April 9, 2019 - KB4493467 (Security-only update) for Windows 8.1

April 9, 2019 - KB4493467 (Security-only update)

Applies to: Windows 8.1, Windows Server 2012 R2

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4489893 (released March 19, 2019) and addresses the following issues:

• Provides protections against Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) for VIA-based computers. These protections are enabled by default for the Windows Client, but disabled by default for Windows Server. For Windows Client (IT Pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable or disable these mitigations for VIA-based computers.
• Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations.
• Addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings.
• Addresses an issue that may cause authentication issues for Internet Explorer 11 and other applications that use WININET.DLL. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons.
• [UPDATED 4/11] Addresses an issue that may cause compound document (OLE) server applications to display embedded objects incorrectly if you use the PatBlt API to place embedded objects into the Windows Metafile (WMF).
• Security updates to Windows Storage and Filesystems, Windows Server, Microsoft Graphics Component, Windows Input and Composition, Windows Datacenter Networking, Windows Kernel, Windows MSXML, Windows SQL components, and the Microsoft JET Database Engine.

For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

[UPDATED 4/22] Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update - Sophos Community

[ADDED 4/12]

[ADDED 4/12] Avast Knowledge Base

How to get this update

This update is now available for installation through WSUS.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for update 4493467.

Source: https://support.microsoft.com/en-us/help/4493446

Direct download links for KB4493467 MSU file from Microsoft Update Catalog:

Download KB4493467 MSU for Windows 8.1 32-bit (x86) - 27.0 MB

Download KB4493467 MSU for Windows 8.1 64-bit (x64) - 39.8 MB

 

[erpster4]

it seems that the KB4493467 security-only update can cause lockups if any Sophos antivirus product is installed.

Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update - Sophos Community

if KB4493446 or KB4493467 is installed along with Sophos, remove/uninstall either update and wait for a fix from either Microsoft or Sophos

 

[Brink]

"Improvements and fixes" updated 4/10.

 

[erpster4]

it looks like the KB4493467 security-only update also causes problems with Avira and Avast as well.
they also recommend removing this update until they can provide new fixes for their software.

Why does my system run very slow?
Avast Knowledge Base

 

[Brink]

Windows 7 problems: Microsoft blocks April updates to systems at risk of freezing | ZDNet

 

[Brink]

Update reissued.

 

[Brink]

UPDATE 4/12:

New known issue added.

 

[Brink]

UPDATE 4/22:

Known issues updated. See first post for more details.