Patchday Windows 10 Updates (May 14, 2019)

[German]On May 14, 2019 (second Tuesday of the month, patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about each update.

A list of the updates can be found on this Microsoft Web page. I’ve pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (Version 1809).

Update KB4494441 for Windows 10 Version 1809

Cumulative Update KB4494441 raises the OS build to 17763.503 and includes quality improvements but no new operating system features. Here is the list of fixes:

• Enables “Retpoline” by default if Spectre Variant 2 (CVE-2017-5715) is enabled. Make sure previous OS protections against the Spectre Variant 2 vulnerability are enabled using the registry settings described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions). For more information about “Retpoline”, see Mitigating Spectre variant 2 with Retpoline on Windows.
• Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).
• Adds “uk.gov” into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
• Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
• Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
• Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.
• Addresses an issue that causes Simple Network Management Protocol (SNMP) Management Information Base registration to fail when the Windows Management Instrumentation (WMI) provider uses the Windows tool SMI2SMIR.exe.
• Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts.
• Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Graphics, Windows Storage and Filesystems, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.

The update is automatically distributed via Windows Update, no update search is required. The update can also be downloaded and installed from Microsoft Update Catalog . Manual installation of the update requires the latest Servicing Stack Update (SSU) to be installed. This is ensured when installing via Windows Update.

Known Issues

This cumulative update comes with a whole bunch of known issues. Here’s an overview:

• After installing this update, problems may occur with the Preboot Execution Environment (PXE) to boot a device from a Windows Deployment Services (WDS) server that is configured to use the Window Extension variable. This may cause the connection to the WDS server to terminate prematurely while the image is being downloaded. This issue does not affect clients or devices that do not use a Window Extension variable. Workarounds are described in the KB article.
• Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. Workarounds are described in the KB article.
• When you try to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error message: “Your printer has experienced an unexpected configuration problem. 0x80070007e.” Workaround: Just use another browser.
• After installing KB4493509, devices with some installed Asian language packs may receive the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND”. The solution is to uninstall and reinstall the most recently installed Language Packs.

Microsoft is working to resolve these issues and will consider them in future updates. See the KB article for details.

Another thing it took two restarts to Install the CU making that three restarts to install the SSU + .NET & CU.@AskWoody @SBSDiva @etguenni @AdminKirsty @JobCacka pic.twitter.com/koshRrBH4L

— Crysta T. Lacey (@PhantomofMobile) 15. Mai 2019

I’ve just seen a tweet that deals with problems with the activation of the Microarchitectural Data Sampling-Patch (Zombieload). In this tweet, someone points to a PowerShell script that you can use to query the protection status.

Updates for Windows 10 Version 1803

he following updates are available for Windows 10 April Update (version 1803)

Update KB4499167 for Windows 10 Version 1803

Cumulative update KB4499167 contains quality improvements but no new operating system functions and raises the OS build to 17134.706. Here is the list of fixes:

• Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).
• Adds “uk.gov” into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
• Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
• Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
• Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.
• Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts.
• Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Virtualization, Windows Kernel, Windows Server, and the Microsoft JET Database Engine.

The update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update Catalog.  Manual installation of the update requires the current Servicing Stack Update (SSU) to be installed. This is ensured when installing via Windows Update. With this update, Microsoft is aware of problems with the Preboot Execution Environment (PXE) and problems with renaming (see above section on Update KB4494441.

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4499179 for Windows 10 Version 1709

Cumulative Update KB4499179 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.1148. The update is only available for Windows 10 version 1709 Enterprise and Eduction, which will be supported for another 12 months). The update includes quality improvements and the following fixes:

• Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).
• Adds “uk.gov” into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
• Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive.
• Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.
• Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.
• Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the MS UI Gothic or MS PGothic fonts.
• Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Virtualization, Windows Kernel, Windows Server, and the Microsoft JET Database Engine.

The update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) to be installed. This is ensured when installing via Windows Update. As a known issue, Microsoft states the following: Certain actions, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. A workaround is described in the KB article. .

Updates for Windows 10 Version 1507 bis 1703

For Windows 10 RTM up to version 1703 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview.

• Windows 10 Version 1703: Update KB4493474 is only available for Enterprise and Education. The update raises the OS build to 15063.1805. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog . The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4494440 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.2969 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1507: Update KB4499154 is available for the RTM version (LTSC). The update raises the OS build to 10240.18215 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, also on known problems, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Windows 10 V1809 Update KB4495667 (May 3, 2019)
Adobe Updates for Flash, Reader, Encoder (May 2019)
Microsoft Office Updates (Patchday May 7, 2019)
Critical update for Windows XP up to Windows 7 (May 2019)
Microsoft Security Update Summary (May 14, 2019)
Patchday: Updates for Windows 7/8.1/Server (May 14, 2019)
Patchday Windows 10 Updates (May 14, 2019)