Today is the second Tuesday of the month, meaning that it's Patch Tuesday, the day that all supported versions of Windows get updated. On the Windows 10 side of things, that includes versions 1507, 1607, 1703, 1709, 1803, 1809, and 1903. In other words, it's all versions except for 1511.
If you're on the latest version, 1903 (the Windows 10 May 2019 Update), you'll get KB4503293, bringing the build number to 18362.175. You can manually download it here, and it contains the following fixes:
Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
Security updates to Windows Virtualization, Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Storage and Filesystems, Windows SQL Components, the Microsoft JET Database Engine, and Internet Information Services.
There's one known issue to be aware of:
Symptom | Workaround |
---|---|
Windows Sandbox may fail to start with "ERROR_FILE_NOT_FOUND (0x80070002)" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903. | Microsoft is working on a resolution and will provide an update in an upcoming release. |
Those that are still on the Windows 10 October 2018 Update, or version 1809, will get KB4503327, bringing the build number to 17763.557. It's available for HoloLens as well. You can manually download it here, and it contains the following fixes:
Addresses an issue that may prevent the Windows Mixed Reality keyboard from rendering correctly in some applications.
Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Adds updated Broadcom Wi-Fi firmware to Microsoft HoloLens. For more information, see Advisory 190016.
Addresses an issue that may prevent Internet Explorer 11 from opening if the Default Search Provider is not set or is malformed.
Security updates to Microsoft Scripting Engine, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows SQL components, the Microsoft JET Database Engine, Windows Virtualization, Windows Kernel, and Internet Information Services.
This update also has several known issues:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive the error, "Your printer has experienced an unexpected configuration problem. 0x80070007e." |
You can use another browser, such as Internet Explorer to print your documents. Microsoft is working on a resolution and will provide an update in an upcoming release. |
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." |
Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
If you're still on the Windows 10 April 2018 Update, or version 1803, you'll get KB4503286, bringing the build number to 17134.829. You can manually download it here and it contains the following fixes:
Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Addresses an issue that may prevent Internet Explorer 11 from opening if the Default Search Provider is not set or is malformed.
Security updates to Microsoft Scripting Engine, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services Windows SQL components, and the Microsoft JET Database Engine .
This one only has one known issue:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
It's worth noting that the updates for versions 1709, 1703, and 1507 also have this issue.
If you're on the Windows 10 Fall Creators Update, or version 1709, you'll see KB4503284, bringing the build number to 16299.1217. It's worth noting that only Enterprise and Education SKUs are supported. You can manually download it here, and it contains the following fixes:
Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
Addresses an issue that may prevent Internet Explorer 11 from opening if the Default Search Provider is not set or is malformed.
Security updates to Microsoft Edge, Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, and the Microsoft JET Database Engine.
If you're on the Windows 10 Creators Update, or version 1703, you'll get KB4503279, bringing the build number to 15063.1868. You can manually download it here, and it has the exact same changelog as the previously mentioned update. Like version 1709, only Enterprise and Education SKUs are supported.
If you're on the Windows 10 Anniversary Update, or version 1607, you'll get KB4503267, and that brings the build number to 14393.3025 for those on the Long-Term Servicing Channel and Windows Server 2016 customers. You can manually download it here, and it contains the following fixes:
Addresses an issue that may cause authentication to fail when using Windows Hello for Business on Windows Server 2016 with the Server Core option installed.
Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Addresses an issue that may prevent Internet Explorer 11 from opening if the Default Search Provider is not set or is malformed.
Security updates to Microsoft Edge, Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, and the Microsoft JET Database Engine.
It also contains several known issues:
Symptom | Workaround |
---|---|
For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update. Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts. |
|
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. |
Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. |
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. |
Do one of the following:
|
After installing this update and restarting, some devices running Windows Server 2016 with Hyper-V enabled may enter Bitlocker recovery mode and receive an error, "0xC0210000". Note Windows 10, version 1607 may also be affected when Bitlocker and Hyper-V are enabled. |
For a workaround for this issue, please see KB4505821. Microsoft is working on a resolution and will provide an update in an upcoming release. |
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of this update on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY. |
You can use the Allow-From value of the header if the IFRAME is only accessing pages from a single-origin URL. On the affected server, open a PowerShell window as an administrator and run the following command: set-AdfsResponseHeaders -SetHeaderName X-Frame-Options -SetHeaderValue "allow-from https://example.com" Microsoft is working on a resolution and will provide an update in an upcoming release. |
Finally, those on the original version of Windows 10, 1507, will get KB4503291, bringing the build number to 10240.18244. It's available for LTSC customers. You can manually download it here, and it contains the following fixes:
Addresses an issue to set the date separator properly in the Japanese short date format. For more information, see KB4469068.
Updates time zone information for Morocco.
Updates time zone information for the Palestinian territories.
Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
Addresses an issue with the HTTP and HTTPS string character limit for URLs when using Internet Explorer.
Security updates to Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, Windows SQL components, and the Microsoft JET Database Engine.
As you can see, today's updates weren't too heavy on the fixes. Those tend to come through the optional updates in the middle of the month.
13 Comments - Add comment