Welcome to the Microsoft Patch Day overview for May 2019. Microsoft released security updates and non-security updates for all supported versions of the Windows operating system -- client and server -- and other Microsoft products such as Microsoft Office on May 14, 2019.
Our overview provides you with information and resource links; we cover all major update releases for all Microsoft platforms, provide an overview of critical updates (which you may want to address quickly), operating system distribution statistics, and download instructions.
Microsoft plans to release the May 2019 Update for Windows 10 at the end of the month; check out this guide if you plan to update to the new feature update for Windows 10. If you take the disastrous Windows 10 version 1809 release into account, it is probably better to wait several months before you consider installing the update on production machines.
Note that there are some upgrade blocks in place currently that prevent the installation of the new update.
Microsoft Windows Security Updates May 2019
Download the following Excel spreadsheet (zipped) that lists the released security updates and information: security-updates-windows-microsoft-may-2019.zip
Executive Summary
- Microsoft released security updates for all supported versions of Windows.
- All versions of Windows are affected by CVE-2019-0903, a GDI+ Remote Code Execution Vulnerability critical vulnerability.
- Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708 , Remote Desktop Services Remote Code Execution Vulnerability
- Microsoft released a security update for Windows XP (KB4500331)
- All server versions affected by CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability.
- Server 2008 R2 only version affected by CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability.
- Other Microsoft products with security update releases: IE, Edge, Team Foundation Server, SQL Server, Azure, Skype for Android, Office, Visual Studio, Azure DevOps Server, .Net Framework and Core, ASP.NET Core, ChakraCore, NuGet.
- The Update Catalog lists 243 updates.
Operating System Distribution
- Windows 7: 23 vulnerabilities of which 2 are rated critical and 21 are rated important
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
- Windows 8.1: 23 vulnerabilities of which 1 is rated critical and 22 are rated important
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows 10 version 1703: 28 vulnerabilities of which 1 is critical and 27 are important
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows 10 version 1709: 29 vulnerabilities of which 1 is critical and 28 are important
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows 10 version 1803: 29 vulnerabilities of which 1 is critical and 28 are important
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows 10 version 1809: 29 vulnerabilities of which 1 is critical and 28 are important
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
Windows Server products
- Windows Server 2008 R2: 24 vulnerabilities of which 3 are critical and 21 are important.
- CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows Server 2012 R2: 24 vulnerabilities of which 2 are critical and 22 are important.
- CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows Server 2016: 28 vulnerabilities of which 2 are critical and 26 are important
- CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
- Windows Server 2019: 30 vulnerabilities of which 2 are critical and 28 are important.
- CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
- CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
Other Microsoft Products
- Internet Explorer 11: 8 vulnerability, 5 critical, 4 important
- CVE-2019-0884 | Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0911 | Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0918 | Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0929 | Internet Explorer Memory Corruption Vulnerability
- CVE-2019-0940 | Microsoft Browser Memory Corruption Vulnerability
- Microsoft Edge: 14 vulnerabilities, 11 critical, 3 important
- CVE-2019-0915 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0916 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0917 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0922 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0924 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0925 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0926 | Microsoft Edge Memory Corruption Vulnerability
- CVE-2019-0927 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0933 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0937 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0940 | Microsoft Browser Memory Corruption Vulnerability
Windows Security Updates
Windows 7 Service Pack 1
KB4499175 -- Security-only update
- Protections against a new subclass of speculative execution side-channel vulnerabilities (Microarchitectural Data Sampling)
- Addresses an issue that may prevent applications that rely on unconstrained delegation from authenticating after the Kerberos ticket-granting ticket (TGT) expires (the default is 10 hours).
- Security updates
KB4499164 -- Monthly Rollup
- Same as security-only update, and
- Fixed Excel display issue.
- Fixed Microsoft Visual Studio Simulator startup issue.
Windows 8.1
KB4499165 -- Security-only Update
- Protections against a new subclass of speculative execution side-channel vulnerabilities (Microarchitectural Data Sampling)
- Security updates
KB4499151 -- Monthly Rollup
- Same as Security-only update, and
- Fixed "Error 1309" issue with msi and msp files.
- Fixed Microsoft Visual Studio Simulator startup issue.
- Added uk.gov into HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.
- Fixed display issue in Excel.
Windows 10 version 1703
KB4499181
- Same as Windows 10 version 1809 with the exception of Retpoline, Simple Network Management Protocol Management Information Base registration, and the zone transfer issue.
Windows 10 version 1709
KB4499179
- Same as Windows 10 version 1809 with the exception of Retpoline and Simple Network Management Protocol Management Information Base registration
Windows 10 version 1803
KB4499167
- Same as Windows 10 version 1809 with the exception of Retpoline and Simple Network Management Protocol Management Information Base registration
Windows 10 version 1809
KB4494441
- Retpoline is enabled by default if protections against Spectre Variant 2 are enabled.
- Protections against a new subclass of speculative execution side-channel vulnerabilities (Microarchitectural Data Sampling)
- uk.gov added into the HTTP Strict Transport Security Top Level Domains for IE and Edge.
- Fixed the cause of Error 1309 when installing or removing certain msi or msp files on a virtual drive.
- Fixed an issue that prevented Microsoft Visual Studio Simulator from starting.
- Fixed an issue that could cause zone transfers between primary and secondary DNS servers over TCP to fail.
- Fixed an issue that could cause Simple Network Management Protocol Management Information Base registration to fail.
- Fixed a font issue in Microsoft Excel that could make text, layout, or cell sizes narrower or wider.
- Security updates.
Other security updates
KB4498206 -- Cumulative security update for Internet Explorer: May 14, 2019
KB4474419 -- SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: March 12, 2019
KB4495582 -- 2019-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4495584 -- 2019-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4495585 -- 2019-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
KB4495586 -- 2019-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
KB4495587 -- 2019-05 Security Only Update for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4495588 -- 2019-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4495589 -- 2019-05 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2
KB4495591 -- 2019-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4495592 -- 2019-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2
KB4495593 -- 2019-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4495594 -- 2019-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4495596 -- 2019-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4495602 -- 2019-05 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012
KB4495604 -- 2019-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008
KB4495606 -- 2019-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4495607 -- 2019-05 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012
KB4495608 -- 2019-05 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2
KB4495609 -- 2019-05 Security Only Update for .NET Framework 2.0 on Windows Server 2008
KB4495612 -- 2019-05 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4495615 -- 2019-05 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2
KB4495622 -- 2019-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4495623 -- 2019-05 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4495624 -- 2019-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4495625 -- 2019-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4495626 -- 2019-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4495627 -- 2019-05 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4497932 -- Adobe Flash Player Security Update
KB4498961 -- 2019-05 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4498962 -- 2019-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4498963 -- 2019-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4498964 -- 2019-05 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008
KB4499149 -- 2019-05 Security Monthly Quality Rollup for Windows Server 2008
KB4499158 -- 2019-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
KB4499171 -- 2019-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4499180 -- 2019-05 Security Only Quality Update for Windows Server 2008
KB4499406 -- 2019-05 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4499407 -- 2019-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4499408 -- 2019-05 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4499409 -- 2019-05 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008
KB4500331 -- Security Update for Windows Server 2003, Windows XP Embedded, and Windows XP
KB4494440 -- 2019-05 Cumulative Update for Windows 10 Version 1607
KB4495590 -- Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10
KB4495610 -- 2019-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607, and Windows Server 2016
KB4495611 -- 2019-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
KB4495613 -- 2019-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
KB4495616 -- 2019-05 Cumulative Update for .NET Framework 4.8 on Windows 10 Version 1803, and Windows Server 2016
KB4495618 -- 2019-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809
KB4495620 -- 2019-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 version 1903, and Windows Server 1903
KB4497398 -- 2019-05 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016
KB4498353 -- 2019-05 Servicing Stack Update for Windows 10
KB4498947 -- 2019-05 Servicing Stack Update for Windows 10 Version 1607, and Windows Server 2016
KB4499154 -- 2019-05 Cumulative Update for Windows 10
KB4499167 -- 2019-05 Dynamic Cumulative Update for Windows 10 Version 1809, and Windows Server 2016
KB4499405 -- 2019-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809, and Windows Server 2019
KB4499728 -- 2019-05 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019
KB4500109 -- 2019-05 Servicing Stack Update for Windows 10 Version 1903
KB4500640 -- 2019-05 Servicing Stack Update for Windows 10 Version 1703
KB4500641 -- 2019-05 Servicing Stack Update for Windows 10 Version 1709
Known Issues
See the linked KB articles for workarounds and additional information.
Windows 8.1 and Serve 2012 R2
- First two issues of Windows 10 version 1809.
- Monthly Rollup additionally: issue with Mcafee Endpoint Security software.
Windows 10 version 1703
- Second issue of Windows 10 version 1809 only.
Windows 10 version 1709
- Second issue of Windows 10 version 1809 only.
Windows 10 version 1803
- First two issues of Windows 10 version 1809.
Windows 10 version 1809
- Issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. Workaround available.
- Error STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5) when performing certain operations on files or files that are on a Cluster Shared Volume. Workaround available.
- Printing issue with error "Your printer has experienced an unexpected configuration problem. 0x80070007e" in Edge and UWP apps. Workaround available.
- Error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND" after installing KB4493509 with certain Asian language packs installed. Workaround available.
Security advisories and updates
ADV190012 | May 2019 Adobe Flash Security Update
ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities
ADV190014 | Listed but error page
Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Windows Server guidance to protect against speculative execution side-channel vulnerabilities
Non-security related updates
KB4494174 -- 2019-05 Update for Windows 10 Version 1809 (Intel microcode updates)
KB4494175 --2019-05 Update for Windows 10 Version 1607 (Intel microcode updates)
KB4494451 -- 2019-05 Update for Windows 10 Version 1803 (Intel microcode updates)
KB4494452 -- 2019-05 Update for Windows 10 Version 1709 (Intel microcode updates)
KB4494453 -- 2019-05 Update for Windows 10 Version 1703 (Intel microcode updates)
KB4494454 -- 2019-05 Update for Windows 10 Version 1507 (Intel microcode updates)
KB4497165 -- 2019-05 Update for Windows 10 Version 1903 (Intel microcode updates)
KB4498946 -- 2019-05 Dynamic Update for Windows 10 Version 1709 (Intel microcode updates)
KB890830 -- Windows Malicious Software Removal Tool - May 2019
Microsoft Office Updates
You find Office update information here.
How to download and install the May 2019 security updates
Home users may use Windows Update to download and install the updates, or install updates manually by downloading them directly from Microsoft.
It is not recommended to select the "check for updates" option manually on Windows PCs as you may install preview updates or feature updates when you use the option.
If you still want to do so, make sure you create a backup of important data -- better the entire system partition -- before you install updates.
- Open the Start Menu.
- Type Windows Update.
- Click on the "check for updates" button to run a manual check.
Third-party tools like Windows Update Manager, Windows Update MiniTool or Sledgehammer may be useful as well as you get more control over the update processes.
Direct update downloads
Most Windows devices are updated automatically either through Windows Update or other update management systems. Some users and organizations prefer to install updates manually. All cumulative updates can be downloaded from the Microsoft Update Catalog website. Below are links to all cumulative updates.
Windows 7 SP1 and Windows Server 2008 R2 SP
- KB4499164 -- 2019-05 Security Monthly Quality Rollup for Windows 7
- KB4499175 -- 2019-05 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4499151 -- 2019-05 Security Monthly Quality Rollup for Windows 8.1
- KB4499165 -- 2019-05 Security Only Quality Update for Windows 8.1
Windows 10 (version 1703)
- KB4499181 -- 2019-05 Cumulative Update for Windows 10 Version 1703
Windows 10 (version 1709)
- KB4499179 -- 2019-05 Cumulative Update for Windows 10 Version 1709
Windows 10 (version 1803)
- KB4499167 -- 2019-05 Cumulative Update for Windows 10 Version 1803
Windows 10 (version 1809)
- KB4494441 -- 2019-05 Cumulative Update for Windows 10 Version 1809
Additional resources
- May 2019 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History