- August 2019 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Microsoft Windows Security Updates August 2019 overview

Today is the August 2019 Patch Day over at Microsoft. The company released security and non-security updates for all supported versions of Microsoft Windows and other company products today.
We publish detailed information for system administrators, organizations, and interested home users on each Microsoft Patch Day. These cover links information and links to patches, the list of known issues, links to resource pages, and other relevant information to make educated updating decisions.
You can check out the July 2019 Update overview if you missed it.
Microsoft Windows Security Updates August 2019
The following Excel spreadsheet lists updates that Microsoft released for its products in August 2019. You can download it with a click on the following link: (Download Removed)
Executive Summary
- Microsoft released security updates for all client and server versions of Microsoft Windows. All systems are affected by multiple critical security vulnerabilities.
- Microsoft released updates for other products including Internet Explorer, Microsoft Edge, Visual Studio, Active Directory, Microsoft Office, and Microsoft Dynamics.
- Microsoft fixed the MIT Kerberos known issue for affected versions of Windows.
- The Microsoft Update Catalog lists 90 entries.
Operating System Distribution
- Windows 7: 39 vulnerabilities: 11 rated critical and 28 rated important
- CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
- CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability
- CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerabilit
- CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
- Windows 8.1: 39 vulnerabilities: 11 rated critical and 28 rated important
- same as Windows 7
- Windows 10 version 1709: 53 vulnerabilities: 13 critical and 40 important
- CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
- CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability
- CVE-2019-0965 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
- CVE-2019-1188 | LNK Remote Code Execution Vulnerability
- Windows 10 version 1803: 61 vulnerabilities: 15 critical and 46 important
- Same as Windows 10 version 1709 plus..
- CVE-2019-1222 | Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-1226 | Remote Desktop Services Remote Code Execution Vulnerability
- Windows 10 version 1809: 64 vulnerabilities: 14 critical and 50 important
- Same as Windows 10 version 1803 except CVE-2019-0736
- Windows 10 version 1903: 64 vulnerabilities: 13 critical and 51 important.
- Same as Windows 10 version 1803 except CVE-2019-0720 and CVE-2019-0736
Windows Server products
- Windows Server 2008 R2: 39 vulnerabilities: 11 critical and 28 important.
- CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
- CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability
- CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerabilit
- CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
- Windows Server 2012 R2: 40 vulnerabilities: 11 critical and 29 important.
- Same as Windows Server 2008 R2.
- Windows Server 2016: 50 vulnerabilities: 11 critical and 39 important
- Same as Windows Server 2008 R2.
- Windows Server 2019: 65 vulnerabilities: 14 critical and 51 are important.
- Same as Windows Server 2008 R2 plus
- CVE-2019-1212 | Windows DHCP Server Denial of Service Vulnerability
- CVE-2019-1226 | Remote Desktop Services Remote Code Execution Vulnerability
Other Microsoft Products
- Internet Explorer 11: 4 vulnerabilities: 2 critical, 2 important
- CVE-2019-1133 | Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1194 | Scripting Engine Memory Corruption Vulnerability
- Microsoft Edge: 9 vulnerabilities: 7 critical, 2 important
- CVE-2019-1131 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1139 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1140 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1141 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1195 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1196 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1197 | Chakra Scripting Engine Memory Corruption Vulnerability
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2 SP1
KB4512506 -- Monthly Rollup
KB4512486 -- Security-only update
- Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, Microsoft Scripting Engine, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, and Windows Server.
Windows 8.1 and Windows Server 2012 R2
KB4512488 -- Monthly Rollup
KB4512489 -- Security-only update
- Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Microsoft Scripting Engine, Windows MSXML, Internet Explorer, and Windows Server.
Windows 10 version 1709
KB4512516 -- Cumulative Update
- Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
- Security updates to Windows Wireless Networking, Windows Storage and Filesystems, Windows App Platform and Frameworks, Microsoft Scripting Engine, Microsoft Edge, Windows Server, Windows MSXML, the Microsoft JET Database Engine, Windows Datacenter Networking, Windows Virtualization, Windows Cryptography, Windows Input and Composition, and Internet Explorer.
Windows 10 version 1803
KB4512501 -- Cumulative Update
- Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
- Security updates to Windows Wireless Networking, Windows Storage and Filesystems, Windows App Platform and Frameworks, Windows Datacenter Networking, Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, Windows Server, Microsoft Scripting Engine, Windows Cryptography, Windows Server, Windows Virtualization, Microsoft Edge, and Windows Shell.
Windows 10 version 1809 and Windows Server 1809
KB4511553 -- Cumulative Update
- Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
- Fixed an issue with an Windows Server Update Services console user interface exception that occurred when expanding the Computers directory.
- Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Scripting Engine, Internet Explorer, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Datacenter Networking, the Microsoft JET Database Engine, Windows Server, Windows Kernel, Windows MSXML, and Microsoft Edge.
Windows 10 version 1903 and Windows Server 1903
KB4512508 -- Cumulative Update
- Fixed the MIT Kerberos realms issue that prevented devices from starting up or caused them to continue restarting.
- Security updates to Windows App Platform and Frameworks, Windows Storage and Filesystems, Microsoft Scripting Engine, Windows Input and Composition, Windows Wireless Networking, Windows Cryptography, Windows Datacenter Networking, Windows Virtualization, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Linux, Windows Kernel, Windows Server, Windows MSXML, Internet Explorer, and Microsoft Edge.
Other security updates
KB4511872 -- Cumulative security update for Internet Explorer: August 13, 2019
KB4474419 -- SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: August 13, 2019
KB4512476 -- Windows Server 2008 SP2 Monthly Rollup
KB4512491 -- Windows Server 2008 SP2 Security-Only Update
KB4512518 -- Windows Server 2012 and Windows Embedded 8 Standard Monthly Rollup
KB4512482 -- Windows Server 2012 and Windows Embedded 8 Standard Security-Only Update
Known Issues
Windows 7 and Server 2008 R2
- Devices that use Preboot Execution Environment may fail to start.
- IA64 devices may fail to start. Solution: install KB4474419 .
- Systems with Symantec or Norton software installed may block or delete Windows updates which causes Windows to stop working or fail to start. Upgrade block is in place. Symantec support article for the issue.
Windows 8.1 and Server 2012 R2
- Certain operations on Cluster Shared Volumes fail.
- Devices that use Preboot Execution Environment may fail to start.
Windows 10 version 1709
- Same as Windows 8.1 and Server 2012 R2
Windows 10 version 1803
- Same as Windows 8.1 and Server 2012 R2, plus..
- Black screen on first startup after installing updates.
Windows 10 version 1809 and Server 1809
- Same as Windows 1803, plus..
- Issue on systems with Asian language packs installed.
- Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.
Windows 10 version 1903 and Server 1903
- Windows Sandbox may fail to start.
- Devices that use Preboot Execution Environment may fail to start.
Security advisories and updates
ADV190014 | Microsoft Live Accounts Elevation of Privilege Vulnerability
Non-security related updates
KB4087513 -- Microsoft .NET Framework 4.8 Language Packs for Windows Embedded 8 Standard and Windows Server 2012
KB4087514 -- Microsoft .NET Framework 4.8 Language Packs for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4087515 -- Microsoft .NET Framework 4.8 Language Packs for Windows Server 1903, Windows 10 Version 1903, Windows Server 2019, Windows 10 Version 1809, Windows 10 Version 1803, Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, and Windows 10 Version 1507
KB4087642 -- Microsoft .NET Framework 4.8 Language Packs for Windows Server 1903, Windows 10 Version 1903, Windows Server 2019, Windows 10 Version 1809, Windows 10 Version 1803, Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, and Windows 10 Version 1507
KB4486081 -- Microsoft .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4486105 -- Microsoft .NET Framework 4.8 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4486129 -- Microsoft .NET Framework 4.8 for Windows Server 1703, Windows Server and Windows 10 Version 1607
KB4486153 -- Microsoft .NET Framework 4.8 for Windows Server 1903, Windows 10 Version 1903, Windows Server 2019, Windows 10 Version 1809, Windows 10 Version 1803, Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, and Windows 10 Version 1507
KB4497410 -- Microsoft .NET Framework 4.8 Language Packs for Windows 7 and Server 2008 R2
KB4503548 -- Microsoft .NET Framework 4.8 for Windows 7 and Windows Server 2008 R2
KB4511552 -- 2019-08 Dynamic Update for Windows 10 Version 1809
KB890830 -- Windows Malicious Software Removal Tool - August 2019
KB4505903 -- Windows 10 version 1903 and Windows Server version 1903
KB4505658 -- Windows 10 version 1809 and Windows Server 1809
KB4507466 -- Windows 10 version 1803
KB4507465 -- Windows 10 version 1709
KB4507467 -- Windows 10 version 1703
Microsoft Office Updates
You find Office update information here.
How to download and install the August 2019 security updates
Home computer systems running Windows are configured to download and install updates automatically. It is recommended to wait with the installation of updates or create backups of the system before updates are installed; updates may introduce issues of their own on systems including major issues that may prevent PCs from booting into Windows.
You may run manual checks for updates to speed up the installation of the new updates
- Tap on the Windows-key, type Windows Update, and select the result.
- A click on "check for updates" runs a manual check. Updates may be installed automatically or on user request depending on system settings.
Another option that you have is to download the updates manually from the Microsoft Update Catalog website.
Direct update downloads
Windows 7 SP1 and Windows Server 2008 R2 SP
- KB4512506 -- 2019-08 Security Monthly Quality Rollup for Windows 7
- KB4512486 -- 2019-08 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4512488 -- 2019-08 Security Monthly Quality Rollup for Windows 8.1
- KB4512489Â -- 2019-08 Security Only Quality Update for Windows 8.1
Windows 10 (version 1803)
- KB4512501 -- 2019-08 Cumulative Update for Windows 10 Version 1803
Windows 10 (version 1809)
- KB4511553 -- 2019-08 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1903)
- KB4512508 -- 2019-08 Cumulative Update for Windows 10 Version 1903
Additional resources

looks like “Shell Input Application” is used for Remote Access software that utilizes the RDP Protocol.
I wish M$ would make the Firewall uninstallable.
Now the embedded that garbage so deep they made stopping certain Firewall Rules faded out.
Just stupid.
On the Servers and Workstation, M$ make this garbage removable.
Everyone has firewalls on their ISP’s Router or personal Routers.
Dumbest thing M$ ever did was integrating that Firewall
I just (automatically) got this (KB4512508).
It created 28 new allow rules in my firewall. To me this opened 28 new holes in my security instead of improving it.
For example “Shell input application” – Any address local or remote, any domain, any port local or remote, any protocol, all interface types, applies to all programs and services.
First, WTF is “Shell Input Application”? Of course M$ can’t name it actually what is /rolleyes. Simply put, it’s Touchscreen.
Well, I have no touchscreen, never have, never will, (and will never use most of the other 27 things M$ feels need internet access) so why does M$ feel this needs a firewall rule?
After January 2020, Windows 7 updates won’t cause any trouble.
does the world end then ?
At least for some people cause the support for win 7 ends.
Installing Windows updates in August was never a good idea. It’s vacation season in Redmond and the script kiddies run the show while the geeks zip water at the beach.
Final update – 4512506 is a fail. This time with the recovery partition in place and the proper uefi setup it auto-reverted successfully but I can’t keep *506 installed despite it reporting installed and rebooting. It’s wiping out my bcd for whatever reason IIAC. HudsonD4-W7P64 on Samsung 850 pro uefi boot mode.
I got it down to a single update that fails. All in a day’s waste.
Update : One of my issues = Wupdate was not offering me the SSU servicing stack update = kb4490628, which is supposed to be automatic but for me wasn’t. So I did it manually, which allowed the August rollup to be installed, but only after I’d installed all the other rollups which weren’t immediately visible. Before I installed the SSU I went through the “optional” updates, which weren’t actually optional really considering “critical” updates were not being shown unless they were installed, (such as the 2048-bit encryption update for one, probably 6-8 in all) which then “unlocked” the critical rollups in between, which eventually (with the SSU update) allowed the final new rollup.
Whew. Oh yeah, and this one booted me into a WinXP/PE setup to “repair” my boot volume – only this time it worked, and I can boot, but it also unlocks THREE MORE “important” updates !!!
TLDR: The Wupdate dependency chain is borked for Win7 AFAIK, you shouldn’t be installing “optional” updates to unlock “critical” security update rollups, even in an EOL OS!
After installing kb4512486, my Windows 7 (home premium edition) desktop doesn’t boot anymore:
https://support.hp.com/us-en/product/hp-pavilion-hpe-h9-1200-phoenix-desktop-pc-series/5258492/model/5286948
Fortunately, I was as able to retrieve my important files using a Linux live DVD.
kb4512506 refuses to install, fails with error 80092004.
This is on a clean install of 7 x64 and all other critical updates are installed one after another.
I’m on 2.5″ SATA SSD with uefi setup. (Not nvme.)
I guess I should be happy the update is failing as opposed to spending another 1/2 day trying to revert and failing.
The august update KB4511553 is shown here for 1809 but no download is done. I have tried all possible fixing solutions offered around the web with no success at all. Such a mess every month.
Manually installed and update problem solved, thank you @Yuliya, I read your post too late. :)
Manual updates never failed on me :)
looks like updates KB4512486 AND KB4512506 kills Windows 7 with nvme SSD drives. two out of ~100 pc’s won’t boot with these updates installed, and only these two has nvme SSD as boot drives.
tried to remove both and install separately – it’s enough one of these patches to kill Windows 7 machine.
Yeah, I’d rather take my chances with “vulnerabilities” in the wild, than open the door to the system slayer known as Windows Update.
Ridiculous, ended up reinstalling windows 7 (p64) because could not get gpt repaired trying about 15 different methods. 1 of the 3 updates I casually installed (like an idiot) somehow wiped out my c:/boot directory entirely. Bcd gone like it was never there. 3 updates all finished and rebooted as usual, nothing weird to userland. The usual bcd/bootrec/fixmbr etc repairs did not work because they require boot/cbd to be there to be repaired.
“Windows installations discovered : 0”
PITA rabbithole, waste of half a day.
That’s the last time I run windows updates without cloning, this is getting ridiculous. This whole year has been nuts.
The piece says,
Known Issues
Windows 7 and Server 2008 R2
Devices that use Preboot Execution Environment may fail to start.
IA64 devices may fail to start. Solution: install KB4474419 .
Systems with Symantec or Norton software installed may block or delete Windows updates which causes Windows to stop working or fail to start. Upgrade block is in place. Symantec support article for the issue.”
However the “Symantec support article” only refers to users of their product “Symantec Endpoint Protection”. I’m using a less comprehensive product called “Norton Security” on my Windows 7 SP-1×64 system; nonetheless, I wasn’t offered the update.
It is remarkable that KB4023057 (https://support.microsoft.com/en-us/kb/4023057/) is showing up even if hidden previously. Apparently, Microsoft cannot resist to forcibly install crapware. Anyone who has hidden that one should hide it again and wait until Windows Update fetches updates again!
Hi the Windows Security Updates and Known Issues sections of the article don’t contain sections for Windows Server 2016, is that because they are just the same as the server 2012 R2 Critical and important vulnerabilities ?
There’s no items for Server 2016 in Windows Security Updates and Known Issues ? or are they just for server 2012 RF2 repeated therefore omitted ?
>SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: August 13, 2019
Is it different than the one released in June?
I have updated LTSC1809, manually. All seems well. No new SSU since last update, it’s the same released in July.
Speaking of WinUpdate and 1809, regarding that USB-C issue which would delay restarts/sleep and what not if you had anything connected through such a port: I have tested on my laptop, I connected through Tunderbolt 3 both an audio dongle and a portable HDD, and my laptop behaves normally. Shuts down and goes to sleep, and boots, in the expected amount of time.
Oh, No, not again!
All these vulnerabilities; are they designed in for job security? Kinda pathetic.
Win7 64 – did 3 updates, reboot, Windows no longer boots. Regular old platter hd, works fine as I can get to data booting from usb and chkdsk and sfc both report no problems. Was using ahci mode in bios and not the uefi secure boot setup. Unknown issue at this time. Boot drive Mbr repair is probably my next step. I will report back if I figure it out.
@7 troubles,
This can happen in you have either Symantec or Norton AV installed apparently. For details see: https://www.bleepingcomputer.com/news/microsoft/windows-7-sha-2-updates-blocked-if-symantec-norton-avs-installed/
Thanks again Sir for the heads-up Mr Martin, You’re a good man for exposin this again
Sure is a lot of remote code Vulnerabilities
and I don’t think Win7 ever came loaded with
Hyper-V either…anyone else see what i’m seein
Windows 7: CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability
It looks like Flash Player died in the 1903 version for M$. Still in version 32.0.0.207. Already in version 32.0.0.238 for Firefox and Chrome.
Flash Player from M$ still stuck with KB4503308 (32.0.0.207) for all Win10 versions [that includes v1507 to v1809] except v1511, JJ. that’s bcuz Adobe didn’t give M$ the .238 files and .238 is once again a non-security release
Thanks for explanation EP. :)
Thanks Martin,
Much appreciated like every mouth.
It stays a ferry helpful guide in the monthly windows update forest. What more and more start the looks like the Nottingham forest, around the time 13th/14th century AD.
Please keep up the good work.
* Update to my previous post *
Well it would appear that the certificate has been issued to *clo.footprintdns.com which appears to be a tracker owned by Microsoft: https://whotracks.me/trackers/footprintdns.com.html so I guess it’s safe though a little misconcerting. https://whotracks.me/trackers/footprintdns.com.html
Amazing that the actual download link to Windows 8.1 security only patch takes place via an http link. The actual error is SSL_ERROR_BAD_CERT_DOMAIN since it’s only applicable to a handful of akamai sites.
I tried adding the “s” to the URL at http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/08/windows8.1-kb4512489-x64_be2ed8f4ee800d8c39e5025c5d95808858077c05.msu but Waterfox still displays the warning that the site isn’t secure.
So much for security eh Microsoft?