Microsoft is releasing today new “Patch Tuesday” updates for all supported versions of Windows 10, including the freshly released May 2019 update (or version 1903). If you have already installed the latest feature update, you can now download the build 18362.175 (KB4503293), which includes the following fixes:
- Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
- Security updates to Windows Virtualization, Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Storage and Filesystems, Windows SQL Components, the Microsoft JET Database Engine, and Internet Information Services.
For users still running Windows 10 version 1809 (or the October 2018 Update), the build 17763.557 (KB4503327) is now waiting for you with the following improvements and fixes:
- Addresses an issue that may prevent the Windows Mixed Reality keyboard from rendering correctly in some applications.
- Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
- Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
- Adds updated Broadcom Wi-Fi firmware to Microsoft HoloLens. For more information, see Advisory 190016.
- Addresses an issue that may prevent Internet Explorer 11 from opening if the Default Search Provider is not set or is malformed.
- Security updates to Microsoft Scripting Engine, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows SQL components, the Microsoft JET Database Engine, Windows Virtualization, Windows Kernel, and Internet Information Services.
In case you’re still running the even older version 1803 of Windows 10 (aka the April 2018 Update), you can now download the build 17134.829 (KB4503286). Here are the quality and security fixes included in this update:
- Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection….”, then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
- Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
- Addresses an issue that may prevent Internet Explorer 11 from opening if the Default Search Provider is not set or is malformed.
- Security updates to Microsoft Scripting Engine, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Shell, Windows Server, Windows Authentication, Windows Cryptography, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services Windows SQL components, and the Microsoft JET Database Engine .
Keep in mind that Windows 10 version 1803 will no longer be supported for Home and Pro users after November 2019. Starting this month, Microsoft will start migrating you to a more recent version of Windows 10 to keep your devices secure, and the company will now automatically initiate a feature update when Windows 10 PCs are within several months of reaching end of service.
