Microsoft Windows Security Updates May 2019 overview – Ghacks Technology News

Microsoft Windows Security Updates May 2019 overview  Ghacks Technology News

Microsoft released security updates for Windows and other products on May 14, 2019. Our overview provides you with information and links.

Welcome to the Microsoft Patch Day overview for May 2019. Microsoft released security updates and non-security updates for all supported versions of the Windows operating system — client and server — and other Microsoft products such as Microsoft Office on May 14, 2019.

Our overview provides you with information and resource links; we cover all major update releases for all Microsoft platforms, provide an overview of critical updates (which you may want to address quickly), operating system distribution statistics, and download instructions.

Microsoft plans to release the May 2019 Update for Windows 10 at the end of the month; check out this guide if you plan to update to the new feature update for Windows 10. If you take the disastrous Windows 10 version 1809 release into account, it is probably better to wait several months before you  consider installing the update on production machines.

Buy Kratom Extracts

Left Coast Kratom is here to help you experience the freshest highest quality kratom powders and extracts at competitive prices.

Note that there are some upgrade blocks in place currently that prevent the installation of the new update.

Microsoft Windows Security Updates May 2019

Download the following Excel spreadsheet (zipped) that lists the released security updates and information: security-updates-windows-microsoft-may-2019.zip

Executive Summary

  • Microsoft released security updates for all supported versions of Windows.
  • All versions of Windows are affected by CVE-2019-0903,  a GDI+ Remote Code Execution Vulnerability critical vulnerability.
  • Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708 , Remote Desktop Services Remote Code Execution Vulnerability
  • Microsoft released a security update for Windows XP (KB4500331)
  • All server versions affected by CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability.
  • Server 2008 R2 only version affected by CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability.
  • Other Microsoft products with security update releases: IE, Edge, Team Foundation Server, SQL Server, Azure, Skype for Android, Office, Visual Studio, Azure DevOps Server, .Net Framework and Core, ASP.NET Core, ChakraCore, NuGet.
  • The Update Catalog lists 243 updates.

Operating System Distribution

  • Windows 7: 23 vulnerabilities of which 2 are rated critical and 21 are rated important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
    • CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
  • Windows 8.1: 23 vulnerabilities of which 1 is rated critical and 22 are rated important
  • Windows 10 version 1703:  28 vulnerabilities of which 1 is critical and 27 are important
  • Windows 10 version 1709: 29 vulnerabilities of which 1 is critical and 28 are important
  • Windows 10 version 1803: 29 vulnerabilities of which 1 is critical and 28 are important
  • Windows 10 version 1809: 29 vulnerabilities of which 1 is critical and 28 are important

Windows Server products

  • Windows Server 2008 R2: 24 vulnerabilities of which 3 are critical and 21 are important.
    • CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
    • CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 24 vulnerabilities of which 2 are critical and 22 are important.
  • Windows Server 2016: 28 vulnerabilities of which 2 are critical and 26 are important
  • Windows Server 2019: 30 vulnerabilities of which 2 are critical and 28 are important.

Other Microsoft Products

  • Internet Explorer 11: 8 vulnerability, 5 critical, 4 important
  • Microsoft Edge: 14 vulnerabilities, 11 critical, 3 important
    • CVE-2019-0915 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0916 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0917 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0922 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0924 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0925 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0926 | Microsoft Edge Memory Corruption Vulnerability
    • CVE-2019-0927 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0933 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0937 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-0940 | Microsoft Browser Memory Corruption Vulnerability

Windows Security Updates

Windows 7 Service Pack 1

KB4499175 — Security-only update

  • Protections against a new subclass of speculative execution side-channel vulnerabilities (Microarchitectural Data Sampling)
  • Addresses an issue that may prevent applications that rely on unconstrained delegation from authenticating after the Kerberos ticket-granting ticket (TGT) expires (the default is 10 hours).
  • Security updates

KB4499164 — Monthly Rollup

  • Same as security-only update, and
  • Fixed Excel display issue.
  • Fixed Microsoft Visual Studio Simulator startup issue.

Windows 8.1

KB4499165 — Security-only Update

  • Protections against a new subclass of speculative execution side-channel vulnerabilities (Microarchitectural Data Sampling)
  • Security updates

KB4499151 — Monthly Rollup

  • Same as Security-only update, and
  • Fixed “Error 1309” issue with msi and msp files.
  • Fixed Microsoft Visual Studio Simulator startup issue.
  • Added uk.gov into HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
  • Fixed display issue in Excel.

Windows 10 version 1703

KB4499181

  • Same as Windows 10 version 1809 with the exception of Retpoline, Simple Network Management Protocol Management Information Base registration, and the zone transfer issue.

Windows 10 version 1709

KB4499179

  • Same as Windows 10 version 1809 with the exception of Retpoline and Simple Network Management Protocol Management Information Base registration

Windows 10 version 1803

KB4499167

  • Same as Windows 10 version 1809 with the exception of Retpoline and Simple Network Management Protocol Management Information Base registration

Windows 10 version 1809

KB4494441

  • Retpoline is enabled by default if protections against Spectre Variant 2 are enabled.
  • Protections against a new subclass of speculative execution side-channel vulnerabilities (Microarchitectural Data Sampling)
  • uk.gov added into the HTTP Strict Transport Security Top Level Domains for IE and Edge.
  • Fixed the cause of Error 1309 when installing or removing certain msi or msp files on a virtual drive.
  • Fixed an issue that prevented Microsoft Visual Studio Simulator from starting.
  • Fixed an issue that could cause zone transfers between primary and secondary DNS servers over TCP to fail.
  • Fixed an issue that could cause Simple Network Management Protocol Management Information Base registration to fail.
  • Fixed a font issue in Microsoft Excel that could make text, layout, or cell sizes narrower or wider.
  • Security updates.

Other security updates

KB4498206 — Cumulative security update for Internet Explorer: May 14, 2019

KB4474419 — SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: March 12, 2019

KB4495582 — 2019-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4495584 — 2019-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4495585 — 2019-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4495586 — 2019-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4495587 — 2019-05 Security Only Update for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4495588 — 2019-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4495589 — 2019-05 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2

KB4495591 — 2019-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4495592 — 2019-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2

KB4495593 — 2019-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4495594 — 2019-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4495596 — 2019-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4495602 — 2019-05 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012

KB4495604 — 2019-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008

KB4495606 — 2019-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4495607 — 2019-05 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012

KB4495608 — 2019-05 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2

KB4495609 — 2019-05 Security Only Update for .NET Framework 2.0 on Windows Server 2008

KB4495612 — 2019-05 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4495615 — 2019-05 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2

KB4495622 — 2019-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4495623 — 2019-05 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4495624 — 2019-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4495625 — 2019-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4495626 — 2019-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4495627 — 2019-05 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4497932 — Adobe Flash Player Security Update

KB4498961 — 2019-05 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4498962 — 2019-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4498963 — 2019-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4498964 — 2019-05 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4499149 — 2019-05 Security Monthly Quality Rollup for Windows Server 2008

KB4499158 — 2019-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4499171 — 2019-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4499180 — 2019-05 Security Only Quality Update for Windows Server 2008

KB4499406 — 2019-05 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4499407 — 2019-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4499408 — 2019-05 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4499409 — 2019-05 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4500331 — Security Update for Windows Server 2003, Windows XP Embedded, and Windows XP

KB4494440 — 2019-05 Cumulative Update for Windows 10 Version 1607

KB4495590 — Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10

KB4495610 — 2019-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607, and Windows Server 2016

KB4495611 — 2019-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4495613 — 2019-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

KB4495616 — 2019-05 Cumulative Update for .NET Framework 4.8 on Windows 10 Version 1803, and Windows Server 2016

KB4495618 — 2019-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809

KB4495620 — 2019-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 version 1903, and Windows Server 1903

KB4497398 — 2019-05 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016

KB4498353 — 2019-05 Servicing Stack Update for Windows 10

KB4498947 — 2019-05 Servicing Stack Update for Windows 10 Version 1607, and Windows Server 2016

KB4499154 — 2019-05 Cumulative Update for Windows 10

KB4499167 — 2019-05 Dynamic Cumulative Update for Windows 10 Version 1809, and Windows Server 2016

KB4499405 — 2019-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809, and Windows Server 2019

KB4499728 — 2019-05 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019

KB4500109 — 2019-05 Servicing Stack Update for Windows 10 Version 1903

KB4500640 — 2019-05 Servicing Stack Update for Windows 10 Version 1703

KB4500641 — 2019-05 Servicing Stack Update for Windows 10 Version 1709

Known Issues

See the linked KB articles for workarounds and additional information.

Windows 8.1 and Serve 2012 R2

  • First two issues of Windows 10 version 1809.
  • Monthly Rollup additionally: issue with Mcafee Endpoint Security software.

Windows 10 version 1703

  • Second issue of Windows 10 version 1809 only.

Windows 10 version 1709

  • Second issue of Windows 10 version 1809 only.

Windows 10 version 1803

  • First two issues of Windows 10 version 1809.

Windows 10 version 1809

  • Issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. Workaround available.
  • Error STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5) when performing certain operations on files or files that are on a Cluster Shared Volume. Workaround available.
  • Printing issue with error “Your printer has experienced an unexpected configuration problem. 0x80070007e” in Edge and UWP apps. Workaround available.
  • Error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND” after installing KB4493509 with certain Asian language packs installed. Workaround available.

Security advisories and updates

ADV190012 | May 2019 Adobe Flash Security Update

ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities

ADV190014 | Listed but error page

Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Windows Server guidance to protect against speculative execution side-channel vulnerabilities

Non-security related updates

KB4494174 — 2019-05 Update for Windows 10 Version 1809 (Intel microcode updates)

KB4494175 –2019-05 Update for Windows 10 Version 1607 (Intel microcode updates)

KB4494451 — 2019-05 Update for Windows 10 Version 1803 (Intel microcode updates)

KB4494452 — 2019-05 Update for Windows 10 Version 1709 (Intel microcode updates)

KB4494453 — 2019-05 Update for Windows 10 Version 1703 (Intel microcode updates)

KB4494454 — 2019-05 Update for Windows 10 Version 1507 (Intel microcode updates)

KB4497165 — 2019-05 Update for Windows 10 Version 1903 (Intel microcode updates)

KB4498946 — 2019-05 Dynamic Update for Windows 10 Version 1709 (Intel microcode updates)

KB890830 — Windows Malicious Software Removal Tool – May 2019

Microsoft Office Updates

You find Office update information here.

How to download and install the May 2019 security updates

Home users may use Windows Update to download and install the updates, or install updates manually by downloading them directly from Microsoft.

It is not recommended to select the “check for updates” option manually on Windows PCs as you may install preview updates or feature updates when you use the option.

If you still want to do so, make sure you create a backup of important data — better the entire system partition — before you install updates.

  1. Open the Start Menu.
  2. Type Windows Update.
  3. Click on the “check for updates” button to run a manual check.

Third-party tools like Windows Update Manager, Windows Update MiniTool or Sledgehammer may be useful as well as you get more control over the update processes.

Direct update downloads

Most Windows devices are updated automatically either through Windows Update or other update management systems. Some users and organizations prefer to install updates manually. All cumulative updates can be downloaded from the Microsoft Update Catalog website. Below are links to all cumulative updates.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4499164 — 2019-05 Security Monthly Quality Rollup for Windows 7
  • KB4499175 — 2019-05 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4499151 — 2019-05 Security Monthly Quality Rollup for Windows 8.1
  • KB4499165 — 2019-05 Security Only Quality Update for Windows 8.1

Windows 10 (version 1703)

  • KB4499181 — 2019-05 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4499179 — 2019-05 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  • KB4499167 — 2019-05 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  • KB4494441 — 2019-05 Cumulative Update for Windows 10 Version 1809

Additional resources

Summary

Article Name

Microsoft Windows Security Updates May 2019 overview

Description

Microsoft released security updates for Windows and other products on May 14, 2019. Our overview provides you with information and links.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Advertisement