Microsoft May 2019 Security Updates

Discussion in 'update alerts' started by NICK ADSL UK, May 14, 2019.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,303
    Location:
    UK
    Microsoft May 2019 Security Updates

    Release Notes
    May 2019 Security Updates
    Release Date: May 14, 2019



    The May security release consists of security updates for the following software:




      • Adobe Flash Player
      • Microsoft Windows
      • Internet Explorer
      • Microsoft Edge
      • Microsoft Office and Microsoft Office Services and Web Apps
      • Team Foundation Server
      • Visual Studio
      • Azure DevOps Server
      • SQL Server
      • .NET Framework
      • .NET Core
      • ASP.NET Core
      • ChakraCore
      • Online Services
      • Azure
      • NuGet
      • Skype for Android
    Please note the following information regarding the security updates:




      • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
      • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
      • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
      • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
      • Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is only present in only the IE Cumulative package 4498206.
    The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.


    Known Issues

    KB Article Applies To
    4493730 Windows Server 2008 Service Pack 2 (Servicing Stack Update)
    4494440 Windows 10, version 1607, Windows Server 2016
    4494441 Windows 10, version 1809, Windows Server 2019
    4497936 Windows 10, version 1903
    4498206 Internet Explorer Cumulative Update
    4499151 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4499154 Windows 10
    4499158 Windows Server 2012 (Security-only update)
    4499164 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
    4499165 Windows 8.1 Windows Server 2012 R2 (Security-only update)
    4499167 Windows 10, version 1803
    4499171 Windows Server 2012 (Monthly Rollup)
    4499179 Windows 10, version 1709
    4499180 Windows Server 2008 Service Pack 2 (Security-only update)
    4499181 Windows 10, version 1703


    https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
     
    Last edited: May 14, 2019
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,303
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: May 14, 2019
    **************************************************************************************

    Security Advisories Released or Updated on May 14, 2019
    ======================================================================================

    * Microsoft Security Advisory ADV990001

    - ADV990001 | Latest Servicing Stack Updates
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
    - Reason for Revision: A Servicing Stack Update has been released for Windows 10
    version 1507, Windows 10 version 1607, Windows Server 2016, Windows 10 version
    1703, Windows 10 version 1709, Windows Server, version 1709, Windows 10 version
    1803, Windows Server, version 1803, Windows 10 version 1809, Windows Server 2019,
    Windows 10 version 1809 and Windows Server, version 1809. See the FAQ section for
    more information.
    - Originally posted: November 13, 2018
    - Updated: May 14, 2019
    - Version: 8.0

    * Microsoft Security Advisory ADV190012

    - ADV190012 | May 2019 Adobe Flash Security Update
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190012
    - Reason for Revision: Information published.
    - Originally posted: May 14, 2019
    - Updated: N/A
    - Version: 1.0

    * Microsoft Security Advisory ADV190013

    - ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling
    vulnerabilities
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190013
    - Reason for Revision: Information published.
    - Originally posted: May 14, 2018
    - Updated: N/A
    - Version: 1.0

    * Microsoft Security Advisory ADV190006

    - ADV190006 | Guidance to mitigate unconstrained delegation vulnerabilities
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190006
    - Reason for Revision: On May 14, 2019, Microsoft released security updates to
    introduce a new trust flag to add a new safe default configuration for
    CVE-2018-0683, the CVE that addresses the issue described in this vulnerability.
    For more information please see https://support.microsoft.com/en-us/help/4490425/
    updates-to-tgt-delegation-across-incoming-trusts-in-windows-server.
    See CVE-2019-0863 for links to download the updates.
    - Originally posted: February 12, 2019
    - Updated: May 14, 2019
    - Version: 1.3

    * Microsoft Security Advisory ADV190009

    - ADV190009 | SHA-2 Code Sign Support Advisory
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190009
    - Reason for Revision: Microsoft is announcing the availability of the support
    SHA-2 code sign support for Windows Server 2008 Service Pack 2.
    - Originally posted: March 12, 2019
    - Updated: May 14, 2019
    - Version: 2.0
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,303
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: May 14, 2019
    **************************************************************************************

    Summary
    =======

    The following CVE has undergone a major revision increment:

    * CVE-2019-0683


    Revision Information:
    =====================

    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0683
    - Version: 2.0
    - Reason for Revision: On May 14, 2019, Microsoft released security updates for all
    versions of Microsoft Windows to introduce a new trust flag to add a new safe default
    configuration for CVE-2018-0683, the CVE that addresses the issue described in
    ADV190006. For more information please see https://support.microsoft.com/en-us/
    help/4490425/updates-to-tgt-delegation-across-incoming-trusts-in-windows-server.
    - Originally posted: March 12, 2019
    - Updated: May 14, 2019
    - Aggregate CVE Severity Rating: Important
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,303
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: May 21, 2019
    **************************************************************************************

    Summary
    =======

    The following CVEs have undergone a major revision increment:

    * CVE-2019-0733
    * CVE-2019-0820
    * CVE-2019-0980
    * CVE-2019-0981


    Revision Information:
    =====================

    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0733
    - Version: 2.0
    - Reason for Revision: Revised the Security Updates table to include PowerShell Core
    6.1 and 6.2 because they are affected by CVE-2019-0733. See
    https://github.com/PowerShell/Announcements/issues/18 for more information.
    - Originally posted: May 14, 2019
    - Updated: May 21, 2019
    - Aggregate CVE Severity Rating: Important

    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0820
    - Version: 2.0
    - Reason for Revision: Revised the Security Updates table to include PowerShell Core
    6.1 and 6.2 because they are affected by CVE-2019-0820. See
    https://github.com/PowerShell/Announcements/issues/15 for more information.
    - Originally posted: May 14, 2019
    - Updated: May 21, 2019
    - Aggregate CVE Severity Rating: Important

    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0980
    - Version: 2.0
    - Reason for Revision: Revised the Security Updates table to include PowerShell Core
    6.1 and 6.2 because they are affected by CVE-2019-0980. See
    https://github.com/PowerShell/Announcements/issues/16 for more information.
    - Originally posted: May 14, 2019
    - Updated: May 21, 2019
    - Aggregate CVE Severity Rating: Important

    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0981
    - Version: 2.0
    - Reason for Revision: Revised the Security Updates table to include PowerShell Core
    6.1 and 6.2 because they are affected by CVE-2019-0981. See
    https://github.com/PowerShell/Announcements/issues/17 for more information.
    - Originally posted: May 14, 2019
    - Updated: May 21, 2019
    - Aggregate CVE Severity Rating: Important
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.