Microsoft Security Bulletin Re-Releases/Advisories

February 14 2017 security update release
Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.
After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

 

Microsoft Security Bulletin(s) for March 14, 2017
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/techne ··· security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/li ··· ms17-mar

Critical (9)

Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)
»technet.microsoft.com/li ··· ms17-006

Microsoft Security Bulletin MS17-007
Cumulative Security Update for Microsoft Edge (4013071)
»technet.microsoft.com/li ··· ms17-007

Microsoft Security Bulletin MS17-008
Security Update for Windows Hyper-V (4013082)
»technet.microsoft.com/li ··· ms17-008

Microsoft Security Bulletin MS17-009
Security Update for Microsoft Windows PDF Library (4010319)
»technet.microsoft.com/li ··· ms17-009

Microsoft Security Bulletin MS17-010
Security Update for Microsoft Windows SMB Server (4013389)
»technet.microsoft.com/li ··· ms17-010

Microsoft Security Bulletin MS17-011
Security Update for Microsoft Uniscribe (4013076)
»technet.microsoft.com/li ··· ms17-011

Microsoft Security Bulletin MS17-012
Security Update for Microsoft Windows 4013078
»technet.microsoft.com/li ··· ms17-012

Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)
»technet.microsoft.com/li ··· ms17-013

Microsoft Security Bulletin MS17-023
Security Update for Adobe Flash Player
»technet.microsoft.com/li ··· ms17-023

Important (9)

Microsoft Security Bulletin MS17-014
Security Update for Microsoft Office (4013241)
»technet.microsoft.com/li ··· ms17-014

Microsoft Security Bulletin MS17-015
Security Update for Microsoft Exchange Server (4013242)
»technet.microsoft.com/li ··· ms17-015

Microsoft Security Bulletin MS17-016
Security Update for Windows IIS (4013074)
»technet.microsoft.com/li ··· ms17-016

Microsoft Security Bulletin MS17-017
Security Update for Windows Kernel (4013081)
»technet.microsoft.com/li ··· ms17-017

Microsoft Security Bulletin MS17-018
Security Update for Windows Kernel-Mode Drivers (4013083)
»technet.microsoft.com/li ··· ms17-018

Microsoft Security Bulletin MS17-019
Security Update for Active Directory Federation Services (4010320)
»technet.microsoft.com/li ··· ms17-019

Microsoft Security Bulletin MS17-020
Security Update for Windows DVD Maker (3208223)
»technet.microsoft.com/li ··· ms17-020

Microsoft Security Bulletin MS17-021
Security Update for Windows DirectShow 4010318
»technet.microsoft.com/li ··· ms17-021

Microsoft Security Bulletin MS17-022
Security Update for Microsoft XML Core Services (4010321)
»technet.microsoft.com/li ··· ms17-022

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

 

Microsoft Security Bulletin Summary for April 2017

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).


Note: https://technet.microsoft.com/en-us/security/default.aspx and https://www.microsoft.com/en-us/security/default.aspx are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99


Release Notes


April 2017 Security Updates
Release Date: April 11, 2017

The April security release consists of security updates for the following software:
•Internet Explorer
•Microsoft Edge
•Microsoft Windows
•Microsoft Office and Microsoft Office Services and Web Apps
•Visual Studio for Mac
•.NET Framework
•Silverlight
•Adobe Flash Player
Please note the following information regarding the security updates:
•Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article, Further simplifying servicing models forWindows 7 and Windows 8.1.
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features
Note As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.
Known Issues


4015549
https://support.microsoft.com/en-us/help/4015549

4015546
https://support.microsoft.com/en-us/help/4015546

4015550
https://support.microsoft.com/en-us/help/4015550

4015547
https://support.microsoft.com/en-us/help/4015547




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Microsoft Security Bulletin Summary for MAY 2017
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).

Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://portal.msrc.microsoft.com/e...tedetail/bc365363-f51e-e711-80da-000d3a32fc99

Release Notes
May 2017 Security Updates
Release Date: May 09, 2017

The May security release consists of security updates for the following software:
•Internet Explorer
•Microsoft Edge
•Microsoft Windows
•Microsoft Office and Microsoft Office Services and Web Apps
•NET Framework
•Adobe Flash Player
Please note the following information regarding the security updates:
•Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article, Further simplifying servicing models forWindows 7 and Windows 8.1.
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog

•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features
Note As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Microsoft Security Bulletin Summary for JUNE 2017
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).

Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99

Release Notes
JUNE 2017 Security Updates
Release Date: JUNE 09, 2017

The May security release consists of security updates for the following software:

• Internet Explorer

• Microsoft Edge

• Microsoft Windows

• Microsoft Office and Microsoft Office Services and Web Apps

• Silverlight

• Skype for Business and Lync

• Adobe Flash Player

Please note the following information regarding the security updates:
•Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article, Further simplifying servicing models forWindows 7 and Windows 8.1.
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog

•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features
Note As a reminder, theSecurity Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

Known Issues
4022717
4022726
4022715

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Microsoft Security Bulletin Summary for JULY 2017
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).

Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99

Release Notes
July 2017 Security Updates

Release Date: July 11, 2017

The July security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
.NET Framework
Adobe Flash Player
Microsoft Exchange Server

Please note the following information regarding the security updates:

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features
•After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 Enterprise 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base article 4015562.


Important note for CVE-2017-8563: After installing the updates for CVE-2017-8563, to make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on a Domain Controller. For more information about setting this registry key, see Microsoft Knowledge Base article 4034879.

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

 

Microsoft Security Bulletin Summary for august 2017
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).

Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99

Release Notes
August 2017 Security Updates
Release Date: August 08, 2017
The August security release consists of security updates for the following software:
•Internet Explorer
•Microsoft Edge
•Microsoft Windows
•Microsoft SharePoint
•Adobe Flash Player
•Microsoft SQL Server
Please note the following information regarding the security updates:
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
•After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the excecption of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
https://support.microsoft.com/help/4034647

Known Issues
4034674
https://support.microsoft.com/help/4034647


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Microsoft Security Bulletin(s) for September 2017

Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).

Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99

Release Notes
September 2017 Security Updates
Release Date: September 12, 2017
The September security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Adobe Flash Player
Skype for Business and Lync
.NET Framework
Microsoft Exchange Server
Please note the following information regarding the security updates:
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
•After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the excecption of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
https://support.microsoft.com/help/4015562

Known Issues
4038792
https://support.microsoft.com/en-us/help/4038792

4038793
https://support.microsoft.com/en-us/help/4038793

4011050
https://support.microsoft.com/help/4011050



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

 

Microsoft Security Bulletin(s) for October 2017
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

Release Notes
October 2017 Security Updates
Release Date: October 10, 2017
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99
The October security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Skype for Business and Lync
Chakra Core
Please note the following information regarding the security updates:
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the excecption of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
Known Issues
4041691
4042895
4041676
4041681

Please note that Microsoft may release bulletins outside of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Microsoft Security Bulletin(s) for November 2017

Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download centre or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99​

​

Release Notes
November 2017 Security Updates
Release Date: November 14, 2017
The November security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ASP.NET Core and .NET Core
Chakra Core

Please note the following information regarding the security updates:
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.

•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

•After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
https://support.microsoft.com/en-gb/help/4015562/windows-10-version-1507-will-no-longer-receive-security-updates​

​

Known Issues
4048954
4048953
4048955
4048952
4048956
4048958
4048961
4048957
4048960
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
​

 

Microsoft Security Bulletin(s) for December 2017
Release Notes
December 2017 Security Updates
Release Date: December 12, 2017

The December 7, 2017 security release consists of security updates for the following software:

- Microsoft Malware Protection Engine
The December security release consists of security updates for the following software:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- ChakraCore
- Microsoft Malware Protection Engine

Please note the following information regarding the security updates:
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog

- Starting in March 2017, there will be Windows 10 1607, 1703, and 1709 delta packages that contain just the delta changes between the previous month and the current release.
- Updates for Windows RT8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

- After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information, see Microsoft Knowledge Base Article 4015562
https://support.microsoft.com/en-gb/help/4015562/windows-10-version-1507-will-no-longer-receive-security-updates​

​

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6​

​

​

​

​

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
​

 

Microsoft Security Bulletin(s) for January 2018
Release Date: January 09, 2018
The January security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
SQL Server
ChakraCore
.NET Framework
.NET Core
ASP.NET Core
Adobe Flash
Please note the following information regarding the security updates:
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
Known Issues 4056890 4056891 4056892 4056893 4056888 4056895 4056898 4056894 4056897 4056896 4056899

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
​

 

Microsoft Security Bulletin(s) for February 2018
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).
Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Release Notes
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573
February 2018 Security Updates

Release Date: February 13, 2018

The February security release consists of security updates for the following software:
•Internet Explorer
•Microsoft Edge
•Microsoft Windows
•Microsoft Office and Microsoft Office Services and Web Apps
•ChakraCore
•Adobe Flash
Please note the following information regarding the security updates:
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
http://catalog.update.microsoft.com/v7/site/Home.aspx
•Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
http://go.microsoft.com/fwlink/?LinkId=21130​

​

•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
•After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
https://support.microsoft.com/help/4015562
​

 

Release Notes
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d​

​

March 2018 Security Updates

Release Date: March 13, 2018

The March security release consists of security updates for the following software:
•Internet Explorer
•Microsoft Edge
•Microsoft Windows
•Microsoft Office and Microsoft Office Services and Web Apps
•Microsoft Exchange Server
•ASP.NET Core
•.NET Core
•PowerShell Core
•ChakraCore
•Adobe Flash

Please note the following information regarding the security updates:
•Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
http://catalog.update.microsoft.com/v7/site/Home.aspx​

​

•Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.

•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
http://go.microsoft.com/fwlink/?LinkId=21130​

​

•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

•After May 9, 2018, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions.

Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
https://support.microsoft.com/help/4015562​

​

•To be fully protected against CVE-2018-0886, users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems and users must follow the instructions documented HERE
https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
to be fully protected.

Known Issues
•4088787
•4088782
•4088776
•4088786
•4088779
•4088876
•4088879
•4088875
•4088878
​

 

Microsoft Security Bulletin(s) for april 2018​

Release Notes​

​

Release Date: April 10, 2018​

​

The April security release consists of security updates for the following software:​

•Internet Explorer​

•Microsoft Edge​

•Microsoft Windows​

•Microsoft Office and Microsoft Office Services and Web Apps​

•ChakraCore​

•Adobe Flash Player​

•Microsoft Malware Protection Engine​

•Microsoft Visual Studio​

•Microsoft Azure IoT SDK​

​

​

Please note the following information regarding the security updates:​

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.​

http://catalog.update.microsoft.com/v7/site/Home.aspx​

​

Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.​

Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.​

http://go.microsoft.com/fwlink/?LinkId=21130​

​

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.​

​

Known Issues 4093112 4093118 4093108​

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d​

 

Release Notes
​

May 2018 Security Updates

Release Date: May 08, 2018


The May security release consists of security updates for the following software:

• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• Adobe Flash Player
• .NET Framework
• Microsoft Exchange Server
• Windows Host Compute Service Shim

​

Please note the following information regarding the security updates:

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

​

Known Issues

• 4103723
• 4103727
• 4103718
• 4103712

​

https://portal.msrc.microsoft.com/e...tedetail/a82328f9-1f26-e811-a968-000d3a33a34d​

 

Release Notes
June 2018 Security Updates
Release Date: June 12, 2018


The June security release consists of security updates for the following software:

• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• Adobe Flash Player

​

In addition, Microsoft is releasing the following advisory:

Microsoft Security Advisory 4338110​

​

Please note the following information regarding the security updates:

• Windows 10 version 1607 and Windows Server 2016 users must install KB4132216 prior to installing the June 2018 cumulative security update. See 4132216 for more information.
  
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  
  
• Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  
  
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  
  
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
  
• After installing the June security updates, customers may need to complete one or more manual steps to be fully protected. See the following:
  
  • After installing the updates for SharePoint Foundation 2013 Service Pack 1 or SharePoint Enterprise Server 2016, customers need to run psconfig.exe. See Why we recommend / require to run the Configuration Wizard also for Security fixes
  • After installing Windows updates, refer to the following table for further action to be protected from Spectre/Meltdown vulnerabilities:

  ​

​

Known Issues

• 4284880
• 4284819
• 4284835
• 4284826
• 4284867

​

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573
​

 

Release Date: July 10, 2018

The July security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash Player
.NET Framework
ASP.NET
Microsoft Research JavaScript Cryptography Library
Skype for Business and Microsoft Lync
Visual Studio
Microsoft Wireless Display Adapter V2 Software
PowerShell Editor Services
PowerShell Extension for Visual Studio Code
Web Customizations for Active Directory Federation Services

Please note the following information regarding the security updates:

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include further steps to take after installing the updates.

ADV180002
ADV180012
CVE-2018-8260
CVE-2018-8281
CVE-2018-8282
CVE-2018-8282
CVE-2018-8299
CVE-2018-8300
CVE-2018-8310
CVE-2018-8323
CVE-2018-8327
CVE-2018-8326

Known Issues

4338825
4338818
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573
​

 

Release Notes
August 2018 Security Updates
Release Date: August 14, 2018
The August security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash Player
.NET Framework
Microsoft Exchange Server
Microsoft SQL Server
Visual Studio
Please note the following information regarding the security updates:
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
http://catalog.update.microsoft.com/v7/site/Home.aspx

Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.
ADV180016*
ADV180020*
ADV180022*
CVE-2018-8273
CVE-2018-8341
CVE-2018-8348
CVE-2018-8351
CVE-2018-8360
CVE-2018-8370
CVE-2018-8378
CVE-2018-8382
CVE-2018-8394
CVE-2018-8396
CVE-2018-8398

Known Issues
4340731
4340733
4343885
4343892
4343897
4343900
4343909
https://portal.msrc.microsoft.com/e...tedetail/ecb26425-583f-e811-a96f-000d3a33c573​

 

Microsoft Security Bulletin(s) for September 2018

Release Notes
September 2018 Security Updates

Release Date: September 11, 2018

The September security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash Player
.NET Framework
Microsoft.Data.OData
ASP.NET

Please note the following information regarding the security updates:

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
•Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.
​

• ADV180022*
  
• ADV180023
  
• CVE-2018-8315
  
• CVE-2018-8331
  
• CVE-2018-8336
  
• CVE-2018-8419
  
  CVE-2018-8424
  CVE-2018-8429
• CVE-2018-8430
  
• CVE-2018-8433
  
• CVE-2018-8434
  
• CVE-2018-8442
  
• CVE-2018-8443
  
• CVE-2018-8444
  
• CVE-2018-8445
  
• CVE-2018-8446
  
• CVE-2018-8452
  
• CVE-2018-8474*
  

​

Known Issues
​

• 4457128
  
• 4457144
  
  4458321
  
  https://portal.msrc.microsoft.com/e...tedetail/498f2484-a096-e811-a978-000d3a33c573
  
  Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
  
  If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

​

 

Release Notes
October 2018 Security Updates
Release Date: October 09, 2018


The October security release consists of security updates for the following software:

• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• .NET Core
• SQL Server Management Studio
• Microsoft Exchange Server

​

Please note the following information regarding the security updates:

• Customers runnning Windows 7 or Windows Server 2008 R2 need to ensure they have Servicing Stack Update (SSU) 3177467 installed before installing the October 2018 security updates, to avoid a failure to install. See Microsoft Knowledge Base Article 3177467 for more information about this SSU.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

​

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

• ADV180026*
• CVE-2010-3190*
• CVE-2018-8292
• CVE-2018-8330
• CVE-2018-8427
• CVE-2018-8432
• CVE-2018-8472
• CVE-2018-8481
• CVE-2018-8482
• CVE-2018-8486
• CVE-2018-8493
• CVE-2018-8501
• CVE-2018-8503
• CVE-2018-8504
• CVE-2018-8506
• CVE-2018-8530*
• CVE-2018-8532
• CVE-2018-8533

​

Known Issues

• 4459266
• 4462917
• 4462923

​

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/aa99ba28-e99f-e811-a978-000d3a33c573
​

 

Release Notes
November 2018 Security Updates
Release Date: November 13, 2018


The November security release consists of security updates for the following software:

• 
  
  
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Core
  • Skype for Business
  • Azure App Service on Azure Stack
  • Team Foundation Server
  • Microsoft Dynamics 365 (on-premises) version 8

​

Please note the following information regarding the security updates:

• 
  
  
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

​

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

• 
  
  
  • ADV180025
  • CVE-2018-8407
  • CVE-2018-8408
  • CVE-2018-8454
  • CVE-2018-8545
  • CVE-2018-8558
  • CVE-2018-8563
  • CVE-2018-8565
  • CVE-2018-8573
  • CVE-2018-8578
  • CVE-2018-8579
  • CVE-2018-8581*
  • CVE-2018-8592*

​

Known Issues

• 
  
  
  • 4467691
  • 4467696
  • 4467686
  • 4467702
  • 4467107

​

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ff746aa5-06a0-e811-a978-000d3a33c573
​

 

Security Update Guide > Release Notes
Release Notes
December 2018 Security Updates
Release Date: December 11, 2018


The December security release consists of security updates for the following software:

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• .NET Framework
• Microsoft Dynamics NAV
• Microsoft Exchange Server
• Microsoft Visual Studio
• Windows Azure Pack (WAP)

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

• CVE-2018-8477
• CVE-2018-8514
• CVE-2018-8580
• CVE-2018-8595
• CVE-2018-8596
• CVE-2018-8598
• CVE-2018-8616
• CVE-2018-8621
• CVE-2018-8622
• CVE-2018-8627
• CVE-2018-8637
• CVE-2018-8638

Known Issues

• 4471321
• 4471327
• 4471329
• 4471324
• 4471318

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c54acc6-2ed2-e811-a980-000d3a33a34d
​

 

Release Notes
January 2019 Security Updates
Release Date: January 08, 2019

The January security release consists of security updates for the following software:

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• .NET Framework
• ASP.NET
• Microsoft Exchange Server
• Microsoft Visual Studio

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

• ADV190001
• CVE-2019-0536
• CVE-2019-0537
• CVE-2019-0545
• CVE-2019-0549
• CVE-2019-0553
• CVE-2019-0554
• CVE-2019-0559
• CVE-2019-0560
• CVE-2019-0561
• CVE-2019-0569
• CVE-2019-0585
• CVE-2019-0588

Known Issues

• 4480961
• 4480973
• 4480978
• 4480966
• 4480970
• 4480116
• 4480962
• 4480963
• 4480975
• 4468742
• 4471389

https://portal.msrc.microsoft.com/e...tedetail/b4384b95-e6d2-e811-a983-000d3a33c573

 

Title: Microsoft Security Update Releases
Issued: January 15, 2019
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8416
* CVE-2019-0545
* CVE-2019-0546
* CVE-2019-0624
* CVE-2019-0646
* CVE-2019-0647


Revision Information:
=====================

- CVE-2018-8416 | .NET Core Tampering
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2018-8416. See
https://github.com/PowerShell/Announcements/issues/11 for more
information.
- Originally posted: November 13, 2018
- Updated: January 15, 2019
- Aggregate CVE Severity Rating: Moderate
- Version: 2.0

- CVE-2019-0545 | .NET Framework Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2019-0545. See
https://github.com/PowerShell/Announcements/issues/10 for more
information.
- Originally posted: January 8, 2018
- Updated: January 15, 2019
- Aggregate CVE Severity Rating: Important
- Version: 2.0

- CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2019-0564. See
https://github.com/PowerShell/Announcements/issues/12 for more
information.
- Originally posted: January 8, 2018
- Updated: January 15, 2019
- Aggregate CVE Severity Rating: Important
- Version: 2.0

- CVE-2019-0624 | Skype for Business 2015 Spoofing Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Information published.
- Originally posted: January 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Important
- Version: 1.0

- CVE-2019-0646 | Team Foundation Server Cross-site Scripting
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Information published.
- Originally posted: January 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Important
- Version: 1.0

- CVE-2019-0647 | Team Foundation Server Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Information published.
- Originally posted: January 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Moderate
- Version: 1.0

 

January 22, 2019 — KB4481031 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019
Release Date:
22 January 2019
Version:
.NET Framework 3.5 and 4.7.2
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
Addresses a garbage collection issue in JIT-compiled code.
Addresses a race condition that affects IIS-hosted Net.tcp WCF services when the portsharing service is restarted, causing the service to become unavailable.
Addresses issues related to:
Special mode in which the logical call context is not serializable, causing SerializationException when secondary app domains call back to the default domain to collect evidence.
Special mode in which the thread is running under an impersonated user token instead of the primary process token, causing COMException when evidence examination triggers urlmon initialization in the system, which in turn fails because it assumes a level of registry access that is not always present when impersonating
Known issues in this update
Microsoft is not currently aware of any issues in this update.
https://support.microsoft.com/en-gb/help/4481031/january-22-2019-kb4481031

 

Release Notes
February 2019 Security Updates
Release Date: February 12, 2019

The February security release consists of security updates for the following software:
Adobe Flash Player
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
.NET Framework
Microsoft Exchange Server
Microsoft Visual Studio
Azure IoT SDK
Microsoft Dynamics
Team Foundation Server
Visual Studio Code
Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

ADV190003
ADV190007 *
ADV990001
CVE-2019-0540 *
CVE-2019-0600
CVE-2019-0601
CVE-2019-0602
CVE-2019-0615
CVE-2019-0616
CVE-2019-0619
CVE-2019-0621
CVE-2019-0628
CVE-2019-0635
CVE-2019-0636
CVE-2019-0643
CVE-2019-0648
CVE-2019-0658
CVE-2019-0660
CVE-2019-0661
CVE-2019-0664
CVE-2019-0669
CVE-2019-0676
CVE-2019-0686 *
CVE-2019-0724 *
CVE-2019-0741
Known Issues




4487026
4487020
4486996
4487017
4487044
4483452
4345836
4471392
4471391
4487052
https://portal.msrc.microsoft.com/e...tedetail/51503ac5-e6d2-e811-a983-000d3a33c573

 

Security Update Guide > Release Notes
Release Notes
March 2019 Security Updates
Release Date: March 12, 2019

The March security release consists of security updates for the following software:



Adobe Flash Player
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office SharePoint
ChakraCore
Team Foundation Server
Skype for Business
Visual Studio
NuGet
Please note the following information regarding the security updates:



A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.



ADV190008
ADV190010 *
ADV990001
CVE-2019-0614
CVE-2019-0702
CVE-2019-0703
CVE-2019-0704
CVE-2019-0755
CVE-2019-0759
CVE-2019-0767
CVE-2019-0774
CVE-2019-0775
CVE-2019-0776
CVE-2019-0782
Known Issues

KB Article Applies To
4489878 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4489881 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4489882 Windows 10 version 1607, Windows Server 2016
4489883 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4489884 Windows Server 2012 (Security-only update)
4489885 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4489891 Windows Server 2012 (Monthly Rollup)
4489899 Windows 10 version 1809, Windows Server 2019

https://portal.msrc.microsoft.com/e...tedetail/ac45e477-1019-e911-a98b-000d3a33a34d

 

Release Notes
April 2019 Security Updates
Release Date: April 09, 2019

The April security release consists of security updates for the following software:

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• ASP.NET
• Microsoft Exchange Server
• Team Foundation Server
• Azure DevOps Server
• Open Enclave SDK
• Windows Admin Center

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV190011
• ADV990001
• CVE-2019-0688
• CVE-2019-0801
• CVE-2019-0802
• CVE-2019-0814
• CVE-2019-0822
• CVE-2019-0823
• CVE-2019-0824
• CVE-2019-0825
• CVE-2019-0826
• CVE-2019-0827
• CVE-2019-0828
• CVE-2019-0830
• CVE-2019-0831
• CVE-2019-0833
• CVE-2019-0835
• CVE-2019-0837
• CVE-2019-0838
• CVE-2019-0839
• CVE-2019-0840
• CVE-2019-0844
• CVE-2019-0845
• CVE-2019-0846
• CVE-2019-0847
• CVE-2019-0848
• CVE-2019-0849
• CVE-2019-0851
• CVE-2019-0876
• CVE-2019-0879

Known Issues

KB Article Applies To
4487563 Microsoft Exchange Server 2019, 2016, and 2013
4491413 Update Rollup 27 for Exchange Server 2010 Service Pack 3
4493441 Windows 10 version 1709, Windows Server Version 1709
4493446 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4493448 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4493450 Windows Server 2012 (Security-only Rollup)
4493451 Windows Server 2012 (Monthly Rollup)
4493458 Windows Server 2008 Service Pack 2 (Security-only update)
4493464 Windows 10 version 1803, Windows Server Version 1803
4493467 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4493470 Windows 10 version 1607, Windows Server 2016
4493471 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4493472 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4493474 Windows 10 version 1703
4493509 Windows 10 version 1809, Windows Server 2019
4493730 Windows Server 2008 SP2
4493435 Internet Explorer Cumulative Update
https://portal.msrc.microsoft.com/e...tedetail/18306ed5-1019-e911-a98b-000d3a33a34d

 

Microsoft May 2019 Security Updates

Release Notes
May 2019 Security Updates
Release Date: May 14, 2019


The May security release consists of security updates for the following software:

• 
  
  
  • Adobe Flash Player
  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Team Foundation Server
  • Visual Studio
  • Azure DevOps Server
  • SQL Server
  • .NET Framework
  • .NET Core
  • ASP.NET Core
  • ChakraCore
  • Online Services
  • Azure
  • NuGet
  • Skype for Android

Please note the following information regarding the security updates:

• 
  
  
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is only present in only the IE Cumulative package 4498206.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• 
  
  
  • ADV190012
  • ADV190014
  • CVE-2019-0758
  • CVE-2019-0819
  • CVE-2019-0864
  • CVE-2019-0882
  • CVE-2019-0886
  • CVE-2019-0889
  • CVE-2019-0890
  • CVE-2019-0891
  • CVE-2019-0893
  • CVE-2019-0894
  • CVE-2019-0895
  • CVE-2019-0896
  • CVE-2019-0897
  • CVE-2019-0898
  • CVE-2019-0899
  • CVE-2019-0900
  • CVE-2019-0901
  • CVE-2019-0902
  • CVE-2019-0930
  • CVE-2019-0932
  • CVE-2019-0942
  • CVE-2019-0945
  • CVE-2019-0946
  • CVE-2019-0947
  • CVE-2019-0949
  • CVE-2019-0950
  • CVE-2019-0951
  • CVE-2019-0952
  • CVE-2019-0953
  • CVE-2019-0956
  • CVE-2019-0957
  • CVE-2019-0958
  • CVE-2019-0961
  • CVE-2019-0963
  • CVE-2019-0971

Known Issues

KB Article Applies To
4493730 Windows Server 2008 Service Pack 2 (Servicing Stack Update)
4494440 Windows 10, version 1607, Windows Server 2016
4494441 Windows 10, version 1809, Windows Server 2019
4497936 Windows 10, version 1903
4498206 Internet Explorer Cumulative Update
4499151 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4499154 Windows 10
4499158 Windows Server 2012 (Security-only update)
4499164 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4499165 Windows 8.1 Windows Server 2012 R2 (Security-only update)
4499167 Windows 10, version 1803
4499171 Windows Server 2012 (Monthly Rollup)
4499179 Windows 10, version 1709
4499180 Windows Server 2008 Service Pack 2 (Security-only update)
4499181 Windows 10, version 1703

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d

 

Release Notes
June 2019 Security Updates

Release Date: June 11, 2019

The June security release consists of security updates for the following software:

Adobe Flash Player
Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Skype for Business and Microsoft Lync
Microsoft Exchange Server
Azure

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

ADV190015
ADV990001
CVE-2019-0904
CVE-2019-0905
CVE-2019-0906
CVE-2019-0907
CVE-2019-0908
CVE-2019-0909
CVE-2019-0948
CVE-2019-0968
CVE-2019-0974
CVE-2019-0977
CVE-2019-0990
CVE-2019-1009
CVE-2019-1010
CVE-2019-1011
CVE-2019-1012
CVE-2019-1013
CVE-2019-1015
CVE-2019-1016
CVE-2019-1023
CVE-2019-1031
CVE-2019-1032
CVE-2019-1033
CVE-2019-1034
CVE-2019-1035
CVE-2019-1036
CVE-2019-1039
CVE-2019-1046
CVE-2019-1047
CVE-2019-1048
CVE-2019-1049
CVE-2019-1050
CVE-2019-1081

Known Issues
KB Article Applies To
4493730 Windows Server 2008 Service Pack 2 Servicing stack update
4503027 Exchange Server 2019, Exchange Server 2016
4503028 Exchange Server 2010 Service Pack 3, Exchange Server 2013
4503263 Windows Server 2012 (Security-only update)
4503267 Windows 10, version 1607, Windows Server 2016
4503276 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4503279 Windows 10, version 1703
4503284 Windows 10, version 1709
4503285 Windows Server 2012 (Monthly Rollup)
4503286 Windows 10, version 1803
4503290 Windows 8.1 Windows Server 2012 R2 (Security-only update)
4503291 Windows 10
4503292 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4503293 Windows 10, version 1903
4503327 Windows 10, version 1809, Windows Server 2019

https://portal.msrc.microsoft.com/e...tedetail/253dc509-9a5b-e911-a98e-000d3a33c573

 

Release Notes
July 2019 Security Updates
Release Date: July 09, 2019

The July security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge
• Microsoft Office and Microsoft Office Services and Web Apps
• Azure DevOps
• Open Source Software
• .NET Framework
• Azure
• SQL Server
• ASP.NET
• Visual Studio
• Microsoft Exchange Server

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is only present in only the IE Cumulative package.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2019-0962 *
• CVE-2019-1006 *
• CVE-2019-1068 *
• CVE-2019-1071
• CVE-2019-1073
• CVE-2019-1079
• CVE-2019-1084
• CVE-2019-1091
• CVE-2019-1093
• CVE-2019-1094
• CVE-2019-1095
• CVE-2019-1096
• CVE-2019-1097
• CVE-2019-1098
• CVE-2019-1099
• CVE-2019-1100
• CVE-2019-1101
• CVE-2019-1108
• CVE-2019-1109
• CVE-2019-1110
• CVE-2019-1111
• CVE-2019-1112
• CVE-2019-1116
• CVE-2019-1134

Known Issues

KB Article Applies To
4493730 Servicing stack update for Windows Server 2008 SP2
4507434 Internet Explorer 11
4507435 Windows 10, version 1803
4507448 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4507449 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4507450 Windows 10, version 1703
4507453 Windows 10, version 1903, Windows Server version 1903
4507455 Windows 10, version 1709
4507457 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4507458 Windows 10
4507460 Windows 10 1607 and Windows Server 2016
4507462 Windows Server 2012 (Monthly Rollup)
4507464 Windows Server 2012 (Security-only update)
4507469 Windows 10, version 1809, Windows Server 2019

https://portal.msrc.microsoft.com/e...tedetail/48293f19-d662-e911-a98e-000d3a33c573

 

August 2019 Security Updates
Release Date: August 13, 2019


The August security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge
• ChakraCore
• Microsoft Office and Microsoft Office Services and Web Apps
• Visual Studio
• Online Services
• Active Directory
• Microsoft Dynamics

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV190014*
• CVE-2019-1030
• CVE-2019-1078
• CVE-2019-1143
• CVE-2019-1146
• CVE-2019-1147*
• CVE-2019-1148
• CVE-2019-1149
• CVE-2019-1151
• CVE-2019-1153
• CVE-2019-1154
• CVE-2019-1155 *
• CVE-2019-1156 *
• CVE-2019-1157 *
• CVE-2019-1158
• CVE-2019-1161 *
• CVE-2019-1171
• CVE-2019-1172
• CVE-2019-1181 *
• CVE-2019-1182 *
• CVE-2019-1199
• CVE-2019-1200
• CVE-2019-1201
• CVE-2019-1202
• CVE-2019-1203
• CVE-2019-1204
• CVE-2019-1205
• CVE-2019-1218 *
• CVE-2019-1224
• CVE-2019-1225
• CVE-2019-1227
• CVE-2019-1228
• CVE-2019-9511 *
• CVE-2019-9512 *
• CVE-2019-9513 *
• CVE-2019-9514 *
• CVE-2019-9518 *

Known Issues

KB Article Applies To
4511553 Windows 10, version 1809, Windows Server 2019
4511872 Internet Explorer
4512476 Windows Server 2008 SP2 (Monthly Rollup)
4512482 Windows Server 2012 (Security-only update)
4512486 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4512488 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4512489 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4512491 Windows Server 2008 SP2 (Security-only Update)
4512497 Windows 10
4512501 Windows 10, version 1803, Windows Server version 1803
4512506 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4512507 Windows 10, version 1703
4512508 Windows 10, version 1903, Windows Server version 1903
4512516 Windows 10, version 1709
4512517 Windows 10, version 1607, Windows Server 2016
4512518 Windows Server 2012 (Monthly Rollup)



https://portal.msrc.microsoft.com/e...tedetail/312890cc-3673-e911-a991-000d3a33a34d

 

Microsoft September 2019 Security Updates

Release Notes
September 2019 Security Updates
Release Date: September 10, 2019


The September security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge (EdgeHTML-based)
• ChakraCore
• Microsoft Office and Microsoft Office Services and Web Apps
• Adobe Flash Player
• Microsoft Lync
• Visual Studio
• Microsoft Exchange Server
• .NET Framework
• Microsoft Yammer
• .NET Core
• ASP.NET
• Team Foundation Server
• Project Rome

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV190022
• ADV990001
• CVE-2019-1142 *
• CVE-2019-1209
• CVE-2019-1216
• CVE-2019-1219
• CVE-2019-1231
• CVE-2019-1240
• CVE-2019-1241
• CVE-2019-1242
• CVE-2019-1243
• CVE-2019-1244
• CVE-2019-1245
• CVE-2019-1246
• CVE-2019-1247
• CVE-2019-1248
• CVE-2019-1249
• CVE-2019-1250
• CVE-2019-1251
• CVE-2019-1252
• CVE-2019-1254
• CVE-2019-1257
• CVE-2019-1259
• CVE-2019-1260
• CVE-2019-1261
• CVE-2019-1262
• CVE-2019-1263
• CVE-2019-1264
• CVE-2019-1265 *
• CVE-2019-1274
• CVE-2019-1282
• CVE-2019-1283
• CVE-2019-1286
• CVE-2019-1293
• CVE-2019-1295
• CVE-2019-1296
• CVE-2019-1297
• CVE-2019-1299

Known Issues

KB Article Applies To
4512578 Windows 10, version 1809, Windows Server 2019
4513696 Visual Studio 2015
4515384 Windows 10, version 1903, Windows Server version 1903
4515832 Microsoft Exchange Server 2019 and Exchange Server 2016
4516044 Windows 10, version 1607, Windows Server 2016
4516046 Internet Explorer
4516055 Windows Server 2012 (Monthly Rollup)
4516058 Windows 10, version 1803, Windows Server version 1803
4516062 Windows Server 2012 (Security-only update)
4516064 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4516065 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4516066 Windows 10, version 1709
4516067 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4516068 Windows 10, version 1703
4516070 Windows 10

https://portal.msrc.microsoft.com/e...tedetail/24f46f0a-489c-e911-a994-000d3a33c573

 

Release Notes

October 2019 Security Updates
Release Date: October 08, 2019


The October security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge (EdgeHTML-based)
• ChakraCore
• Microsoft Office and Microsoft Office Services and Web Apps
• SQL Server Management Studio
• Open Source Software
• Microsoft Dynamics 365
• Windows Update Assistant

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2019-1070
• CVE-2019-1230
• CVE-2019-1313
• CVE-2019-1314 *
• CVE-2019-1327
• CVE-2019-1328
• CVE-2019-1329
• CVE-2019-1330
• CVE-2019-1331
• CVE-2019-1334
• CVE-2019-1337
• CVE-2019-1344
• CVE-2019-1345
• CVE-2019-1358
• CVE-2019-1359
• CVE-2019-1361
• CVE-2019-1363
• CVE-2019-1369
• CVE-2019-1378*

Known Issues

KB Article Applies To
4519338 Windows 10, version 1809, Windows Server 2019
4519974 Internet Explorer
4519976 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4519985 Windows Server 2012 (Security-only update)
4519990 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4519998 Windows 10, version 1607, Windows Server 2016
4520004 Windows 10, version 1709
4520005 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4520007 Windows Server 2012 (Monthly Rollup)
4520008 Windows 10, version 1803, Windows Server version 1803
4520010 Windows 10, version 1703
4520011 Windows 10

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573

 

Release Notes
November 2019 Security Updates
Release Date: November 12, 2019


The November security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge (EdgeHTML-based)
• ChakraCore
• Microsoft Office and Microsoft Office Services and Web Apps
• Open Source Software
• Secure Boot
• Microsoft Exchange Server
• Visual Studio
• Azure Stack

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV190024 *
• CVE-2018-12207 *
• CVE-2019-11135 *
• CVE-2019-1324
• CVE-2019-1370
• CVE-2019-1374
• CVE-2019-1381
• CVE-2019-1402
• CVE-2019-1409
• CVE-2019-1411
• CVE-2019-1412
• CVE-2019-1418
• CVE-2019-1432
• CVE-2019-1436
• CVE-2019-1439
• CVE-2019-1440
• CVE-2019-1442 *
• CVE-2019-1443
• CVE-2019-1445
• CVE-2019-1446
• CVE-2019-1447
• CVE-2019-1448
• CVE-2019-1449
• CVE-2019-1457

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20191112

KB Article Applies To
4484113 Microsoft Exchange Server
4523171 Microsoft Exchange Server
4523205 Windows 10, version 1809, Windows Server 2019
4524570 Windows 10, version 1903, Windows Server version 1903
4525232 Windows 10
4525236 Windows 10, version 1607, Windows Server 2016
4525237 Windows 10, version 1803, Windows Server version 1803
4525241 Windows 10, version 1709
4525243 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4525246 Windows Server 2012 (Monthly Rollup)
4525250 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4525253 Windows Server 2012 (Security-only update)

https://portal.msrc.microsoft.com/e...tedetail/164aa83e-499c-e911-a994-000d3a33c573

 

Release Notes

December 2019 Security Updates
Release Date: December 10, 2019


The December security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• SQL Server
• Visual Studio
• Skype for Business

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV990001
• ADV190026 *
• CVE-2019-1349 *
• CVE-2019-1350 *
• CVE-2019-1351 *
• CVE-2019-1352 *
• CVE-2019-1354 *
• CVE-2019-1355 *
• CVE-2019-1387 *
• CVE-2019-1400
• CVE-2019-1461
• CVE-2019-1462
• CVE-2019-1463
• CVE-2019-1464
• CVE-2019-1465
• CVE-2019-1466
• CVE-2019-1467
• CVE-2019-1469
• CVE-2019-1470
• CVE-2019-1472
• CVE-2019-1474
• CVE-2019-1480
• CVE-2019-1481
• CVE-2019-1486 *
• CVE-2019-1487
• CVE-2019-1489

Known Issues

The following KBs contain information about known issues with the security updates. For more information about Windows Known Issues, please see Windows message center. Links to currently-supported versions of Windows 10 are in the left pane.

For a complete list of security update KBs, please see 20191210.

KB Article Applies To
4484190 Excel 2013
4484179 Excel 2016
4461590 PowerPoint 2013
4484190 PowerPoint 2016
4484190 Word 2013
4484190 Word 2016
4530681 Windows 10
4530684 Windows 10, version 1803, Windows Server version 1803, Windows 10, version 1809, Windows Server version 1809
4530689 Windows 10, version 1607, Windows Server 2016
4530691 Windows Server 2012 (Monthly Rollup)
4530698 Windows Server 2012 (Security-only update)
4530702 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4530714 Windows 10, version 1709
4530715 Windows 10, version 1809, Windows Server 2019
4530717 Windows 10, version 1803, Windows Server version 1803
4530730 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4530734 Windows 7 SP1, Windows Server 2008 R2 SP1 (Monthly Rollup)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec

 

Release Notes
January 2020 Security Updates
Release Date: January 14, 2020


The January security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• ASP.NET Core
• .NET Core
• .NET Framework
• OneDrive for Android
• Microsoft Dynamics

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Note: Support for Windows 7, Windows Server 2008 R2, and Windows Server 2008 ends January 14, 2020. For more information please see Lifecycle FAQ-Extended Security Updates.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-0601 *
• CVE-2020-0607
• CVE-2020-0608
• CVE-2020-0615
• CVE-2020-0622
• CVE-2020-0637
• CVE-2020-0639
• CVE-2020-0643
• CVE-2020-0647
• CVE-2020-0650
• CVE-2020-0651
• CVE-2020-0652
• CVE-2020-0653
• CVE-2020-0654 *

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200114. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4534271 Windows 10, version 1607, Windows Server 2016
4534273 Windows 10, version 1809, Windows Server version 1809, Windows 10, version 1809, Windows Server version 1809
4534276 Windows 10, version 1709
4534283 Windows Server 2012 (Monthly Rollup)
4534288 Windows Server 2012 (Security-only update)
4534293 Windows 10, version 1803, Windows Server version 1803
4534297 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4534306 Windows 10
4534309 Windows 8.1, Windows Server 2012 R2 (Security-only update)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan

 

Release Notes

February 2020 Security Updates

Release Date: February 11, 2020


The February security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• ChakraCore
• Internet Explorer
• Microsoft Exchange Server
• Microsoft SQL Server
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Malicious Software Removal Tool
• Windows Surface Hub

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV200003
• CVE-2020-0618 *
• CVE-2020-0658
• CVE-2020-0675
• CVE-2020-0676
• CVE-2020-0677
• CVE-2020-0689 *
• CVE-2020-0693
• CVE-2020-0694
• CVE-2020-0695
• CVE-2020-0696
• CVE-2020-0697
• CVE-2020-0698
• CVE-2020-0705
• CVE-2020-0706
• CVE-2020-0714
• CVE-2020-0716
• CVE-2020-0717
• CVE-2020-0728
• CVE-2020-0736
• CVE-2020-0744
• CVE-2020-0746
• CVE-2020-0748
• CVE-2020-0755
• CVE-2020-0756
• CVE-2020-0759
• CVE-2020-0766

Known Issues

KB Article Applies To
4532691 Windows 10 Version 1809, Windows Server 2019
4536987 Microsoft Exchange Server 2016 & 2019
4536988 Microsoft Exchange Server 2013
4536989 Microsoft Exchange Server 2010
4537762 Windows 10, version 1803, Windows Server version 1803
4537764 Windows 10, version 1607, Windows Server 2016
4537776 Windows 10
4537789 Windows 10, version 1709
4537794 Windows Server 2012 (Security-only update)
4537803 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4537813 Windows 7, Windows Server 2008 R2 (Security-only update)
4537814 Windows Server 2012 (Monthly Rollup)
4537821 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb

 

Release Notes

March 2020 Security Updates
Release Date: March 10, 2020


The March 2020 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• ChakraCore
• Internet Explorer
• Microsoft Exchange Server
• Microsoft Office and Microsoft Office Services and Web Apps
• Azure DevOps
• Windows Defender
• Visual Studio
• Open Source Software
• Azure
• Microsoft Dynamics

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-0765
• CVE-2020-0774
• CVE-2020-0775
• CVE-2020-0795
• CVE-2020-0813
• CVE-2020-0820
• CVE-2020-0850
• CVE-2020-0851
• CVE-2020-0852
• CVE-2020-0853
• CVE-2020-0855
• CVE-2020-0859
• CVE-2020-0861
• CVE-2020-0863
• CVE-2020-0871
• CVE-2020-0874
• CVE-2020-0876
• CVE-2020-0879
• CVE-2020-0880
• CVE-2020-0882
• CVE-2020-0885
• CVE-2020-0891
• CVE-2020-0892
• CVE-2020-0893
• CVE-2020-0894
• CVE-2020-0902 *

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200310

KB Article Applies To
4538032 Visual Studio
4538461 Windows 10 Version 1809, Windows Server 2019
4540123 Microsoft Exchange Server
4540670 Windows 10, version 1607, Windows Server 2016
4540671 Internet Explorer
4540673 Windows 10, version 1809, Windows Server version 1809, Windows 10, version 1809, Windows Server version 1809
4540688 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4540694 Windows Server 2012 (Security-only update)
4541500 Windows 7, Windows Server 2008 R2 (Security-only update)
4541504 Windows Server 2008 (Security-only update)
4541505 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4541506 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4541509 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4541510 Windows Server 2012 (Monthly Rollup)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar

 

Release Notes

April 2020 Security Updates
Release Date: April 14, 2020


The April 2020 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• ChakraCore
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Visual Studio
• Microsoft Dynamics
• Microsoft Apps for Android
• Microsoft Apps for Mac

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-0699
• CVE-2020-0760
• CVE-2020-0821
• CVE-2020-0835 *
• CVE-2020-0906
• CVE-2020-0920
• CVE-2020-0923
• CVE-2020-0924
• CVE-2020-0925
• CVE-2020-0926
• CVE-2020-0927
• CVE-2020-0929
• CVE-2020-0930
• CVE-2020-0931
• CVE-2020-0932
• CVE-2020-0933
• CVE-2020-0935 *
• CVE-2020-0937
• CVE-2020-0939
• CVE-2020-0945
• CVE-2020-0946
• CVE-2020-0947
• CVE-2020-0952
• CVE-2020-0954
• CVE-2020-0955 *
• CVE-2020-0961
• CVE-2020-0962
• CVE-2020-0971
• CVE-2020-0972
• CVE-2020-0973
• CVE-2020-0974
• CVE-2020-0975
• CVE-2020-0976
• CVE-2020-0977
• CVE-2020-0978
• CVE-2020-0979
• CVE-2020-0980
• CVE-2020-0982
• CVE-2020-0987
• CVE-2020-0991
• CVE-2020-1002 *
• CVE-2020-1005
• CVE-2020-1007
• CVE-2020-1016
• CVE-2020-1018

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200414. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
3128012 Microsoft Office 2016
3162033 Microsoft Publisher 2013
3203462 Microsoft Office 2010
4011097 Microsoft Publisher 2016
4011104 Microsoft Office 2013
4032216 Microsoft Publisher 2010
4462210 Microsoft Access 2013
4462225 Microsoft Visio 2010
4464527 Microsoft Access 2010
4464544 Microsoft Visio 2013
4484117 Microsoft Office 2013
4484125 Microsoft Project 2013
4484126 Microsoft Office 2010
4484132 Microsoft Project 2010
4484167 Microsoft Access 2016
4484214 Microsoft Office 2016
4484226 Microsoft PowerPoint 2013
4484235 Microsoft PowerPoint 2010
4484244 Microsoft Visio 2016
4484246 Microsoft PowerPoint 2016
4484269 Microsoft Project 2016
4484273 Microsoft Excel 2016
4484274 Microsoft Outlook 2016
4484281 Microsoft Outlook 2013
4484283 Microsoft Excel 2013
4484284 Microsoft Outlook 2010
4484285 Microsoft Excel 2010
4484295 Microsoft Word 2010
4484300 Microsoft Word 2016
4484319 Microsoft Word 2013
4549949 Windows 10 Version 1809, Windows Server 2019
4550905 Internet Explorer
4550917 Windows Server 2012 (Monthly Rollup)
4550922 Windows 10, version 1803
4550927 Windows 10, version 1709
4550929 Windows 10, version 1607, Windows Server 2016
4550930 Windows 10
4550951 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4550957 Windows Server 2008 Service Pack 2 (Security-only update)
4550961 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4550964 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4550965 Windows 7, Windows Server 2008 R2 (Security-only update)
4550970 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4550971 Windows Server 2012 (Security-only update)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr

 

Release Notes
May 2020 Security Updates
Release Date: May 12, 2020


The May 2020 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• ChakraCore
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Visual Studio
• Microsoft Dynamics
• .NET Framework
• .NET Core
• Power BI

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-0901
• CVE-2020-0963
• CVE-2020-1072
• CVE-2020-1075
• CVE-2020-1103
• CVE-2020-1116
• CVE-2020-1141
• CVE-2020-1145
• CVE-2020-1173
• CVE-2020-1179

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200512. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4551853 Windows 10 Version 1809, Windows Server 2019
4556813 Windows 10, version 1607, Windows Server 2016
4556836 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4556843 Windows 7, Windows Server 2008 R2 (Security-only update)
4556854 Windows Server 2008 Service Pack 2 (Security-only update)
4556860 Windows Server 2008 Service Pack 2 (Monthly Rollup)

 

Release Notes
June 2020 Security Updates
Release Date: June 09, 2020


The June security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based) in IE Mode
• Microsoft ChakraCore
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Microsoft Dynamics
• Visual Studio
• Azure DevOps
• HoloLens
• Adobe Flash Player
• Microsoft Apps for Android
• Windows App Store
• System Center
• Android App

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs, Mitigations and Workarounds with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV200010 *
• CVE-2020-1148
• CVE-2020-1160
• CVE-2020-1163 *
• CVE-2020-1170 *
• CVE-2020-1177
• CVE-2020-1178
• CVE-2020-1181
• CVE-2020-1183
• CVE-2020-1206 *
• CVE-2020-1217
• CVE-2020-1220 *
• CVE-2020-1223 *
• CVE-2020-1225 *
• CVE-2020-1226 *
• CVE-2020-1229 *
• CVE-2020-1232
• CVE-2020-1242
• CVE-2020-1261
• CVE-2020-1263
• CVE-2020-1268
• CVE-2020-1284 *
• CVE-2020-1289
• CVE-2020-1290
• CVE-2020-1295
• CVE-2020-1296
• CVE-2020-1297
• CVE-2020-1298
• CVE-2020-1315
• CVE-2020-1301 *
• CVE-2020-1318
• CVE-2020-1320
• CVE-2020-1321 *
• CVE-2020-1322
• CVE-2020-1323
• CVE-2020-1329 *

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200609. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4560960 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4561608 Windows 10 Version 1809, Windows Server 2019
4561616 Windows 10, version 1607, Windows Server 2016
4561643 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4561645 Windows Server 2008 (Security-only update)
4561669 Windows 7, Windows Server 2008 R2 (Security-only update)
4561670 Windows Server 2008 (Monthly Rollup)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

 

Release Notes
July 2020 Security Updates
Release Date: July 14, 2020


The July 2020 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based) in IE Mode
• Microsoft ChakraCore
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Skype for Business
• Visual Studio
• Microsoft OneDrive
• Open Source Software
• .NET Framework
• Azure DevOps

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs, Mitigations and Workarounds with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV200008 *
• CVE-2020-1032 *
• CVE-2020-1036 *
• CVE-2020-1040 *
• CVE-2020-1041 *
• CVE-2020-1042 *
• CVE-2020-1043 *
• CVE-2020-1147
• CVE-2020-1240
• CVE-2020-1330
• CVE-2020-1342
• CVE-2020-1346 *
• CVE-2020-1349
• CVE-2020-1350 *
• CVE-2020-1351
• CVE-2020-1358
• CVE-2020-1361
• CVE-2020-1367
• CVE-2020-1386
• CVE-2020-1389
• CVE-2020-1391
• CVE-2020-1397
• CVE-2020-1419
• CVE-2020-1420
• CVE-2020-1426
• CVE-2020-1432
• CVE-2020-1433
• CVE-2020-1439 *
• CVE-2020-1442
• CVE-2020-1445
• CVE-2020-1446
• CVE-2020-1447
• CVE-2020-1448
• CVE-2020-1449
• CVE-2020-1458
• CVE-2020-1461 *
• CVE-2020-1462
• CVE-2020-1468

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200714. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4558998 Windows 10 Version 1809, Windows Server 2019
4565483 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4565511 Windows 10, version 1607, Windows Server 2016
4565524 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4565529 Windows Server 2008 (Security-only update)
4565535 Windows Server 2012 (Security-only update)
4565536 Windows Server 2008 (Monthly Rollup)
4565537 Windows Server 2012 (Monthly Rollup)
4565539 Windows 7, Windows Server 2008 R2 (Security-only update)
4565540 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4565541 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

https://answers.microsoft.com/en-us...-bf20-4ace-97c1-e24840fc0820?tm=1594746136993

 

Release Notes

August 2020 Security Updates
Release Date: August 11, 2020


The August 2020 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• Microsoft ChakraCore
• Internet Explorer
• Microsoft Scripting Engine
• SQL Server
• Microsoft JET Database Engine
• .NET Framework
• ASP.NET Core
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft Windows Codecs Library
• Microsoft Dynamics

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-1046 *
• CVE-2020-1383
• CVE-2020-1459
• CVE-2020-1472 *
• CVE-2020-1474
• CVE-2020-1483
• CVE-2020-1487
• CVE-2020-1493
• CVE-2020-1494
• CVE-2020-1495
• CVE-2020-1496
• CVE-2020-1497
• CVE-2020-1498
• CVE-2020-1502
• CVE-2020-1503
• CVE-2020-1504
• CVE-2020-1505
• CVE-2020-1510
• CVE-2020-1512
• CVE-2020-1530 *
• CVE-2020-1537 *
• CVE-2020-1548
• CVE-2020-1560 *
• CVE-2020-1563
• CVE-2020-1571 *
• CVE-2020-1574 *
• CVE-2020-1577
• CVE-2020-1578
• CVE-2020-1581
• CVE-2020-1583
• CVE-2020-1585 *

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200811. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4565349 Windows 10 Version 1809, Windows Server 2019
4566782 Windows 10, version 2004
4571694 Windows 10, version 1607, Windows Server 2016
4571702 Windows Server 2012 (Security-only update)
4571703 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4571719 Windows 7, Windows Server 2008 R2 (Security-only update)
4571723 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4571729 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4571730 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4571736 Windows Server 2012 (Monthly Rollup)
4571746 Windows Server 2008 Service Pack 2 (Security-only update)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Aug

 

Release Notes
September 2020 Security Updates
Release Date: September 08, 2020


The September 2020 security release consists of security updates for the following software:

• 
  
  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • Microsoft ChakraCore
  • Internet Explorer
  • SQL Server
  • Microsoft JET Database Engine
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Dynamics
  • Visual Studio
  • Microsoft Exchange Server
  • SQL Server
  • ASP.NET
  • Microsoft OneDrive
  • Azure DevOps

Please note the following information regarding the security updates:

• 
  
  • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  • There is a change coming with regards to Servicing Stack Updates. Please see Simplifying SSUs for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• 
  
  • CVE-2020-0664
  • CVE-2020-0856
  • CVE-2020-0875
  • CVE-2020-0914
  • CVE-2020-0921
  • CVE-2020-0928
  • CVE-2020-0941
  • CVE-2020-0989
  • CVE-2020-1031
  • CVE-2020-1033
  • CVE-2020-1083
  • CVE-2020-1091
  • CVE-2020-1097
  • CVE-2020-1119
  • CVE-2020-1193
  • CVE-2020-1210
  • CVE-2020-1218
  • CVE-2020-1224
  • CVE-2020-1250
  • CVE-2020-1256
  • CVE-2020-1332
  • CVE-2020-1335
  • CVE-2020-1338
  • CVE-2020-1589
  • CVE-2020-1592
  • CVE-2020-1594
  • CVE-2020-1596 *
  • CVE-2020-16851 *
  • CVE-2020-16852 *
  • CVE-2020-16853 *
  • CVE-2020-16854
  • CVE-2020-16855
  • CVE-2020-16879
  • CVE-2020-16884 *

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200908. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4484488 SharePoint Foundation 2013
4484515 SharePoint Enterprise Server 2013
4486667 SharePoint Foundation 2010
4570333 Windows 10 Version 1809, Windows Server 2019
4571756 Windows 10, version 2004
4577015 Windows 10, version 1607, Windows Server 2016
4577038 Windows Server 2012 (Monthly Rollup)
4577048 Windows Server 2012 (Security-only update)
4577051 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4577053 Windows 7, Windows Server 2008 R2 (Security-only update)
4577064 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4577066 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4577070 Windows Server 2008 Service Pack 2 (Security-only update)
4577071 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4577352 Exchange Server 2019, Exchange Server 2016

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

 

Release Notes

October 2020 Security Updates
Release Date: October 13, 2020


The October security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft JET Database Engine
• Azure Functions
• Azure Sphere
• Open Source Software
• Microsoft Exchange Server
• Visual Studio
• PowerShellGet
• Microsoft .NET Framework
• Microsoft Dynamics
• Adobe Flash Player
• Microsoft Windows Codecs Library

Please note the following information regarding the security updates:

• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• ADV200012 *
• CVE-2020-16889
• CVE-2020-16896 *
• CVE-2020-16897
• CVE-2020-16901
• CVE-2020-16904
• CVE-2020-16914
• CVE-2020-16918
• CVE-2020-16919
• CVE-2020-16921
• CVE-2020-16928
• CVE-2020-16929
• CVE-2020-16930
• CVE-2020-16931
• CVE-2020-16932
• CVE-2020-16933 *
• CVE-2020-16934
• CVE-2020-16937
• CVE-2020-16938
• CVE-2020-16941
• CVE-2020-16942
• CVE-2020-16947 *
• CVE-2020-16949 *
• CVE-2020-16954
• CVE-2020-16955
• CVE-2020-16957
• CVE-2020-16969
• CVE-2020-16970
• CVE-2020-16981
• CVE-2020-16982
• CVE-2020-16983
• CVE-2020-16984
• CVE-2020-16985
• CVE-2020-16986
• CVE-2020-16987
• CVE-2020-16988
• CVE-2020-16989
• CVE-2020-16990
• CVE-2020-16991
• CVE-2020-16992
• CVE-2020-16993
• CVE-2020-16994
• CVE-2020-16995

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201013. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4577668 Windows 10 Version 1809, Windows Server 2019
4577671 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4579311 Windows 10, version 2004
4580345 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4580346 Windows 10, version 1607, Windows Server 2016
4580347 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4580353 Windows Server 2012 (Security-only update)
4580358 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4580378 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4580382 Windows Server 2012 (Monthly Rollup)
4580385 Windows Server 2008 Service Pack 2 (Security-only update)
4580387 Windows 7, Windows Server 2008 R2 (Security-only update)
4581424 Exchange Server 2019, Exchange Server 2016, Exchange Server 2013








October 2020 Security Updates (microsoft.com)

 

November 2020 Security Updates


The November security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• Internet Explorer
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• ChakraCore
• Microsoft Exchange Server
• Microsoft Dynamics
• Microsoft Windows Codecs Library
• Azure Sphere
• Windows Defender
• Microsoft Teams
• Azure SDK
• Azure DevOps
• Visual Studio

Please note the following information regarding the security updates:

• See our blog detailing the benfits of the new Security Update Guide layout here.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• For information regarding enabling Windows 10, version 2004 features, please see Windows 10, version 20H2 delivery options. Note that Windows 10, versions 2004 and 20H2 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-16970 *
• CVE-2020-16979
• CVE-2020-16981 *
• CVE-2020-16982 *
• CVE-2020-16983 *
• CVE-2020-16984 *
• CVE-2020-16985 *
• CVE-2020-16986 *
• CVE-2020-16987 *
• CVE-2020-16988 *
• CVE-2020-16989 *
• CVE-2020-16990 *
• CVE-2020-16991
• CVE-2020-16992
• CVE-2020-16993
• CVE-2020-16994
• CVE-2020-16997
• CVE-2020-16999
• CVE-2020-17000
• CVE-2020-17004
• CVE-2020-17013
• CVE-2020-17017
• CVE-2020-17019
• CVE-2020-17020
• CVE-2020-17029
• CVE-2020-17030
• CVE-2020-17036
• CVE-2020-17045
• CVE-2020-17049 *
• CVE-2020-17056
• CVE-2020-17062
• CVE-2020-17063
• CVE-2020-17064
• CVE-2020-17065
• CVE-2020-17066
• CVE-2020-17067
• CVE-2020-17069
• CVE-2020-17071
• CVE-2020-17078 *
• CVE-2020-17079 *
• CVE-2020-17081 *
• CVE-2020-17082 *
• CVE-2020-17086 *
• CVE-2020-17101 *
• CVE-2020-17102 *
• CVE-2020-17105 *
• CVE-2020-17106 *
• CVE-2020-17107 *
• CVE-2020-17108 *
• CVE-2020-17109 *
• CVE-2020-17110 *
• CVE-2020-17113

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201110. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4486714 SharePoint Server 2019
4486717 SharePoint Server 2016
4586781 Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4586786 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4586793 Windows 10 Version 1809, Windows Server 2019
4586805 Windows 7, Windows Server 2008 R2 (Security-only update)
4586807 Windows Server 2008 (Monthly Rollup)
4586808 Windows Server 2012 (Security-only update)
4586817 Windows Server 2008 (Security-only update)
4586823 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4586827 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4586830 Windows 10, version 1607, Windows Server 2016
4586834 Windows Server 2012 (Monthly Rollup)
4586845 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4486714 SharePoint Server 2019
4486717 SharePoint Server 2016
4588741 Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019

https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov

 

December 2020 Security Updates


The December security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge for Android
• ChakraCore
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft Exchange Server
• Azure DevOps
• Microsoft Dynamics
• Visual Studio
• Azure SDK
• Azure Sphere

Please note the following information regarding the security updates:

• See our blog detailing the benefits of the new Security Update Guide layout here.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• For information regarding enabling Windows 10, version 2004 features, please see Windows 10, version 20H2 delivery options. Note that Windows 10, versions 2004 and 20H2 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-16996
• CVE-2020-17094
• CVE-2020-17095
• CVE-2020-17096
• CVE-2020-17098
• CVE-2020-17099
• CVE-2020-17115
• CVE-2020-17119
• CVE-2020-17120
• CVE-2020-17121
• CVE-2020-17122
• CVE-2020-17123
• CVE-2020-17124
• CVE-2020-17125
• CVE-2020-17126
• CVE-2020-17127
• CVE-2020-17128
• CVE-2020-17129
• CVE-2020-17130
• CVE-2020-17132
• CVE-2020-17133
• CVE-2020-17138
• CVE-2020-17140
• CVE-2020-17141
• CVE-2020-17142
• CVE-2020-17143
• CVE-2020-17144
• CVE-2020-17147
• CVE-2020-17148
• CVE-2020-17152
• CVE-2020-17153
• CVE-2020-17156
• CVE-2020-17158
• CVE-2020-17160

Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201208. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4592438 Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4592440 Windows 10 Version 1809, Windows Server 2019
4592449 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4592468 Windows Server 2012 (Monthly Rollup)
4592471 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4592484 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4592495 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4592497 Windows Server 2012 (Security-only update)
4592498 Windows Server 2008 (Monthly Rollup)
4592503 Windows 7, Windows Server 2008 R2 (Security-only update)
4592504 Windows Server 2008 (Security-only update)
4593226 Windows 10, version 1607, Windows Server 2016
4593465 Exchange Server 2019, Exchange Server 2016
4593466 Exchange Server 2013
4593467 Exchange Server 2010 Service Pack 3

December 2020 Security Updates - Release Notes - Security Update Guide - Microsoft