have Dell and same thing is going on…its been more than two hours now

          • Wish I knew. So far, no resolution here.

          • Update…. spent some quality time on the phone with Dell since a service agreement came with the purchase of my PC and was still in force. The only thing that worked was a system restore. Fortunately, my restore point was made just a few hours before the restart that caused the “infinite spinning dots”.

            • Thanks for your reply. After5 hours of dots I entered safe mode and was able to restore my computer to 5th may. Then I said ok let’s try again the update to see if that would work a second time but have again this infinite rotating dots….uuugghhh

          • I called Microsoft. The tech told me to power down. Then power up and when the Splash Screen for the PC appears, power down again until you see a prompt to Repair the installation. Follow the prompts and choose advanced options. I finally went to a restore point that I created before the Patches. I found that 1803 before the Patch Tuesday problems worked just fine.

        • I have the same problem – endless spiralling circle during restart. I’m in the midst of trying the most recent restore point now (still “restoring files”). I’ve never had good luck with restore points in the past, but fingers crossed! I wonder if this is going to prove yo be a major known issue with the May 2018 patch-Tues update.

          • Further: System restore worked. MS apparently saved a restore point immediately prior to the update. I have disabled the Windows Update service (obviously not an acceptable long term solution). My computer is an ASUS R751J laptop. I’m thinking some kind of software or driver incompatibility — any other thoughts? I use Avast (free) with Cybereason RansomFree, WinPatrol, and a couple of cloud services. Not sure if a graphics driver might be playing a role, as this shows up as common culprit in spinning-circle restart hangs. Anything sound familiar — or any other thoughts? Sounds as if there is enough of a pattern here that MS needs to get on top of it and solve it.

        • Round two of the install during my inactive hours last night resulted in spinning dots again this morning. Performed another System Restore and pushed the update out as far as possible, but I don’t think there is a way to turn it off entirely in the Home edition. If anyone finds a permanent fix — short of a different OS — please post it here.

        • There’s a fair amount of buzz on the web today that was not there yesterday as more and more people experience this problem. If you are using iObit’s Advanced System Care, the solution described toward the end of this webpage about turning off the ASC service may just do the trick. Worked for me. KB4103721 has now been installed successfully on my PC and there are no rotating dots on restart. See https://windowsreport.com/kb4103721-bugs/

      • After the May 8 update, I could not log into many servers with Remote Desktop Connection Manager or RDP. CredSSP was the problem. All servers and workstations need to have the update installed simultaneously. There is a workaround that defeats the security.

        Also, Edge does not seem to work any more. Don’t use it so it doesn’t matter.

    • Yes, I have an engineer running Win10, and after the update he can no longer print to any printer. He has a big HP plotter, an HP deskjet, and two Konica-Minolta Bizhub printers, ALL of which no longer work.
      I have un-installed/re-installed repeatedly, but he simply cannot print anywhere, at all.
      Does anyone have a guess how to fix this?

      • Are those printing devices slaved directly to that one CPU, or networked? If the latter, there’s a good chance the problem lies somewhere in your newly-replaced network settings where the update had overwritten the older settings that worked. I would have thought your re-installation efforts would have fixed any networking issues in the process of being installed as a network device, but that’s about the only aspect where a problem with the communication might prevent printing and not generate some sort of error message. Is there a print queue which forms, or does the print job simply disappear into the ether?

        • The plotter and the HP deskjet are both connected by USB. The two Konica-Minolta printers are networked.

          I’m about to give up and restore the factory image of windows. >.<

        • About the spooler, there isn’t a spool file hanging around, and there’s no error messages–it just disappears.

          • Whoops, let me correct myself: there IS an error message to the effect that the print driver is invalid.
            All four have evidently become invalid simultaneously. 😛

            • I am experiencing the exact same issues with printing, with same error “Current print driver invalid”. did you find a solution?

    • The May Microsoft Update has caused my computer to not boot up. I had to reinstall the Windows 10 because of this. HP said a lot of computers are having issues. Microsoft should not put out something that has this type of problems.

  2. Perhaps worth adding: May’s updates for Win-7 include KB4099633 (2018-05 Security and Quality Rollup for .NET Framework … ). Learned from past KoS Patch Tuesday posts, I installed the other Windows updates first (including restarting) and then installed the .NET Framework update. The only speedbump: after installing the .NET Framework update, one machine I wrangle required two restarts before significant apps (e.g.: Microsoft Security Essentials, EMET) started. And the re-starts were notably longer than usual. All’s well that ends well, I suppose.

  3. I’ve been trying to get in touch with you [via telephone], Brian. Is there another way I could possibly contact you?

  4. I’m inquiring about Chrome and it’s use of HTML5 vs. standard Flash plugin. Is there a way to ensure that it is doing so at this point?

  5. No major problems on either of my two Win10H laptops or Win7U desktop, though I did hold the .NET update on the latter to a 2nd run after the first batch had been installed. One of the former did experience a really long period of processing on one particular update (don’t recall which). It eventually completed and all rebooted to normal operation.

  6. In the business world we’re seeing problems with the May 2018 update. We have a Microsoft RDS environment (cloud/virtual machines) and all the computers in our network that updated can no longer connect to their RDS apps. I’m so happy M$ made the “smart” decision to force updates on business computers :/

  7. We’ve had some users with Symantec PGP and power policies enabling Hibernate on Win10 pro get stuck in a BSOD loop…

  8. I run Firefox, and every time it asks me to enable Flash Player I tell it no. It is so buggy, and I dont want it on my computer, and I’ve never experienced a problem with running whatever Flash said I needed it for. I dont intend to change, either.

  9. There’s way my device freezes when I install it

  10. No risk is you don’t update anything….hahahha

  11. I have been waiting for the experts on this subject to
    tell me when it is SAFE to revert to Windows auto-update – they having told me it was not safe during the
    last fiasco – Win8.1 by the way

  12. My DELL has an m2 boot drive. I clone it weekly to another m2. I’ve been down this road too many times with MS over the years where the restore points fail. I use acronis to restore any lost data from failure point. Then reclone defective m2 so I have backup. Paranoid. But stable

  13. 67 holes for an Operating System that is almost 3 years old and supposedly the last version of Windows . I see why many stick to other Operating systems and Windows 7 myself.

    • Windows 7 is about 9 years old, and if we’re to go purely by the windows update count has something like 300-ish “holes” since release.

      Not sure your complaint addresses the slings and arrows of any particular operating system so much as it addresses the issues of “Operating Systems in general”.

      That said I’d agree that the fatalistic pronouncement of “Last Windows version you’ll ever need” is at best sales pablum (as a marketing tool), and at worst abysmally moronic (as a governing philosophy).

  14. Arthur Mildenberger

    The latest update makes all my documents inaccessible. It automatically reverts to Windows broswer every time I turn the cmputer on, even though I say to make Chrome my browser

  15. Art Mildenberger

    I choose chrome as my browser, but every time I restart my computer it revers back to windows browser. I can find my file categories, but they’re all empty. Where are my documents?

    • Win10 likes to start Edge when you come back from the latest update- so it can show a page telling you about how awesome the latest update is.

      It doesn’t however mean that it swapped your default browser for Edge. It will open that page in edge regardless of your default browser handling html docs.

      There are other minor disturbances during big updates like this one, but documents “disappearing” is new on me.

  16. I have Flash disabled on my Mac using Firefox.
    Can anyone tell me if it is still vulnerable to attack?
    Thanks. This is such a helpful site for me.

  17. I have had the exact same problem as people above but using system restore hasn’t helped because my laptop crashes as it restarts and can’t complete system restore. Any help please?!

  18. Yesterday I caught windows update installing an update even with automatic updates disabled; After looking, I had it set to
    “notify” but do not download or install; Over the last 2-3 months, I had forgot to disable windows update and bits for only a couple days; I typically turn it on once a week or so only. DoD, NSA, US Army, intelligence, other agencies may use this as a vector to install malware, it has been used to do so in the past.

  19. I mean to say, I had forgot to disable it only once… and low and behold, its doing things its not supposed to be doing. Here is a blocklist of the aforementioned https://github.com/rugabunda/AsusWRTPurity/blob/master/NSA-DOD-PRISM-ARMY-BLOCKLIST-CIDR

  20. Brian

    Installed latest Patch Tuesday updates on May 9 and was sent to the hospital on the following Saturday. Wife tried to login immediately afterwards and login failed with a “could not connect to System Event Notification service” error. When I returned to service this week, we noticed that admin login also got the warning but was allowed. Tried the “netsh winsock reset”; that cleared the message for admin, but as soon as wife logged in, the error came back.

    Interestingly, when admin logs in first and then does a Switch User, that login is accepted (as long as we don’t shutdown.)

    As of now, I restored to a restore point before the Tuesday update and everything is working fine. Suspect the Net … Security Rollup KB 4099633, but haven’t verified this. My PC is running Windows 7 with all updates except the current one.

    Thanks for anything you might be able to suggest.

    John

  21. Well, not about the May patch Tuesday update, May and update.

    Lenovo Ideapad 110, W10.
    Machine was not turned on between January 25 and March 9. After March 9 all th available updates were installed, incl. the one from Patch Tuesday May (May actually had two different ones on different dates.

    A couple of days ago notice pops up that a W feature update is available (even though W says it is up to date).
    So I proceed to install the Feature update (I think it was dated in February). It goes very slow, thru the notices of how the configuring is proceeding. After the third reboot a screen pops up that asks to select the language for keyboard configuration. Once that is done the next screen says “choose sn option”. Five options are offered, use a device, use another operating system, turn off your PC, Windows rollback, and troubleshoot.
    Choosing some of these options it tells me it can’t repair the boot-up, no restore point is available, and so on.
    Pressing any of the F (or Fn+F) keys at the start of the boot-up elicits no response.
    There’s a onekey recovery on the machine, but that would wipe out all the data.
    Any ideas?

    • I’m having similar issues. Blue screen. Asks what language for the Keyboard. Click US. Goes to those prompts’rollback”; windows 10 3; Windows 10 3…none of these give me anything that works. Restore to previous version says not enough space; troubleshoot says no restart point; etc. etc. then a black screen with “HI’ this might take several minutes – don’t turn off your PC leave everything to us – then a box comes up to say “32 something or other can not be found – screen goes black with just the recycle bin in the corner! YIKES HELP