Its has been an eventful month security-wise for Windows 10, with Microsoft releasing a number of out of band updates for the operating system over the last few weeks.

Patch Tuesday has however eventually arrived, which should deliver a roll-up of all the relevant fixes which Microsoft will be pushing out automatically. Find the changelog for all the supported versions of Windows 10 below:

For those on Windows 10 May 2019 Update (1903), Microsoft is pushing out  KB4517289, taking the OS to build 18362.418.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Here’s the full list of fixes:

  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.

There are no known issues with this update.

You can manually download it here.

For those on Windows 10 October 2018 Update (1809), Microsoft is pushing out KB4519338, taking the OS to build 17763.806.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.

Here’s the full list of fixes:

  • Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly.
  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Windows Shell, Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Kernel, and Windows Server.

It has the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_ IMPERSONATION_ LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_ MATCHING_COMPONENT_ NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

We are working on a resolution and will provide an update in an upcoming release.

After installing this update, Windows Mixed Reality Portal users may intermittently receive a “15-5” error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.To mitigate the issue, use the following steps:

  1. Close the Windows Mixed Reality Portal, if it is running.
  2. Open Task Manager by selecting the Start button and typing “task manager”.
  3. In Task Manager, under the Processes tab, right-click Windows Explorer and select Restart.
  4. Open the Windows Mixed Reality Portal.

We are working on a resolution and will provide an update in an upcoming release.

You can manually download it here,

For those on Windows 10 April 2018 Update (1803), Microsoft is pushing out KB4520008, taking the OS to build 17134.1069.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Here’s the full list of fixes:

  • Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly.
  • Addresses an issue with the Bluetooth hardening updates, released August 13, 2019, that may cause a “0x133 DPC_WATCHDOG_VIOLATION” error.
  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking , Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.

It has the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_ BAD_IMPERSONATION_ LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

We are working on a resolution and will provide an update in an upcoming release.

After installing this update, Windows Mixed Reality Portal users may intermittently receive a “15-5” error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.To mitigate the issue, use the following steps:

  1. Close the Windows Mixed Reality Portal, if it is running.
  2. Open Task Manager by selecting the Start button and typing “task manager”.
  3. In Task Manager, under the Processes tab, right-click Windows Explorer and select Restart.
  4. Open the Windows Mixed Reality Portal.

We are working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

For those on Windows 10 Fall Creators Update (1709), Microsoft is pushing out KB4520004, taking the OS to build 16299.1451.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Here’s the full list of fixes:

  • Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly.
  • Addresses an issue with the Bluetooth hardening updates, released August 13, 2019, that may cause a “0x133 DPC_WATCHDOG_VIOLATION” error.
  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking , Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.

It has the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_ IMPERSONATION_ LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

Those on the Windows 10 Creators Update (1703), Microsoft is pushing out  KB4520010, taking the OS to build 15063.2108.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Here’s the full list of fixes:

  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Microsoft Edge, Internet Explorer, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Microsoft JET Database Engine, Windows Kernel, Microsoft Scripting Engine, and Windows Server .

It has the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_ BAD_IMPERSONATION_ LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

For those on Windows 10 Anniversary Update (1607), Microsoft is pushing out  KB4519998, taking the OS to build 14393.3274.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Here’s the full list of fixes:

  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Microsoft Edge, Internet Explorer, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Microsoft JET Database Engine, Windows Kernel, Microsoft Scripting Engine, and Windows Server .

It has the following known issues:

SymptomWorkaround
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS _BAD_IMPERSONATION _LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

For those on Windows 10 (1507) Microsoft is pushing out  KB4520011, taking the OS to build 10240.18368.

It has the following highlights:

  • Updates to improve security when using Internet Explorer and Microsoft Edge.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Here’s the full list of fixes:

  • Addresses an issue that prevents netdom.exe from displaying the new ticket-granting ticket (TGT) delegation bit for the display or query mode.
  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client article. (These registry settings are enabled by default for Windows Client OS editions.)
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Windows Cryptography, Windows Authentication, Windows Storage and Filesystems, Windows Kernel, and Windows Server.

It has the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_ BAD_IMPERSONATION _LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

Via Neowin

Comments