- May 2020 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Microsoft Windows Security Updates May 2020 overview
Welcome to the overview for Microsoft's May 2020 Patch Day; Microsoft released security updates and non-security updates for all supported versions of Windows -- both client and server versions -- on May 10, 2020. Updates are also available for other Microsoft products including Microsoft Office.
The overview provides system administrators and end users with information on the released patches. It includes links to all support articles, direct downloads for the core Windows updates, operating system distribution information, a list of known issues and published security advisories since the last Patch Day.
Microsoft Windows Security Updates May 2020
Download the following Excel spreadsheet to your device; it contains a list of all security updates that Microsoft released on the May 2020 Patch Day for all of its products. Click on the following link to download the spreadsheet: security-updates-windows-may-2020
Executive Summary
- Microsoft released security updates for all supported versions of Windows (client and server).
- Security updates are also available for Microsoft Edge (new and old), Internet Explorer, Microsoft Office, Windows Defender, Visual Studio, Microsoft Dynamics, .Net Framework and Core, Power BI.
Operating System Distribution
- Windows 7Â (extended support only): 26 vulnerabilities: 1 critical and 26 important
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
- Windows 8.1: 30 vulnerabilities: 2 rated critical and 28 rated important
- CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
- Windows 10 version 1803: 71 vulnerabilities: 5 critical and 66 important
- CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability
- CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
- Windows 10 version 1809: 75 vulnerabilities: 5 critical and 70 important
- same as Windows 10 version 1803
- Windows 10 version 1903: 78 vulnerabilities: 5 critical and 73 important
- same as Windows 10 version 1803
- Windows 10 version 1909:Â
- same as Windows 10 version 1903
Windows Server products
- Windows Server 2008 R2 (extended support only):Â 26 vulnerabilities, 1 critical, 25 important
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
- Windows Server 2012 R2: 29 vulnerabilities: 2 critical and 27 important.
- CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
- Windows Server 2016: 61 vulnerabilities: 5 critical and 56 important.
- CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
- CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability
- CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability
- Windows Server 2019: 75 vulnerabilities: 5 critical and 70 are important
- same as Windows Server 2016
Other Microsoft Products
- Internet Explorer 11: 7 vulnerability: 3 critical, 4 important
- CVE-2020-1062 | Internet Explorer Memory Corruption Vulnerability
- CVE-2020-1093 | VBScript Remote Code Execution Vulnerability
- CVE-2020-1064 | MSHTML Engine Remote Code Execution Vulnerability
- Microsoft Edge:Â 5 vulnerabilities: 3 critical, 2 important
- CVE-2020-1065 | Scripting Engine Memory Corruption Vulnerability
- CVE-2020-1037 | Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability
- Microsoft Edge on Chromium:
- see here (latest security patches from the Chromium project)
Windows Security Updates
Windows 7 SP1 and Server 2008 R2
Changes, fixes, and improvements
- Kingdom of Morocco daylight saving time updates. (both)
- Security Updates. (both)
- Fixed an issue that prevented some apps from installing if they are published using a Group Policy Object.(Monthly Rollup)
- Fixed an issue that made Windows report the connection state of network interfaces incorrectly. (Monthly Rollup)
Windows 8.1 and Windows Server 2012 R2
- Monthly Rollup support article: KB4556846
- Security-only Update support article: KB4556853Â
Changes, fixes, and improvements
- Kingdom of Morocco daylight saving time updates. (both)
- Security Updates. (both)
- Addressed an issue that causes offline file syncing to stop responding or fail in mobsyc.exe. (Monthly Rollup)
Windows 10 version 1803
- Support article: KB4556807
Changes, fixes, and improvements
- Kingdom of Morocco daylight saving time updates.
- Addressed an issue that prevents a call to NCryptGetProperty() from returning the correct pbOutput value when pszProperty is set to "Algorithm Group" and you are using a Trusted Platform Module (TPM) 1.2 device.
- Security Updates
Windows 10 version 1809
- Support article: KB4551853
Changes, fixes, and improvements
- Same as Windows 10 version 1803, plus
- Shell Launcher v2 added to "improve reliability and usability".
Windows 10 version 1903 and 1909
- Support article: KB4556799
Changes, fixes, and improvements
- Kingdom of Morocco daylight saving time updates.
- Security Updates.
Other security updates
KB4556798 -- Cumulative security update for Internet Explorer: May 12, 2020
KB4556840 -- 2020-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4556852 -- 2020-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
KB4556853 -- 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2
KB4556854 -- 2020-05 Security Only Quality Update for Windows Server 2008
KB4556860 -- 2020-05 Security Monthly Quality Rollup for Windows Server 2008
KB4556804 -- 2020-05 Cumulative Update for Windows 10 Version 1703
KB4556812 -- 2020-05 Cumulative Update for Windows 10 Version 1709
KB4556813 -- 2020-05 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607
KB4556826 -- 2020-05 Cumulative Update for Windows 10 Version 1507
.NET
KB4552919 -- 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4552920 -- 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4552921 -- 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4552922 -- 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4552923 -- 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
KB4552932 -- 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4552933 -- 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4552939 -- 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008
KB4552940 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4552946 -- 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2
KB4552947 --2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4552951 -- 2020-05 Security Only Update for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4552952 -- 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4552953 -- 2020-05 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4552958 -- 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4552959 -- 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
KB4552961 -- 2020-05 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4552962 -- 2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4552963 -- 2020-05 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012
KB4552964 -- 2020-05 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008
KB4552965 -- 2020-05 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4552966 -- 2020-05 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2
KB4552967 -- 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2
KB4552968 -- 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4552979 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012
KB4552982 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2
KB4556399 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4556400 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4556401 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4556402 -- 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008
KB4556403 -- 2020-05 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4556404 -- 2020-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4556405 -- 2020-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4556406 -- 2020-05 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008
KB4552924 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809
KB4552926 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607
KB4552927 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
KB4552928 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
KB4552929 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016 (1803)
KB4552930 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809
KB4552931 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903
KB4556441 -- 2020-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809
KB4552925 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004
Servicing Stack Updates
KB4555448 -- 2020-05 Servicing Stack Update for Windows Server 2008
KB4555449 -- 2020-05 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
Known Issues
Windows 7 SP1Â
- Windows may show "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer" after installing the update.
- This is expected if a) the device is not supported for ESU or b) if the ESU MAK add-on key is not installed or activated.
Windows 10 version 1809
- Devices with some Asian language packs installed may show the error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.".
- Mitigation 1: Update and reinstall any recently installed language packs. Select Check for Updates in Windows Update to install the latest cumulative update.
- Mitigation 2 (if 1 does not work): Reset the PC to an earlier version or restore a backup.
Security advisories and updates
ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library
ADV200007 | OpenSSL Remote Denial of Service Vulnerability
Non-security related updates
KB4557900 -- 2020-05 Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB890830 -- Windows Malicious Software Removal Tool
Microsoft Office Updates
You find Office update information here.
How to download and install the May 2020 security updates
Security updates for Windows are published via Windows Updates, other update management systems such as WSUS, as well as direct downloads on the Microsoft Update Catalog website.
We recommend that backups are created before updates are installed.
Do the following to check for new updates:
- Open the Start Menu of the Windows operating system, type Windows Update and select the result.
- Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.
Direct update downloads
Windows 7 and Server 2008 R2
- KB4556836 -- 2020-05 Security Monthly Quality Rollup for Windows 7
- KB4556843 -- 2020-05 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4556846 -- 2020-05 Security Monthly Quality Rollup for Windows 8.1
- KB4556853 -- 2020-05 Security Only Quality Update for Windows 8.1
Windows 10 (version 1803)
- KB4556807 -- 2020-05 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1809)
- KB4551853 -- 2020-05 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1903)
- KB4556799 -- 2020-5 Cumulative Update for Windows 10 Version 1903
Windows 10 (version 1909)
- KB4556799 -- 2020-05 Cumulative Update for Windows 10 Version 1909
This site rocks!
Has anyone had any issues with kb4552923? Our .net app just fails after this has been installed.
Weird sound problems here! This is getting worse twice per month! Really tired! :(
Many issues with KB4556399 .NET Rollup, and no universal agreement on how or what triggers it or how to fix it. . One Admin has 5000 machines WITH valid ESU’s get all of them fouled up by this.Go to askwoody.com and check it out.
Hold off installing this one for now!
KB4556399 (Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1) solution for error 643. Just remove WU ESU Patcher and try to install the up date!Works fine!!!
Windows Server 2008 R2 (extended support only): 26 vulnerabilities, 5 critical, 27 important
Might be a typo here appreciate your help
Fixed, copy/paste error.
It’s really sickening that we have to go through all the anxiety of bricking our machines in a company to ensure security. If MS gave a damn about security they would not update using a system that has been broken since Windows 8 years ago.
And we get no choice in the matter.
Really, f*uck Microsoft already. Anyone else agree that this is hopelessly broken and unconscionable?
And no, not Yuliya.
After running WU to get to Microsoft Windows [Version 10.0.18363.836], the enforced restart was not sufficient to get the Windows chirp on keyboard chicklet depression. A shutdown and logon fixed that problem for me.
I hope you’ve got a good secretary Martin. Having to type all that data especially for .NET would drive me bonkers in no time at all.
Thanks once more for your supreme efforts.
I wonder where the details come from. Is it from this site? https://portal.msrc.microsoft.com/en-us/security-guidance/summary
windows 10 v.1903 link is not working
Fixed the direct download links.
KB4551853 is nowhere to be found.
it’s available now, Yuliya – just needed to wait another 30 minutes to show up on MS Update Catalog:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4551853
And note to Martin – KB4556803 build 19041.264 available for v2004 users in the slow & RP rings:
https://blogs.windows.com/windowsexperience/2020/05/12/releasing-windows-10-insider-preview-build-19041-264-to-the-slow-release-preview-rings/
Great, I updated my PC :)
By the way, this: https://www.ghacks.net/2020/04/14/microsoft-windows-security-updates-april-2020-overview/#comment-4460466
was fixed on 21st April in KB4550969. At least on LTSC and Server 1809, idk about 1909.
Therefore, KB4551853 has this issue fixed as well.
Thanks, Martin, for letting me know what is happing patch wise speaking with main Windows 10 version 1903 and this month 78 vulnerabilities: 5 critical and 73 important.
This patch & update moment brought my system to version 1909 build 18368.836.
And thanks for the link to the Excel spreadsheet with the list of all security updates that Microsoft released on the May 2020 patch day for all of its products. Next to your article its also a real threat.
Did I already mention that like always the monthly update & patch article is an easy read?
Thanks a lot for the detailed article!
Are .Net updates still allowed for Windows 7 are those no longer supported also? I didn’t want to try installing it if it isn’t going to work anyway.