Overview

Microsoft has identified a severe compatibility issue with a small number of anti-virus software products.

Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

• The patches will be offered for deployment if the key exists.
• If key does not exist you will be offered the detection only version of this patch.

Affected patches:

• MS18-01-IE Q4056568 - Cumulative Updates for Internet Explorer
• MS18-01-SO7 Q4056897 - Security Only Update for Windows 7 and Server 2008 R2
• MS18-01-SO8 Q4056899 - Security Only Update for Server 2012
• MS18-01-SO81 Q4056898 - Security Only Update for Windows 8.1 and 2012 R2
• MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893 - Cumulative Update for Windows 10 and Server 2016

Affected CVEs:

• CVE-2017-5753
• CVE-2017-5715
• CVE-2017-5754

Link to Security bulletin advisory:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Additional Information

How to scan for specific patches: How To: Include or Exclude Specific Patches in Scan Results

How to deploy these patches:  How To: Deploy Windows Security OOB updates released January 3, 2018

How to add the registry using Security Tool IVA18-002 Q4072699: Security Tool: Implement the QualityCompat registry key that enables Windows security updates released on January 3, 2018

Affected Products

Ivanti Patch for Windows Servers 9.3.x

Shavlik Protect 9.2.x