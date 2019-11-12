Today is the second Tuesday of the month, making it Patch Tuesday. That means that there are cumulative updates available for all supported versions of Windows. The amount of supported versions goes up by one today, as version 1909 was released. Today also marked the end of support for version 1803, but only for Home and Pro SKUs, so there are still updates for Enterprise and Education.

Moving forward, versions 1903 and 1909 will get the same updates, since it's just an enablement package that increases the build. Today's update is KB4524570, and that brings the build number to 18362.476 and 18363.476 for versions 1903 and 1909, respectively. You can manually download it here, and there's one highlight:

Updates to improve security when using Internet Explorer and Microsoft Edge.

Here's the full list of fixes:

Addresses an issue in the Keyboard Lockdown Subsystem that might not filter key input correctly.

Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)

Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)

Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Edge, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Linux, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.

If you're on Windows 10 version 1809, you'll get KB4523205, bringing the build number to 17763.864. You can manually download it here, and these are the highlights:

Updates to improve security when using Internet Explorer and Microsoft Edge.

Updates to improve security when using external devices (such as game controllers, printers, and web cameras) and input devices such as a mouse, keyboard, or stylus.

Updates to improve security when using Microsoft Office products.

Here's the full list of fixes:

Addresses an issue that might cause the Microsoft Defender Advanced Threat Protection (ATP) service to stop running and stop sending reporting data.

Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)

Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)

Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Microsoft Edge, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Linux, Windows Kernel, Windows Datacenter Networking, Windows Peripherals, and the Microsoft JET Database Engine.

Finally, there are three known issues to be aware of:

Symptom Workaround Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following: Perform the operation from a process that has administrator privilege.

Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT _NOT_FOUND." Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release. When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Microsoft is working on a resolution and will provide an update in an upcoming release.

If you're on version 1803, you'll get KB4525237, which brings the build number to 17134.1130. You can manually download it here, and here are tne highlights:

Updates to improve security when using Internet Explorer and Microsoft Edge.

Updates to improve security when using external devices (such as game controllers, printers, and web cameras) and input devices such as a mouse, keyboard, or stylus.

Updates to improve security when using Microsoft Office products.

Here's the full list of fixes:

Addresses an issue that causes events that are based on Windows Defender Application Control Code Integrity to be unreadable.

Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)

Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)

Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Microsoft Edge, Windows Cryptography, Windows Virtualization, Windows Linux, Windows Kernel, Windows Datacenter Networking, Windows Peripherals, and the Microsoft JET Database Engine.

This one also has a couple of known issues to be aware of:

Symptom Workaround Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following: Perform the operation from a process that has administrator privilege.

Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release. When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Microsoft is working on a resolution and will provide an update in an upcoming release.



Next up is Windows 10 version 1709, which, like 1803 will be going forward, is only supported for Enterprise and Education SKUs. Those users will get KB4525241, bringing the version number to 16299.1508. You can manually download it here, and these are the highlights:

Updates to improve security when using Internet Explorer and Microsoft Edge.

Updates to improve security when using external devices (such as game controllers, printers, and web cameras) and input devices such as a mouse, keyboard, or stylus.

Updates to improve security when using Microsoft Office products.

Here's the full list of fixes:

Addresses an issue that causes events that are based on Windows Defender Application Control Code Integrity to be unreadable.

Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)

Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client article. (These registry settings are enabled by default for Windows Client OS editions.)

Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Microsoft Edge, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Linux, Windows Kernel, Windows Datacenter Networking, Windows Peripherals, and the Microsoft JET Database Engine.

This update has the same known issues as the one above.

Next up is Windows 10 version 1703, which isn't supported for any version of Windows 10 for PCs. Those with a Surface Hub will get KB4525245, bringing the build number to 15063.2172. Also, this update is where you'll find the changes that are included in this month's Windows 10 Mobile 1709 update.

Windows 10 version 1607 is only supported for LTSC and Windows Server 2016 customers. Those users will get KB4525236, bringing the build number to 14393.3326. You can manually download it here, and these are the highlights:

Updates to improve security when using Internet Explorer and Microsoft Edge.

Updates to improve security when using external devices (such as game controllers, printers, and web cameras) and input devices such as a mouse, keyboard, or stylus.

Updates to improve security when using Microsoft Office products.

Here's the full list of fixes:

Addresses an issue that causes events that are based on Windows Defender Application Control Code Integrity to be unreadable.

Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)

Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)

Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Microsoft Edge, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, Windows Peripherals, and the Microsoft JET Database Engine .

It also has two known issues:

Symptom Workaround After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following: Perform the operation from a process that has administrator privilege.

Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.



Finally, the original version of Windows 10 is still supported for LTSC customers, and those users will get KB4525232, bringing the build number to 10240.18395. You can manually download it here, and these are the highlights:

Updates to improve security when using Internet Explorer.

Updates to improve security when using external devices (such as game controllers, printers, and web cameras) and input devices such as a mouse, keyboard, or stylus.

Updates to improve security when using Microsoft Office products.

Here's the full list of fixes:

Updates time zone information for Norfolk Island, Australia.

Updates time zone information for the Fiji Islands.

Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)

Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client article. (These registry settings are enabled by default for Windows Client OS editions.)

Security updates Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, Windows Peripherals, and the Microsoft JET Database Engine.

This update only has one known issue, the one that's common across all of the above updates.