Microsoft Security Updates for May, 2019

[Corrine]

The May security updates have been released and consist of 79 CVEs along with two advisories. Of these 79 CVEs, 22 are rated Critical and 57 are rated Important in severity. Two of these bugs are listed as publicly known and one is listed as under active attack at the time of release.

 

The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service, Spoofing, and Security Feature Bypass and apply to the following: The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.

 

Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows 10:

• Windows 10, Version 1809: KB4494441 (OS Build 17763.503). Prerequisite: The servicing stack update (SSU) (KB4499728) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.
  
• Windows 10, Version 1803: KB4499167 (OS Build 17134.765)
  

Recommended Reading: See Dustin Childs review and analysis in Zero Day Initiative — The May 2019 Security Update Review.

[Corrine]

Due to the severity of CVE-2019-0708, Microsoft also released KB 4500331 for versions of Windows that no longer receive mainstream support: Windows XP SP3 x86, Windows XP Professional X64 SP2, Windows XP Embedded SP3 x86 as well as Windows Server 2003.

[Robert]

Thank you. I just updated two XP computers. One runs an old security system, the other is an IBM Thinkpad T41 that still runs good.