Windows 10: Microsoft Windows Security Updates August 2019 overview

Today is the August 2019 Patch Day over at Microsoft. The company released security and non-security updates for all supported versions of Microsoft Windows and other company products today.

We publish detailed information for system administrators, organizations, and interested home users on each Microsoft Patch Day. These cover links information and links to patches, the list of known issues, links to resource pages, and other relevant information to make educated updating decisions.

You can check out the July 2019 Update overview if you missed it.

Microsoft Windows Security Updates August 2019


The following Excel spreadsheet lists updates that Microsoft released for its products in August 2019. You can download it with a click on the following link: Microsoft Windows Security Updates August 2019 List

Executive Summary

• Microsoft released security updates for all client and server versions of Microsoft Windows. All systems are affected by multiple critical security vulnerabilities.
• Microsoft released updates for other products including Internet Explorer, Microsoft Edge, Visual Studio, Active Directory, Microsoft Office, and Microsoft Dynamics.
• Microsoft fixed the MIT Kerberos known issue for affected versions of Windows.
• The Microsoft Update Catalog lists 90 entries.

Operating System Distribution

• Windows 7: 39 vulnerabilities: 11 rated critical and 28 rated important
  • CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability
  • CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerabilit
  • CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
• Windows 8.1: 39 vulnerabilities: 11 rated critical and 28 rated important
  • same as Windows 7
• Windows 10 version 1709: 53 vulnerabilities: 13 critical and 40 important
  • CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability
  • CVE-2019-0965 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
  • CVE-2019-1188 | LNK Remote Code Execution Vulnerability
• Windows 10 version 1803: 61 vulnerabilities: 15 critical and 46 important
  • Same as Windows 10 version 1709 plus..
  • CVE-2019-1222 | Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2019-1226 | Remote Desktop Services Remote Code Execution Vulnerability
• Windows 10 version 1809: 64 vulnerabilities: 14 critical and 50 important
  • Same as Windows 10 version 1803 except CVE-2019-0736
• Windows 10 version 1903: 64 vulnerabilities: 13 critical and 51 important.
  • Same as Windows 10 version 1803 except CVE-2019-0720 and CVE-2019-0736

Windows Server products

• Windows Server 2008 R2: 39 vulnerabilities: 11 critical and 28 important.
  • CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability
  • CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerabilit
  • CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
• Windows Server 2012 R2: 40 vulnerabilities: 11 critical and 29 important.
  • Same as Windows Server 2008 R2.
• Windows Server 2016: 50 vulnerabilities: 11 critical and 39 important
  • Same as Windows Server 2008 R2.
• Windows Server 2019: 65 vulnerabilities: 14 critical and 51 are important.
  • Same as Windows Server 2008 R2 plus
  • CVE-2019-1212 | Windows DHCP Server Denial of Service Vulnerability
  • CVE-2019-1226 | Remote Desktop Services Remote Code Execution Vulnerability

Other Microsoft Products

• Internet Explorer 11: 4 vulnerabilities: 2 critical, 2 important
  • CVE-2019-1133 | Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1194 | Scripting Engine Memory Corruption Vulnerability
• Microsoft Edge: 9 vulnerabilities: 7 critical, 2 important
  • CVE-2019-1131 | Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1139 | Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1140 | Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1141 | Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1195 | Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1196 | Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1197 | Chakra Scripting Engine Memory Corruption Vulnerability

Windows Security Updates


Windows 7 SP1 and Windows Server 2008 R2 SP1

KB4512506 -- Monthly Rollup

KB4512486 -- Security-only update

• Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, Microsoft Scripting Engine, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, and Windows Server.

Windows 8.1 and Windows Server 2012 R2

KB4512488 -- Monthly Rollup

KB4512489 -- Security-only update

• Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Microsoft Scripting Engine, Windows MSXML, Internet Explorer, and Windows Server.

Windows 10 version 1709

KB4512516 -- Cumulative Update

• Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
• Security updates to Windows Wireless Networking, Windows Storage and Filesystems, Windows App Platform and Frameworks, Microsoft Scripting Engine, Microsoft Edge, Windows Server, Windows MSXML, the Microsoft JET Database Engine, Windows Datacenter Networking, Windows Virtualization, Windows Cryptography, Windows Input and Composition, and Internet Explorer.

Windows 10 version 1803

KB4512501 -- Cumulative Update

• Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
• Security updates to Windows Wireless Networking, Windows Storage and Filesystems, Windows App Platform and Frameworks, Windows Datacenter Networking, Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, Windows Server, Microsoft Scripting Engine, Windows Cryptography, Windows Server, Windows Virtualization, Microsoft Edge, and Windows Shell.

Windows 10 version 1809 and Windows Server 1809

KB4511553 -- Cumulative Update

• Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
• Fixed an issue with an Windows Server Update Services console user interface exception that occurred when expanding the Computers directory.
• Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Scripting Engine, Internet Explorer, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Datacenter Networking, the Microsoft JET Database Engine, Windows Server, Windows Kernel, Windows MSXML, and Microsoft Edge.

Windows 10 version 1903 and Windows Server 1903

KB4512508 -- Cumulative Update

• Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
• Security updates to Windows App Platform and Frameworks, Windows Storage and Filesystems, Microsoft Scripting Engine, Windows Input and Composition, Windows Wireless Networking, Windows Cryptography, Windows Datacenter Networking, Windows Virtualization, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Linux, Windows Kernel, Windows Server, Windows MSXML, Internet Explorer, and Microsoft Edge.

Other security updates

KB4511872 -- Cumulative security update for Internet Explorer: August 13, 2019

Known Issues


Windows 7 and Server 2008 R2

• Devices that use Preboot Execution Environment may fail to start.
• IA64 devices may fail to start. Solution: install KB4474419 .
• Systems with Symantec or Norton software installed may block or delete Windows updates which causes Windows to stop working or fail to start. Upgrade block is in place. Symantec support article for the issue.

Windows 8.1 and Server 2012 R2

• Certain operations on Cluster Shared Volumes fail.
• Devices that use Preboot Execution Environment may fail to start.

Windows 10 version 1709

• Same as Windows 8.1 and Server 2012 R2

Windows 10 version 1803

• Same as Windows 8.1 and Server 2012 R2, plus..
• Black screen on first startup after installing updates.

Windows 10 version 1809 and Server 1809

• Same as Windows 1803, plus..
• Issue on systems with Asian language packs installed.
• Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

Windows 10 version 1903 and Server 1903

• Windows Sandbox may fail to start.
• Devices that use Preboot Execution Environment may fail to start.

Security advisories and updates


ADV190014 | Microsoft Live Accounts Elevation of Privilege Vulnerability

Non-security related updates


KB4505903 -- Windows 10 version 1903 and Windows Server version 1903

KB4505658 -- Windows 10 version 1809 and Windows Server 1809

KB4507466 -- Windows 10 version 1803

KB4507465 -- Windows 10 version 1709

KB4507467 -- Windows 10 version 1703

Microsoft Office Updates


You find Office update information here.

How to download and install the August 2019 security updates




Home computer systems running Windows are configured to download and install updates automatically. It is recommended to wait with the installation of updates or create backups of the system before updates are installed; updates may introduce issues of their own on systems including major issues that may prevent PCs from booting into Windows.

You may run manual checks for updates to speed up the installation of the new updates

1. Tap on the Windows-key, type Windows Update, and select the result.
2. A click on "check for updates" runs a manual check. Updates may be installed automatically or on user request depending on system settings.

Another option that you have is to download the updates manually from the Microsoft Update Catalog website.

Direct update downloads


Windows 7 SP1 and Windows Server 2008 R2 SP

• KB4512506 -- 2019-08 Security Monthly Quality Rollup for Windows 7
• KB4512486 -- 2019-08 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB4512488 -- 2019-08 Security Monthly Quality Rollup for Windows 8.1
• KB4512489 -- 2019-08 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

• KB4512501 -- 2019-08 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

• KB4511553 -- 2019-08 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

• KB4512508 -- 2019-08 Cumulative Update for Windows 10 Version 1903

Additional resources

• August 2019 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates August 2019 overview appeared first on gHacks Technology News.

read more...

 

Microsoft February 2019 Security Updates

Release Notes

February 2019 Security Updates

Release Date: February 12, 2019

The February security release consists of security updates for the following software:

Adobe Flash Player

Internet Explorer

Microsoft Edge

Microsoft Windows

Microsoft Office and Microsoft Office Services and Web Apps

ChakraCore

.NET Framework

Microsoft Exchange Server

Microsoft Visual Studio

Azure IoT SDK

Microsoft Dynamics

Team Foundation Server

Visual Studio Code

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.

For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

ADV190003

ADV190007 *

ADV990001

CVE-2019-0540 *

CVE-2019-0600

CVE-2019-0601

CVE-2019-0602

CVE-2019-0615

CVE-2019-0616

CVE-2019-0619

CVE-2019-0621

CVE-2019-0628

CVE-2019-0635

CVE-2019-0636

CVE-2019-0643

CVE-2019-0648

CVE-2019-0658

CVE-2019-0660

CVE-2019-0661

CVE-2019-0664

CVE-2019-0669

CVE-2019-0676

CVE-2019-0686 *

CVE-2019-0724 *

CVE-2019-0741

Known Issues

44****2

{{windowTitle}}

 

microsoft June 2019 Security Updates

Release Notes

June 2019 Security Updates

Release Date: June 11, 2019

The June security release consists of security updates for the following software:

Adobe Flash Player

Microsoft Windows

Internet Explorer

Microsoft Edge

Microsoft Office and Microsoft Office Services and Web Apps

ChakraCore

Skype for Business and Microsoft Lync

Microsoft Exchange Server

Azure

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.

For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

ADV190015

ADV990001

CVE-2019-0904

CVE-2019-0905

CVE-2019-0906

CVE-2019-0907

CVE-2019-0908

CVE-2019-0909

CVE-2019-0948

CVE-2019-0968

CVE-2019-0974

CVE-2019-0977

CVE-2019-0990

CVE-2019-1009

CVE-2019-1010

CVE-2019-1011

CVE-2019-1012

CVE-2019-1013

CVE-2019-1015

CVE-2019-1016

CVE-2019-1023

CVE-2019-1031

CVE-2019-1032

CVE-2019-1033

CVE-2019-1034

CVE-2019-1035

CVE-2019-1036

CVE-2019-1039

CVE-2019-1046

CVE-2019-1047

CVE-2019-1048

CVE-2019-1049

CVE-2019-1050

CVE-2019-1081

Known Issues

KB Article Applies To

4493730 Windows Server 2008 Service Pack 2 Servicing stack update

4503027 Exchange Server 2019, Exchange Server 2016

4503028 Exchange Server 2010 Service Pack 3, Exchange Server 2013

4503263 Windows Server 2012 (Security-only update)

4503267 Windows 10, version 1607, Windows Server 2016

4503276 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

4503279 Windows 10, version 1703

4503284 Windows 10, version 1709

4503285 Windows Server 2012 (Monthly Rollup)

4503286 Windows 10, version 1803

4503290 Windows 8.1 Windows Server 2012 R2 (Security-only update)

4503291 Windows 10

4503292 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)

4503293 Windows 10, version 1903

4503327 Windows 10, version 1809, Windows Server 2019

{{windowTitle}}

 

Microsoft January 2019 Security Updates

Release Notes
January 2019 Security Updates

Release Date: January 08, 2019

The January security release consists of security updates for the following software:

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• .NET Framework
• ASP.NET
• Microsoft Exchange Server
• Microsoft Visual Studio

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in
  
  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the
  
  Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via
  
  Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see
  
  Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

• ADV190001
• CVE-2019-0536
• CVE-2019-0537
• CVE-2019-0545
• CVE-2019-0549
• CVE-2019-0553
• CVE-2019-0554
• CVE-2019-0559
• CVE-2019-0560
• CVE-2019-0561
• CVE-2019-0569
• CVE-2019-0585
• CVE-2019-0588

Known Issues

• 4480961
• 4480973
• 4480978
• 4480966
• 4480970
• 4480116
• 4480962
• 4480963
• 4480975
• 4468742
• 4471389

{{windowTitle}}