Microsoft Windows Security Updates January 2019 overview

Welcome to the first Microsoft Windows Patch Day overview of 2019. Microsoft released security updates for all supported client and server versions of the Windows operating system and other company products such as Microsoft Office on January 8, 2019.

We publish a monthly overview shortly after Microsoft's release on the second Tuesday of each month. The overview lists all released security updates with links to Microsoft Support articles, known issues, downloads, and other Patch Tuesday related information.

You can check out the December 2018 Patch Day overview here.

Note: As always, we recommend to back up the system before you install updates for Windows or any other program.

Microsoft Windows Security Updates January 2019

Click on the following link to download an Excel spreadsheet that includes data about all released security updates for Microsoft Windows versions and other Microsoft products. Just click on the following link to start the download: security-updates-microsoft-january-2019-windows.zip

Executive Summary

• Microsoft released security updates for all client and server versions of Windows.
• No critical vulnerabilities in Windows 8.1 and 7.
• Microsoft released security updates for Microsoft Edge, Internet Explorer, Adobe Flash Player, .NET Framework, Microsoft Office, Microsoft Exchange Server, and Microsoft Visual Studio
• Windows 10 version 1809 is in active distribution. Check out our guide on delaying feature updates for Windows 10 to avoid the installation.
• The Update Catalog lists 187 updates for January 2019.

Operating System Distribution

• Windows 7: 15 vulnerabilities of which 15 are rated important.
• Windows 8.1: 18 vulnerabilities of which 18 are rated important.
• Windows 10 version 1607:  23 vulnerabilities of which 1 is critical and 22 are important
  • CVE-2019-0551
• Windows 10 version 1703:  24 vulnerabilities of which 1 is critical and 23 are important
  • CVE-2019-0551
• Windows 10 version 1709: 24 vulnerabilities of which 1 is critical and 23 are important
  • CVE-2019-0551
• Windows 10 version 1803: 26 vulnerabilities of which 3 are critical and 23 are important
  • CVE-2019-0547
  • CVE-2019-0550
  • CVE-2019-0551
• Windows 10 version 1809: 25 vulnerabilities of which 2 are critical and 23 are important
  • CVE-2019-0550
  • CVE-2019-0551

Windows Server products

• Windows Server 2008 R2: 15 vulnerabilities of which 15 are important.
• Windows Server 2012 R2: 18 vulnerabilities of which 18 are important.
• Windows Server 2016: 23 vulnerabilities of which 1 is critical and 22 are important.
  • CVE-2019-0551
• Windows Server 2019: 25 vulnerabilities of which 2 are critical and 23 are important.
  • CVE-2019-0550
  • CVE-2019-0551

Other Microsoft Products

• Internet Explorer 11: 2 vulnerability, 1 critical, 1 important
  • CVE-2018-8653
• Microsoft Edge: 5 vulnerabilities, 4 critical, 1 important
  • CVE-2019-0539
  • CVE-2019-0565
  • CVE-2019-0567
  • CVE-2019-0568

Windows Security Updates

All Windows versions:

Starting with the January 2019 security updates, PowerShell remote endpoints cannot be configured anymore to work with non-administrator accounts.

Attempts to use non-admin accounts throws the following error after installation of the updates:

“New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”

Windows 10 version 1809

KB4480116

Security updates to Microsoft Edge, Internet Explorer, Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, Microsoft JET Database Engine, Windows Linux, Windows Virtualization, and the Microsoft Scripting Engine.

Windows 10 version 1803

Fixes a highly exploitable issue in Windows 10 version 1803; recommended to patch as early as possible. See Zero Day Initiative and Microsoft's guidance on the vulnerability.

KB4480966

• Security updates to Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, the Microsoft Scripting Engine, Windows Kernel, Windows Storage and Filesystems, Windows Virtualization, Windows Linux, Windows MSXML, and the Microsoft JET Database Engine .

Windows 10 version 1709

KB4480978

• Fixes an issue with esentutl /p which caused the repair to result in a "mostly empty database" which is corrupt and cannot be mounted.
• Security updates to Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, the Microsoft Scripting Engine, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Virtualization, Windows Linux, and the Microsoft JET Database Engine.

Windows 10 version 1703

KB4480973

• Security updates to Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, the Microsoft Scripting Engine, Windows Authentication, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Virtualization, Windows Linux, and Microsoft JET Database Engine

Windows 10 version 1607

KB4480961

• Security updates to Internet Explorer, Windows App Platform and Frameworks, the Microsoft Scripting Engine, Windows Kernel, Windows Hyper-V, Windows MSXML, and the Microsoft JET Database Engine.

Windows 8.1 and Windows Server 2012 R2

KB4480963 Monthly Rollup

• Protection against Speculative Story Bypass CVE-2018-3639 for AMD-based computers
• Security updates to Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

KB4480964 Security-only

• Same as Monthly Rollup

Windows 7 SP1 and Windows Server 2008 R2 SP1

Note: The updates may introduce issues with network shares.

KB4480970 Monthly Rollup

• Protection against Speculative Story Bypass CVE-2018-3639 for AMD-based computers
• Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

KB4480960 --  Security-only

• Same as Monthly Rollup

Other security updates

KB4483235 -- Windows 10 version 1809 and Windows Server 2019 -- Security update for Internet Explorer

KB4483234 -- Windows 10 version 1803 -- Security update for Internet Explorer

KB4483232 -- Windows 10 version 1709 -- Security update for Internet Explorer

KB4483230 -- Windows 10 version 1703 -- Security update for Internet Explorer

KB4483229 -- Windows 10 version 1607 and Windows Server 2016 -- Security update for Internet Explorer

KB4483187 -- Cumulative security update for Internet Explorer: December 19, 2018 -- fixes a remote code execution vulnerability.

KB4480059 -- Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4480051 -- Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4480054 -- Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4480055 -- Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4480057 -- Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2

KB4480058 -- Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4480061 -- Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012

KB4480062 -- Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008

KB4480063 -- Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4480064 -- Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2

KB4480070 -- Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4480071 -- Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4480072 -- Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4480074 -- Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2

KB4480075 -- Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4480076 -- Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4480077 -- Security Only Update for .NET Framework 4 on WES09 and POSReady 2009

KB4480083 -- Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012

KB4480084 -- Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008

KB4480085 -- Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4480086 -- Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2

KB4480957 -- Security Only Quality Update for Windows Server 2008

KB4480968 -- Security Monthly Quality Rollup for Windows Server 2008

KB4480965 -- Cumulative Security Update for Internet Explorer

KB4480972 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4480975 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4480979 -- Adobe Flash Player update

KB4481275 -- Security Update for WES09 and POSReady 2009

KB4481480 -- Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4481481 -- Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4481482 -- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4481483 -- Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4481484 -- Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4481485 -- Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4481486 -- Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4481487 -- Security Only Update for .NET Framework 2.0 for Windows Server 2008

KB4480056 -- Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809, Windows 10 Version 1803, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, and Windows 10

Notes

• ADV190001
• CVE-2019-0536
• CVE-2019-0537
• CVE-2019-0545
• CVE-2019-0549
• CVE-2019-0553
• CVE-2019-0554
• CVE-2019-0559
• CVE-2019-0560
• CVE-2019-0561
• CVE-2019-0569
• CVE-2019-0585
• CVE-2019-0588

Known Issues

Windows 10 version 1809 -- KB4480116

• Third-party applications may have difficulty authentication hotspots.

Windows 10 version 1803 -- KB4480966

• Same as Windows 10 version 1709
• Some users may not be able to pin web links to the Start Menu or Taskbar.
• After installing KB4467682, the cluster service may fail with 2245 (NERR_PasswordTooShort) if the Minimum Password Length policy is set to a value greater than 14 characters.KB4480966.

Windows 10 version 1709 -- KB4480978

Windows 10 version 1703 -- KB4480973

• Third-party applications may have difficulty authentication hotspots.
• Instantiation of SqlConnection can throw an exception.

Windows 10 version 1607 -- KB4480961

• Same as Windows 10 version 1709
• After installation of KB4467691, Windows may not start on "certain" Lenovo devices with less than 8 Gigabytes of RAM.
• After installing KB4467684, the cluster service may fail with 2245 (NERR_PasswordTooShort) if the Minimum Password Length policy is set to a value greater than 14 characters.KB4480966.
• After installation of the update on Windows Server 2016, Outlook instant searches may fail with "Outlook cannot perform the search".
• System Center Virtual Machine Manager (SCVMM) managed workloads are noticing infrastructure management issues after VMM refresh as the Windows Management Instrumentation (WMI) class around network port is being unregistered on Hyper-V hosts.

Windows 8.1 -- KB4480963

• Third-party applications may have difficulty authentication hotspots.

Windows 7 -- KB4480116

• Third-party applications may have difficulty authentication hotspots.

Security advisories and updates

ADV190001 | January 2019 Adobe Flash Update

Non-security related updates

KB4090007 -- Windows 10 version 1709 -- Intel Microcode updates around the following products (CPUs) have been revised

KB4091663 -- Windows 10 version 1703 -- Intel Microcode updates around the following products (CPUs) have been revised

KB4091664 -- Windows 10 version 1607 -- Intel Microcode updates around the following products (CPUs) have been revised

KB890830 -- Windows Malicious Software Removal Tool

Microsoft Office Updates

Microsoft released non-security updates for Office in the first week of January 2019.

The list of security updates released in January 2019 for Office is available here.

How to download and install the January 2019 security updates

Security updates are released via Windows Update for the majority of Home systems. All Home systems are set up to check for updates automatically and download these when discovered.

Administrators may run a manual check for updates to pick up the new releases early:

• Activate the Start Menu, e.g. by tapping on the Windows-key.
• Type Windows Update and select the tool from the list of results.
• Activate "check for updates" to run the manual update check.

Windows updates may be downloaded directly using third-party tools, e.g. Windows Update Minitool or wumgr, or Microsoft's Download Center. Links to the January 2019 cumulative updates are posted below.

Direct update downloads

Microsoft publishes all cumulative security updates and other updates on the Microsoft Update Catalog website. Direct download links are listed below.

Windows 7 SP1 and Windows Server 2008 R2 SP

• KB4480970 -- 2019-01 Security Monthly Quality Rollup for Windows 7
• KB4480960 -- 2019-01 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB4480963 -- 2019-01 Security Monthly Quality Rollup for Windows 8.1
• KB4480964 -- 2019-01 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

• KB4480961 -- 2019-01 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

• KB4480973 -- 2019-01 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

• KB4480978 -- 2019-01 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

• KB4480966 -- 2019-01 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

•  KB4480116 -- 2019-01 Cumulative Update for Windows 10 Version 1809

Additional resources