The May security updates have been released and consist of 79 CVEs along with two advisories. Of these 79 CVEs, 22 are rated Critical and 57 are rated Important in severity. Two of these bugs are listed as publicly known and one is listed as under active attack at the time of release.
The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service, Spoofing, and Security Feature Bypass and apply to the following: The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.
Edit Note: Due to the severity of CVE-2019-0708, Microsoft also released KB 4500331 for versions of Windows that no longer receive mainstream support: Windows XP SP3 x86, Windows XP Professional X64 SP2, Windows XP Embedded SP3 x86 as well as Windows Server 2003.
Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows 10:
- Windows 10, Version 1809: KB4494441 (OS Build 17763.503). Prerequisite: The servicing stack update (SSU) (KB4499728) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.
- Windows 10, Version 1803: KB4499167 (OS Build 17134.765)
See Dustin Childs review and analysis in Zero Day Initiative — The May 2019 Security Update Review.
For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary. Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.
Additional Update Notes:
- Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
- MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. Note: Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a /N parameter [for "detect only" mode].
- Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- Windows 8.1 Update History
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- Windows 7 SP1 Update Histolry
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Hello,
ReplyDeleteI had the same issue with the previous cumulative update as I am with the current W10 updates 5/14. I think I resolved the prior update by installing the Service Stack Update from the MS Update Catalog, however the 5/14 installer will not work. (KB4499728)
I found this to be an issue while searching Google and tried a couple of "solutions" but none helped.
Do you have any suggestions for resolving the 5/14 Cumulative Update to install failure? (KB4494441) All other 5/14 installs worked.
May 14, 2019—KB4494441 (OS Build 17763.503)
Thanks,
MAF
Have you tried the Windows Update Troubleshooter? If that doesn't help, the best resource for Windows Update issues is one of the forums I belong to -- Sysnative. The instructions are here: Windows Update Forum Posting Instructions.
ReplyDeleteI've tried the sfc/ scannow, W10 troubleshooter, clearing out the softwaredistribution-download, and individual update catalog. I also tried the DISM repair image but it failed at about 45 percent.
ReplyDeleteThanks for the link, i'll try it next.
MAF
Hello,
ReplyDeleteThe SFC /scannow continues to find errors but fails to fix anything despite the number of restarts and repeats.
The DISM/restoreheatlh once again fails at 44.6 saying "access denied."
The SFCFix fails to access update files (step one) referring to internet off line or software servers not available, but soon after continues its process. However I believe it was step five or six it when it crashes stating something horrible has gone wrong.
It seems there are others posting on web about this issue so in time MS will find a fix in one of its future updates.
Thanks again,
MAF
On another note,
ReplyDeleteThe latest MS updates (desktop and laptop) have corrupted the "Dark Theme" option as it did last year's big October update.
Instead of whole page being dark just the inner box is dark.
File explore
Device manage
etc...
Since not of the fixes you tried worked, I suggest you register at Sysnative and provide the CBS log. The forum is very busy but the help is excellent.
ReplyDelete