Microsoft Windows Updates, May 14, 2019

This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical. As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

IMPORTANT: Due to the severity of CVE-2019-0708, and the high likelihood of exploitation, Symantec recommends that customers apply patches immediately. If immediate patching is not possible, customers should take the following steps:

  • Disable Remote Desktop Services if not required
  • Block TCP port 3389 at the firewall
  • Enable Network Level Protection

Symantec is actively investigating protection options for CVE-2019-0708.

Microsoft’s summary of the May 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month’s update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft .NET
  • Microsoft Windows
  • Microsoft Remote Desktop Services
  • Graphics Device Interface (GDI)
  • Jet Database Engine
  • Team Foundation Server
  • Skype for Android
  • Azure
  • NuGet

Windows Server 2019

KB4494441
Release Date:May 14, 2019
Version:OS Build 17763.503

This update includes quality improvements.  Key changes include:

  • Enables “Retpoline” by default if Spectre Variant 2 (CVE-2017-5715) is enabled. Make sure previous OS protections against the Spectre Variant 2 vulnerability are enabled using the registry settings described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions). For more information about “Retpoline”, see Mitigating Spectre variant 2 with Retpoline on Windows.
  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126CVE-2018-12127CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).
  • Adds “uk.gov” into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
  • Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
  • Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
  • Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.
  • Addresses an issue that causes Simple Network Management Protocol (SNMP) Management Information Base registration to fail when the Windows Management Instrumentation (WMI) provider uses the Windows tool SMI2SMIR.exe.
  • Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts. 
  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Graphics, Windows Storage and Filesystems, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server .

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

2019-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4494441)


windows10.0-kb4494441-x64_8910e3c3ee2743e9ff1241557a5c447ef853f495.msu

Windows Server 2016

KB4494440
Release Date:May 14, 2019
Version:OS Build 14393.2969

This update includes quality improvements. Key changes include:

  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126CVE-2018-12127CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).
  • Adds “uk.gov” into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
  • Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
  • Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
  • Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.
  • Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts. 
  • Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Wireless Networking, Windows Datacenter Networking, Windows Server, Windows Virtualization, Windows Kernel, and the Microsoft JET Database Engine.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

2019-05 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4494440)


windows10.0-kb4494440-x64_390f926659a23a56cc9cbb331e5940e132ad257d.msu

Windows Server 2012 R2

KB4499151
Release Date:May 14, 2019
Version:Monthly Rollup

This security update includes improvements and fixes that were a part of update KB4493443(released April 25, 2019) and addresses the following issues:

  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126CVE-2018-12127CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).
  • Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
  • Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
  • Adds “uk.gov” into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
  • Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts. 
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.

2019-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4499151)


windows8.1-kb4499151-x64_254432cdd26527f8661cfd58c6f5edec00cdd93f.msu

Window Server 2012

KB4499171
Release Date:May 14, 2019
Version:Monthly Rollup

This security update includes improvements and fixes that were a part of update KB4493462 (released April 25, 2019) and addresses the following issues:

  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126CVE-2018-12127CVE-2018-12130). Use the registry settings as described in the Windows Server article(These registry settings are disabled by default for Windows Server OS editions).
  • Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
  • Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
  • Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts. 
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.

2019-05 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4499171)


windows8-rt-kb4499171-x64_8d17362bd52ce2740a8851baca661ec5835b7906.msu

Windows Server 2008 R2 SP1

KB4499164
Release Date:May 14, 2019
Version:Monthly Rollup

This security update includes improvements and fixes that were a part of update KB4493453(released April 25, 2019) and addresses the following issues:

  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126CVE-2018-12127CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).
  • Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
  • Addresses an issue that may prevent applications that rely on unconstrained delegation from authenticating after the Kerberos ticket-granting ticket (TGT) expires (the default is 10 hours).
  • Adds “gov.uk” to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer. 
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Wireless Networking, Windows Kernel, Windows Server, and the Microsoft JET Database.

2019-05 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4499164)


windows6.1-kb4499164-x64_21696444837b433df698a5bc73b0cc23df17bd58.msu

2019-05 Security Monthly Quality Rollup for Windows Server 2008 R2 for Itanium-based Systems (KB4499164)


windows6.1-kb4499164-ia64_2ff21ab54624e9e86895377cd986b52652f77817.msu

Windows Server 2008 SP2

KB4499149
Release Date:May 14, 2019
Version:Monthly Rollup

This security update includes improvements and fixes that were a part of update KB4493460(released April 25, 2019) and addresses the following issues:

  • Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
  • Addresses an issue that may prevent applications that rely on unconstrained delegation from authenticating after the Kerberos ticket-granting ticket (TGT) expires (the default is 10 hours).
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Kernel, Windows Server, and the Microsoft JET Database Engine.

2019-05 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4499149)


pcicompatforserialnumber_fe84288261f546c0f8b05b310f4ed2357185278d.exewindows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu

2019-05 Security Monthly Quality Rollup for Windows Server 2008 for Itanium-based Systems (KB4499149)


pcicompatforserialnumber_ad76058639e24bb383c9d12e734dc97fb6bcb383.exewindows6.0-kb4499149-ia64_a332dee7004c9a48a2fa69af9ff2498eb2086823.msu

2019-05 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB4499149)


pcicompatforserialnumber_c0e97b9d5710596760aa310796ceb3df264785d9.exewindows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu

Further Reading

Microsoft Security Update Guide May 2019

Microsoft Windows Updates, March 12, 2019

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *