Microsoft Windows Security Updates April 2020 overview

Apr 14, 2020

Updated • Apr 30, 2020

Companies, Microsoft, Windows, Windows Updates

Welcome to the overview for Microsoft's April 2020 Patch Day; Microsoft released security updates for all supported versions of the Windows operating system -- client and server -- as well as other company products such as Microsoft Office.

Our overview provides you with links and information that you may use to better understand the releases. It includes links to direct downloads, the list of known issues according to Microsoft, an overview of critical security issues, the operating system distribution of vulnerabilities, and more.

Feel free to check out the March 2020 Patch Day overview here.

Microsoft Windows Security Updates April 2020

You may download the following Excel spreadsheet to get a full list of all security updates that Microsoft released on the April 2020 Patch Day. Just click on the following link to download the spreadsheet to your system: microsoft-windows-security-updates-april-2020

Executive Summary

Microsoft released security updates for all supported versions of Windows.
Security updates are also available for Microsoft Edge, Internet Explorer, Microsoft Office, Windows Defender, Visual Studio, Microsoft Dynamics, Microsoft Apps for Android and Mac.
New msi application installation issue for domain devices on some versions of Windows.

Operating System Distribution

Windows 7Â (extended support only): 37 vulnerabilities: 5 critical and 32 important
- CVE-2020-0907 | Microsoft Graphics Components Remote Code Execution Vulnerability
- CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2020-0938 | Adobe Font Manager Library Remote Code Execution Vulnerability
- CVE-2020-1020 | Adobe Font Manager Library Remote Code Execution Vulnerability
- CVE-2020-0965 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Windows 8.1: 39 vulnerabilities: 3 rated critical and 52 rated important
- same as Windows 7
Windows 10 version 1803: 60 vulnerabilities: 6 critical and 54 important
- CVE-2020-0907 | Microsoft Graphics Components Remote Code Execution Vulnerability
- CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2020-0948 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-0949 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-0950 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-0965 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Windows 10 version 1809: 63 vulnerabilities: 7 critical and 56 important
- Same as Windows 10 version 1803 plus
- CVE-2020-0910 | Windows Hyper-V Remote Code Execution Vulnerability
Windows 10 version 1903: 67 vulnerabilities: 8 critical and 59 important
- Same as Windows 10 version 1809 plus
- CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
Windows 10 version 1909:Â
- same as Windows 10 version 1903

Windows Server products

Windows Server 2008 R2 (extended support only):Â 32 vulnerabilities, 5 critical, 27 important
- CVE-2020-0907 | Microsoft Graphics Components Remote Code Execution Vulnerability
- CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2020-0938 | Adobe Font Manager Library Remote Code Execution Vulnerability
- CVE-2020-0965 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
- CVE-2020-1020 | Adobe Font Manager Library Remote Code Execution Vulnerability
Windows Server 2012 R2: 37 vulnerabilities: 4 critical and 32 important.
- Same as Windows Server 2008 R2.
Windows Server 2016: 51 vulnerabilities: 6 critical and 45 important.
- CVE-2020-0907 | Microsoft Graphics Components Remote Code Execution Vulnerability
- CVE-2020-0965 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
- CVE-2020-0950 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-0949 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-0948 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability
Windows Server 2019: 63 vulnerabilities: 7 critical and 65 are important
- same as Windows Server 2016 plus
- CVE-2020-0910 | Windows Hyper-V Remote Code Execution Vulnerability

Other Microsoft Products

Internet Explorer 11: 4 vulnerability: 2 critical, 2 important
- CVE-2020-0967 | VBScript Remote Code Execution Vulnerability
- CVE-2020-0968 | Scripting Engine Memory Corruption Vulnerability
Microsoft Edge:Â 2 vulnerabilities: 2 critical
- CVE-2020-0969 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-0970 | Scripting Engine Memory Corruption Vulnerability
Microsoft Edge on Chromium:
- see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Server 2008 R2

Monthly Rollup: KB4550964Â
Security Only Update: KB4550965

Fixes and improvements:

Fixed the long-standing issue on Cluster Shared Volumes that caused some operations to fail.
Security updates.

Windows 8.1 and Windows Server 2012 R2

Monthly Rollup: KB4550961
Security Only Update: KB4550970

Fixes and improvements:

Security updates.

Windows 10 version 1803

Update: KB4550922

Fixes and improvements:

Security updates.

Windows 10 version 1809

Update: KB4549949

Fixes and improvements:

Fixed an issue that prevented apps from installing if they are published using GPO.
Security updates.

Windows 10 version 1903 and 1909

Update: KB4549951Â

Fixes and improvements:

Fixed an issue that prevented apps from installing if they are published using GPO.
Security updates.

Other security updates

KB4550905 -- Cumulative security update for Internet Explorer: April 14, 2020

KB4550917 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4550951 -- Security Monthly Quality Rollup for Windows Server 2008

KB4550957 -- Security Only Quality Update for Windows Server 2008

KB4550971 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4549947 -- Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809

KB4550737 -- Servicing Stack Update for Windows Server 2008

KB4550738 -- Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4550927 -- Cumulative Update for Windows 10 Version 1709

KB4550929 -- Cumulative Update for Windows Server 2016 and Windows 10 Version 1607

KB4550930 -- Cumulative Update for Windows 10 Version 1507

KB4550939 -- Cumulative Update for Windows 10 Version 1703

KB4550992 -- Servicing Stack Update for Windows 10 Version 1703

KB4550994 -- Servicing Stack Update for Windows Server 2016 and Windows 10 Version 1607

KB4552152 -- Servicing Stack Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server, version 1903, and Windows 10 Version 1903

Known Issues

Windows 7 SP1 and Server 2008 R2

Device may display the error "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer" after installing the update.
Devices on domains may fail to install apps published using GPO. Affects only app installations that use .msi files. (mitigation: manual install) (only affects Monthly Rollup)

Windows 8.1 and Windows Server 2012 R2

Certain operations on Cluster Shared Volumes may fail.
Devices on domains may fail to install apps published using GPO. Affects only app installations that use .msi files. (mitigation: manual install) (only affects Monthly Rollup)

Windows 10 version 1803

Devices on domains may fail to install apps published using GPO. Affects only app installations that use .msi files. (mitigation: manual install)

Windows 10 version 1809

Installations with some Asian language packs installed may throw the error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND".

Security advisories and updates

ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability

Non-security related updates

KB4549950 -- Dynamic Update for Windows 10 Version 1909, and Windows 10 Version 1903

Microsoft Office Updates

You find Office update informationÂ here.

How to download and install the April 2020 security updates

Microsoft releases security updates through various channels including Windows Update, WSUS, other update services, as well as the Microsoft Update Catalog website.

It is highly recommended that backups are created before any type of update is installed.

Do the following to check for new updates:

Open the Start Menu of the Windows operating system, type Windows Update and select the result.
Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 and Server 2008 R2

KB4550964 -- 2020-04 Security Monthly Quality Rollup for Windows 7
KB4550965 -- 2020-04 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

KB4550961 -- 2020-04 Security Monthly Quality Rollup for Windows 8.1
KB4550970 -- 2020-04 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

KB4550922 -- 2020-04 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1809)

KB4549949Â -- 2020-04 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

KB4549951 -- 2020-04 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

KB4549951 -- 2020-04 Cumulative Update for Windows 10 Version 1909

Additional resources

Summary

Article Name

Microsoft Windows Security Updates April 2020 overview

Description

An overview of all Windows and other Microsoft security patches that Microsoft released on the April 2020 Patch Tuesday.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Comments

EP said on April 14, 2020 at 7:42 pm


Important note about the KB4549949 update for 1809, Martin:

Microsoft is extending support for the home and pro editions of Win10 v1809 until November 2020 as noted in MS support article 4549949:
https://support.microsoft.com/help/4549949

“IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home, Pro, Pro Education, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 to November 10, 2020. This means devices will receive monthly security updates only from May to November. The final security update for these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020.”
LaurentG said on April 14, 2020 at 8:48 pm


Not clear for me if this monthly update fixes, or not, the font parsing issue revealed on March 24, and thus if we can, or not, rollback workaround you proposed in this post :
https://www.ghacks.net/2020/03/24/critical-font-parsing-issue-in-windows-revealed-fix-inside/

Thank you for advice
1. Martin Brinkmann said on April 15, 2020 at 7:52 am
  
  
  Yes the font parsing issue is fixed it appears.
Yuliya said on April 14, 2020 at 8:51 pm


I have succesfully updated three computers running LTSC ðŸ™ƒ
Manually, no issues so far.
1. Yuliya said on April 17, 2020 at 6:30 pm
  
  
  USB Port Remains Active for Disabled or Safely Removed USB Device
  https://support.microsoft.com/en-us/help/2401954/usb-port-remains-active-for-disabled-or-safely-removed-usb-device
  
  I canâ€™t point out exactly, but itâ€™s probably April or one of Marchâ€™s cumulatives. The feature described in the above link no longer works, or even exists anymore.
  
  On WinVista/7 after soft ejecting a USB device, it kept receiving power. You could change that as described.
  On 8/10 the default was to no longer power an ejected device. Until this month I believe. I just noticed USB HDDs keep receiving power after ejected, and the â€œDisableOnSoftRemoveâ€ = 1 value no longer seems to have any impact on this behaviour.
  
  Tested on 1809 LTSC, 2019 Server and 1909 Pro (different machines).
  
  Just a heads-up for everyone, be extra careful while unplugging a portable HDD. Now they keep spinning, so donâ€™t bang them around.
michael said on April 14, 2020 at 8:57 pm


Is there any info on when MS will roll out the new Edge to everyone?
1. JohnIL said on April 15, 2020 at 1:46 pm
  
  
  My guess is that the New Edge get’s pushed out either with 2004 release or shortly after that. Its really not a problem to install now as a separate install. The result will be the same because Microsoft won’t completely uninstall old Edge for awhile. I think because of Covid 19 everything is sort of running in slow mode right now with everyone working from home. Besides the fact pushing out big updates means stressing the internet traffic at a time when its really maxed out!
chesscanoe said on April 14, 2020 at 9:55 pm


After manually updating EdgeC and Windows Defender, via Windows Update I installed KB4549951 bringing me to Microsoft Windows [Version 10.0.18363.778]. Looks good so far.
John G. said on April 15, 2020 at 1:20 am


Unable to install update KB4549951 — 2020-04 Cumulative Update for Windows 10 Version 1909, it appears error number 0x800f081f, first time this happens to me! :[
1. TelV said on April 15, 2020 at 9:23 am
  
  
  That error code and fix is listed on this site: https://www.makeuseof.com/tag/fix-error-code-0x800f081f-windows-10/
  1. John G. said on April 15, 2020 at 2:42 pm
    
    
    Thank you, reinstalling NET 3.5 just worked fine! :]
Luis Bello said on April 15, 2020 at 8:08 am


In Windows 8.1 the monthly update cant be installed… nice microsoft…
1. Iron Heart said on April 15, 2020 at 8:14 am
  
  
  @Luis Bello
  
  No problems here. Windows 8.1 Pro.
2. Belga said on April 15, 2020 at 8:46 am
  
  
  No problem here either with the security only rollup under Win 8.1×64 !
3. TelV said on April 15, 2020 at 10:12 am
  
  
  @Luis Bello,
  
  I had a problem installing last month’s patches which I posted here: https://www.ghacks.net/2020/03/10/microsoft-windows-security-updates-march-2020-overview/#comment-4456480
  
  Open an elevated command prompt and then run
  DISM.exe/Online /Cleanup-image /Restorehealth which is how I fixed it back then.
  
  Otherwise check to make sure you’re not trying to install the x86 version on a 64-bit OS or vice versa.
John G. said on April 15, 2020 at 7:54 pm


Cumulative updates are so big, it would be more efficient minor daily updates to keep safe. ;]
moonlightdiedandwealllaughed said on April 16, 2020 at 1:29 am


Security updates you say?

Please publish them as FOSS and reproducible code.

No?

Too bad, then. You’ll never be on MY machines.
Jay said on April 16, 2020 at 6:17 am


Are security only updates new ?? They are not appearing when searching for updates through windows update. Do we have to manually install these updates by downloading them to each device ?
1. Martin Brinkmann said on April 16, 2020 at 7:30 am
  
  
  No they are not new. Microsoft does not offer them via Windows Update, only as direct downloads from the Microsoft Update Catalog website. These need to be installed manually, and you need to make sure to only install the security updates and not the monthly rollup updates.
John G. said on April 16, 2020 at 7:44 am


My sister’s PC is given error 0x80073712 all the time for KB4549951, applied all possible solutions and workarounds found everywhere with no success at all. Finally she paused updates for 7 days. Just a tought for Microsoft staff, while confined in coronavirus times it should be more reasonable to avoid release crap: cumulative updates has never been a good idea, they are big, bloated like hell and you will never known what’s wrong. You will only get the awful error codes for decades.
Anonymous said on April 30, 2020 at 1:26 pm


Windows Server 2008 R2 (extended support only): 32 vulnerabilities, 5 critical, 42 important

Is the above correct?
1. Martin Brinkmann said on April 30, 2020 at 1:51 pm
  
  
  No it is not, thank you, corrected!

Microsoft Windows Security Updates April 2020 overview