by Martin Brinkmann on April 09, 2019 in Companies, Microsoft – 4 comments
Microsoft released security updates for supported versions of Windows and other company today on the April 9, 2019 Patch Tuesday.
Updates are provided in various ways: via Windows Update, as direct downloads, and through Enterprise updating systems.
Our monthly overview of Microsoft’s Patch Day offers detailed information on updates, additional information that is relevant, and links to supported articles.
It starts with an executive summary, and is followed by the statistics, the list of released updates, known issues, and direct download links.
You can check out last month’s Patch Day in case you have missed it. As always, it is recommended that systems are backed up before new patches are installed. Note that some users had troubles installing the last cumulative update for Windows 10 version 1809; you can check a possible fix for System Service Exception blue screens here.
Microsoft Windows Security Updates April 2019
Download the following Excel spreadsheet listing security updates and related information for updates that Microsoft released in April 2019. Click on the following link to download the spreadsheet to your local system: microsoft-windows-security-updates-april-2019.zip
Executive Summary
- Windows 10 version 1607 reached end of support for Enterprise and Education customers today.
- Windows 10 version 1709 reached end of support for Home, Pro and Pro for Workstations today.
- Microsoft released security updates for all client and server versions of Windows.
- Other Microsoft software with security updates: Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Windows Admin Center, Microsoft Office
- Microsoft fixed many long standing known issues.
- The Update Catalog lists 133 updates.
Operating System Distribution
- Windows 7: 29 vulnerabilities of which 6 are rated critical and 23 are rated important (links see W10 1809)
- CVE-2019-0791 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0792 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0793 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0795 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability
- CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability
- Windows 8.1: 31 vulnerabilities of which 7 are rated critical and 24 are rated important (links see W10 1809)
- CVE-2019-0790 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0791 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0792 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0793 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0795 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability
- CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability
- Windows 10 version 1607: 33 vulnerabilities of which 7 are critical and 26 are important
- critical issues same as W10 1809 except for CVE-2019-0786 which is not listed.
- Windows 10 version 1703: 35 vulnerabilities of which 7 are critical and 28 are important
- critical issues same as W10 1809 except for CVE-2019-0786 which is not listed.
- Windows 10 version 1709: 37 vulnerabilities of which 8 are critical and 29 are important
- critical issues same as W10 1809
- Windows 10 version 1803: 37 vulnerabilities of which 8 are critical and 29 are important
- critical issues same as W10 1809
- Windows 10 version 1809: 36 vulnerabilities of which 8 are critical and 28 are important
- CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability
- CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability
- CVE-2019-0795 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0793 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0792 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0791 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0790 | MS XML Remote Code Execution Vulnerability
- CVE-2019-0786 | SMB Server Elevation of Privilege Vulnerability
Windows Server products
- Windows Server 2008 R2: 29 vulnerabilities of which 6 are critical and 23 are important.
- same as Windows 7
- Windows Server 2012 R2: 31 vulnerabilities of which 7 are critical and 24 are important.
- critical issues same as W10 1809 except CVE-2019-0786 which is not listed.
- Windows Server 2016: 33 vulnerabilities of which 7 are critical and 26 are important
- critical issues same as W10 1809 except CVE-2019-0786 which is not listed.
- Windows Server 2019: 36 vulnerabilities of which 8 are critical and 28 are important.
- Critical issues same as W10 1809
Other Microsoft Products
- Internet Explorer 11: 5 vulnerability, 1 critical, 4 important
- Microsoft Edge: 9 vulnerabilities, 7 critical, 2 important
Windows Security Updates
Windows 7 Service Pack 1
KB4493446 — Monthly Rollup
- Provides protections against Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) for VIA-based computers.
- Fixes an issue with MSXML6 that could cause programs to stop responding.
- Fixed an issue with the Group Policy Editor that caused it to stop responding when editing Group Policy Preferences for Internet Explorer 10 Internet settings.
- Fixed an issue with Custom URI schemes for Application Protocol Handlers.
- Fixed an authentication issue in Internet Explorer 11 and other apps that use WININET.DLL.
- Security updates for various components.
KB4493467 — Security-only Update
- Same as the Monthly rollup except the Custom URI schemes fix (not listed)
Windows 8.1
Monthly rollups won’t include PciClearStaleCache.exe anymore starting with this update. Microsoft advises that administrators make sure that updates between April 20, 2018 and March 12, 2019 are installed prior to installing this update and future monthly rollup updates to make sure that the program is on the system.
The following symptoms may be experienced if the file is not available:
- Existing NIC definitions in control panel networks may be replaced with a new Ethernet Network Interface Card (NIC) but with default settings. Any custom settings on the previously NIC persist in the registry but were unused.
- Loss of static IP address settings.
- Network Flyout does not display certain Wi-Fi profile settings.
- Disabling of Wi-Fi network adapters.
KB4493472 — Monthly Rollup
- Provides protections against Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) for VIA-based computers.
- Fixed an issue that caused the error “0x3B_c0000005_win32k!vSetPointer”.
- Fixed the netdom.exe error “The command failed to complete successfully” appears.
- Fixed the Custom URI Schemes issue.
- Fixed the WININET.DLL issue.
- Security updates
KB4493448 — Security only update
- Same as monthly rollup except for error “0x3B_c0000005_win32k!vSetPointer” and Custom URI Schemes.
Windows 10 version 1607
KB4493470
- Fixed several known issues.
- Fixed an issue to meet GB18030 certificate requirements.
- Security updates.
Windows 10 version 1703
KB4493474
- Fixed several known issues
- Security Updates
Windows 10 version 1709
KB4493441
- Fixed several known issues
- Security Updates
Windows 10 version 1803
KB4493464
- Fixed several known issues
- Addresses a stop error that occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.
- Security updates.
Windows 10 version 1809
KB4493509
- Fixed several known issues including EUDC blue screen, MXSML6 stop responding, Group Policy Editor stops responding, WININET.DLL
- Security updates
Other security updates
KB4493435 — Cumulative Security Update for Internet Explorer
KB4491443 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493448 — Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4493450 — Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
KB4493451 — Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4493458 — Security Only Quality Update for Windows Server 2008
KB4493471 — Security Monthly Quality Rollup for Windows Server 2008
KB4493472 — Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4493478 — Security Update for Adobe Flash Player
KB4493563 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493730 — Security Update for Windows Server 2008
KB4493790 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493793 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493794 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493795 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493796 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493797 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4493927 — Information disclosure vulnerability in Windows Embedded POSReady 2009
KB4494059 — Remote code execution vulnerability in Windows Embedded POSReady 2009
KB4494528 — You receive an Error 1309 message when you install an .msi file on Windows Embedded POSReady 2009
KB4495022 — Information disclosure vulnerability in Windows Embedded POSReady 2009
Known Issues
Windows 7 Service Pack 1
After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. Workarounds available.
Windows 8.1
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires. Workarounds available.
Windows 10 version 1607
For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.
And the Windows 7 SP1 issue.
Windows 10 version 1607 and newer
After installing the Internet Explorer cumulative update, custom URI schemes for application protocol handlers may not work properly in Internet Explorer. Workaround available.
Windows 10 version 1803
Same as Windows 7 SP1
Windows 10 version 1809, Windows Server 2016
Same as Windows 7 SP1
Security advisories and updates
ADV190011 | April 2019 Adobe Flash Security Update
ADV990001 | Latest Servicing Stack Updates
Non-security related updates
KB4487990 — Update for POSReady 2009
KB890830 — Windows Malicious Software Removal Tool – April 2019
Microsoft Office Updates
You find a list of all released updates for Microsoft Office — security and non-security – here.
How to download and install the April 2019 security updates
Windows Updates get installed automatically on Home systems by default. You can block or delay the installation of updates on these systems.
It is not recommended to run a manual check for updates as it may lead to the installation of preview updates or feature updates, but you may do so in the following way:
- Open the Start Menu.
- Type Windows Update.
- Click on the “check for updates” button to run a manual check.
You may use third-party tools like the excellent Windows Update Manager or Windows Update Minitool to download updates.
Direct update downloads
Microsoft makes available all cumulative updates that it releases for Windows as direct downloads on the Microsoft Update Catalog website. Follow the links listed below to go there for the listed version of Windows.
Windows 7 SP1 and Windows Server 2008 R2 SP
- KB4493472 — 2019-04 Security Monthly Quality Rollup for Windows 7
- KB4493448 — 2019-04 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4493446 — 2019-04 Security Monthly Quality Rollup for Windows 8.1
- KB4493467 — 2019-04 Security Only Quality Update for Windows 8.1
Windows 10 and Windows Server 2016 (version 1607)
- KB4493470 — 2019-04 Cumulative Update for Windows 10 Version 1607
Windows 10 (version 1703)
- KB4493474 — 2019-04 Cumulative Update for Windows 10 Version 1703
Windows 10 (version 1709)
- KB4493441 — 2019-04 Cumulative Update for Windows 10 Version 1709
Windows 10 (version 1803)
- KB4493464 — 2019-04 Cumulative Update for Windows 10 Version 1803
Windows 10 (version 1809)
- KB4493509 — 2019-04 Cumulative Update for Windows 10 Version 1809
Additional resources
- April 2019 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History