Today is Patch Tuesday, the second Tuesday of the month, when Microsoft releases new updates for all supported versions of Windows. For Windows 10, that still means all of them except for version 1511, which hasn't been supported since April 2018. Amazingly, not a single version has dropped from support since then.
That means that there are still seven versions of Windows 10 that are being serviced, even if most of them are only under special circumstances.
If you're on the Windows 10 May 2019 Update, or version 1903, you'll get KB4517289, which brings the build number to 18362.418. You can manually download it here, and these are the highlights:
- Updates to improve security when using Internet Explorer and Microsoft Edge.
- Updates for verifying user names and passwords.
- Updates for storing and managing files.
Here's the full list of fixes:
- Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
- Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
- Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.
There are no known issues with this update.
If you're still on the Windows 10 October 2018 Update, or version 1809, you'll get KB4519338, which brings the build number to 17763.806. You can manually download it here, and these are the highlights:
- Updates to improve security when using Internet Explorer and Microsoft Edge.
- Updates for verifying user names and passwords.
Here's the full list of fixes:
- Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly.
- Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
- Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
- Security updates to Windows Shell, Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Kernel, and Windows Server.
This one has several known issues to be aware of:
| Symptom | Workaround |
|---|---|
| Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
| After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." |
Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
| We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates. |
To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally. We are working on a resolution and will provide an update in an upcoming release. |
| After installing this update, Windows Mixed Reality Portal users may intermittently receive a “15-5” error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action. |
To mitigate the issue, use the following steps:
We are working on a resolution and will provide an update in an upcoming release. |
Next up, if you're still on the Windows 10 April 2018 Update, or version 1803, you'll get KB4520008, which brings the build number to 17134.1069. You can manually download it here, and these are the highlights:
- Updates to improve security when using Internet Explorer and Microsoft Edge.
- Updates for verifying user names and passwords.
- Updates for storing and managing files.
Here's the full list of fixes:
- Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly.
- Addresses an issue with the Bluetooth hardening updates, released August 13, 2019, that may cause a "0x133 DPC_WATCHDOG_VIOLATION" error.
- Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
- Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
- Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking , Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.
This update has three known issues:
| Symptom | Workaround |
|---|---|
| Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
| We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates. |
To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally. We are working on a resolution and will provide an update in an upcoming release. |
| After installing this update, Windows Mixed Reality Portal users may intermittently receive a “15-5” error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action. |
To mitigate the issue, use the following steps:
We are working on a resolution and will provide an update in an upcoming release. |
If you're on the Windows 10 Fall Creators Update, or version 1709, you'll get KB4520004, bringing the build number to 16299.1451. You can manually download it here, and it actually has the same changelog as the update for version 1803. There's only one known issue though:
| Symptom | Workaround |
|---|---|
| Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
Windows 10 Mobile devices on version 1709 will get an update to build 15254.590. It has the same improvements as the above update.
Those on the Windows 10 Creators Update, or version 1703, will get KB4520010, bringing the build number to 15063.2108. You can manually download it here, and these are the highlights:
- Updates to improve security when using Internet Explorer and Microsoft Edge.
- Updates for verifying user names and passwords.
- Updates for storing and managing files.
Here's the full list of fixes:
- Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
- Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
- Security updates to Microsoft Edge, Internet Explorer, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Microsoft JET Database Engine, Windows Kernel, Microsoft Scripting Engine, and Windows Server .
This update has the same one known issue as the one for version 1709.
If you're on the Windows 10 Anniversary Update, or version 1607, you'll get KB4519998, bringing the build number to 14393.3274. You can manually download it here, and it contains the same changelog as the update for version 1703, except there are two known issues:
| Symptom | Workaround |
|---|---|
| After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. |
Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. |
| Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
Finally, those on the original version of Windows 10 will get KB4520011, bringing the build number to 10240.18368. You can manually download it here, and these are the highlights:
- Updates to improve security when using Internet Explorer and Microsoft Edge.
- Updates for verifying user names and passwords.
- Updates for storing and managing files.
Here's the full list of fixes:
- Addresses an issue that prevents netdom.exe from displaying the new ticket-granting ticket (TGT) delegation bit for the display or query mode.
- Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
- Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client article. (These registry settings are enabled by default for Windows Client OS editions.)
- Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
- Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Windows Cryptography, Windows Authentication, Windows Storage and Filesystems, Windows Kernel, and Windows Server.
This one only has one known issue:
| Symptom | Workaround |
|---|---|
| Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
As always, you can install these updates manually, or you can just wait for Windows Update to install them automatically.
16 Comments - Add comment