Microsoft has released the Windows 10 KB4482887 cumulative update for build 1809 that includes numerous fixes including Retpoline Spectre mitigation, a fix for an annoying Action Center bug, and numerous other bug fixes.
This update is available to all Windows 10 October 2018 Update (build 1809) users and can be installed through Windows Update. To install the update, simply go into Settings -> Update & Security -> Windows Update and then check for new updates.
We have outlined the most important changes in the new Window 10 cumulative update below.
Retpoline Spectre v2 mitigations
In January 2018, Google disclosed CPU vulnerabilities called Spectre and Meltdown that use speculative execution side channels to allow processes to access the memory of other programs that they would not normally have access to. This could allow malicious programs to steal data such a decryption keys, master passwords in password management programs, or sensitive emails that are being read from other program.
As these bugs are caused by the hardware design of CPUs, processor manufacturers had to release microcode updates that exposed instructions that could be used to mitigate these vulnerabilities. When Microsoft utilized these new CPU capabilities to release a Spectre fix, though, some users, especially those running older CPUs, found that the fixes caused a performance performance hit in Windows.
As explained by a new Microsoft article on retpoline, Microsoft has been working on a new fix that utilizes a mitigation called retpoline that was discovered by Google, which prevents a processor from entering “unsafe speculative execution”.
While still not as fast as not using mitigations at all, Microsoft has stated that the retpoline mitigations are much faster than Microsoft’s original fixes. In order to use these mitigiations users will need to be using an AMD processor or Intel Broadwell processors and earlier.
“This proves to be much faster than running all of kernel mode code with branch speculation restricted (IBRS set to 1). However, this construct is only safe to use on processors where the RET instruction does not speculate based on the contents of the indirect branch predictor. Those processors are all AMD processors as well as Intel processors codenamed Broadwell and earlier according to Intel’s whitepaper. Retpoline is not applicable to Skylake and later processors from Intel.”
Retpoline mitigations have been tested using Windows 10 Insider builds since build 18272 and with this update have now been backported to Build 1809. The fixes will not be enabled immediately, but will be done so over the next few months in order to make sure new issues do not pop up when utilized publicly.
“Over the coming months, we will enable Retpoline as part of phased rollout via cloud configuration. Due to the complexity of the implementation and changes involved, we are only enabling Retpoline performance benefits for Windows 10, version 1809 and later releases.”
Annoying Action Center bug fixed
With this update, Microsoft has finally fixed a bug that has been annoying Windows 10 October 2018 Update users for quite some time.
For some users, when they opened the Action Center it would appear briefly on the left side of the screen when opened and then move back to the right side.
This bug was originally fixed in Windows 10 Insider builds and has now been backported to Winddows 10 build 1809.
Full Changelog
The full list of changes in this fix are included below.
- Enables “Retpoline” for Windows on certain devices, which may improve performance of Spectre variant 2 mitigations (CVE-2017-5715). For more information, see our blog post, “Mitigating Spectre variant 2 with Retpoline on Windows”.
- Addresses an issue that may cause the Action Center to suddenly appear on the wrong side of the screen before appearing on the correct side.
- Addresses an issue that may fail to save some inked content in a PDF in Microsoft Edge. This occurs if you erased some ink quickly after starting the inking session and then added more ink.
- Addresses an issue that displays the media type as “Unknown” in the Server Manager for storage class memory (SCM) disks.
- Addresses an issue with Remote Desktop access to Hyper-V Server 2019.
- Addresses an issue that causes the republication BranchCache to take more space than it’s been assigned.
- Addresses a performance issue when establishing a Remote Desktop connection from a web Remote Desktop client to Windows Server 2019.
- Addresses a reliability issue that may cause the screen to remain black after resuming from Sleep if you close a laptop lid while disconnecting the laptop from a docking station.
- Addresses an issue that causes the overwriting of file on a shared folder to fail because of an Access Denied error. This issue occurs when a filter driver is installed.
- Enables peripheral role support for some Bluetooth radios.
- Addresses an issue that may cause printing to PDF to fail during a Remote Desktop session. This issue occurs while attempting to save the file and redirect drives from the client system.
- Addresses a reliability issue that may cause the main laptop screen to flash when resuming from Sleep. This issue occurs if the laptop is connected to a docking station that has an indirect display.
- Addresses an issue that displays a black screen and causes a Remote Desktop session to stop responding when using certain VPN connections.
- Updates time zone information for Chile.
- Addresses an issue that fails to register USB cameras correctly for Windows Hello after the out of box experience (OOBE) setup.
- Addresses an issue that prevents the Microsoft enhanced Point and Print compatibility driver from installing on Windows 7 clients.
- Addresses an issue that causes Termservice to stop working when Remote Desktop is configured to use a hardware encoder for Advanced Video Coding (AVC).
- Addresses an issue that locks a user account when you move applications to a shared platform using App-V.
- Improves the reliability of the UE-VAppmonitor.
- Addresses an issue that prevents App-V applications from starting and generates error 0xc0000225 in the log. Set the following DWORD to customize the maximum time for the driver to wait for a volume to be available:”HKLM\Software\Microsoft\AppV\MAV\Configuration\MaxAttachWaitTimeInMilliseconds”.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue that may prevent some applications from displaying the Help (F1) window correctly.
- Addresses an issue that causes flickering of the desktop and taskbar on Windows Server 2019 Terminal Server after using the User Profile Disk setup.
- Addresses an issue that fails to update a user hive when you publish an optional package in a Connection Group after the Connection Group was previously published.
- Improves performance related to case-insensitive string comparison functions such as _stricmp() in the Universal C Runtime.
- Addresses a compatibility issue with parsing and playback of certain MP4 content.
- Addresses an issue that occurs with the Internet Explorer proxy setting and the out of box experience (OOBE) setup. The initial logon stops responding after Sysprep.
- Addresses an issue in which the desktop lock screen image set by a Group Policy will not update if the image is older than or has the same name as the previous image.
- Addresses an issue in which the desktop wallpaper image set by a Group Policy will not update if the image has the same name as the previous image.
- Addresses an issue that causes the TabTip.exe touchscreen keyboard to stop working in certain conditions. This issue occurs when you use the keyboard in a kiosk scenario after replacing the default shell.
- Addresses an issue that may cause the new Miracast connection banner to remain open after a connection is closed.
- Addresses an issue that may cause virtual disks to go offline when upgrading a 2-node Storage Space Direct (S2D) cluster from Windows Server 2016 to Windows Server 2019.
- Addresses an issue that fails to recognize the first character of the Japanese Era name as an abbreviation and may cause date parsing issues.
- Addresses an issue that may prevent Internet Explorer from loading images that have a backslash (\) in their relative source path.
- Addresses an issue that may cause applications that use a Microsoft Jet database with the Microsoft Access 95 file format to randomly stop working.
- Addresses an issue in Windows Server 2019 that causes input and output timeouts when querying for SMART Data using Get-StorageReliabilityCounter().
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
To read the original article: