Microsoft Windows Security Updates May 2020 overview

Martin Brinkmann
May 12, 2020
Updated • May 14, 2020
Microsoft, Windows, Windows Updates
|
20

Welcome to the overview for Microsoft's May 2020 Patch Day; Microsoft released security updates and non-security updates for all supported versions of Windows -- both client and server versions -- on May 10, 2020. Updates are also available for other Microsoft products including Microsoft Office.

The overview provides system administrators and end users with information on the released patches. It includes links to all support articles, direct downloads for the core Windows updates, operating system distribution information, a list of known issues and published security advisories since the last Patch Day.

Microsoft Windows Security Updates May 2020

windows security updates may 2020

Download the following Excel spreadsheet to your device; it contains a list of all security updates that Microsoft released on the May 2020 Patch Day for all of its products. Click on the following link to download the spreadsheet: security-updates-windows-may-2020

Executive Summary

  • Microsoft released security updates for all supported versions of Windows (client and server).
  • Security updates are also available for Microsoft Edge (new and old), Internet Explorer, Microsoft Office, Windows Defender, Visual Studio, Microsoft Dynamics, .Net Framework and Core, Power BI.

Operating System Distribution

  • Windows 7  (extended support only): 26 vulnerabilities: 1 critical and 26 important
    • CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
  • Windows 8.1: 30 vulnerabilities: 2 rated critical and 28 rated important
    • CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
  • Windows 10 version 1803: 71 vulnerabilities: 5 critical and 66 important
    • CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability
    • CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
  • Windows 10 version 1809: 75 vulnerabilities: 5 critical and 70 important
    • same as Windows 10 version 1803
  • Windows 10 version 1903: 78 vulnerabilities: 5 critical and 73 important
    • same as Windows 10 version 1803
  • Windows 10 version 1909: 
    • same as Windows 10 version 1903

Windows Server products

  • Windows Server 2008 R2 (extended support only): 26 vulnerabilities, 1 critical, 25 important
    • CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 29 vulnerabilities: 2 critical and 27 important.
    • CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
  • Windows Server 2016: 61 vulnerabilities: 5 critical and 56 important.
    • CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability
    • CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
    • CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability
    • CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability
  • Windows Server 2019: 75 vulnerabilities: 5 critical and 70 are important
    • same as Windows Server 2016

Other Microsoft Products

  • Internet Explorer 11: 7 vulnerability: 3 critical, 4 important
  • Microsoft Edge:  5 vulnerabilities: 3 critical, 2 important
    • CVE-2020-1065 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2020-1037 | Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability
  • Microsoft Edge on Chromium:
    • see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Server 2008 R2

  • Monthly Rollup support article: KB4556836
  • Security-only Update support article: KB4556843

Changes, fixes, and improvements

  • Kingdom of Morocco daylight saving time updates. (both)
  • Security Updates. (both)
  • Fixed an issue that prevented some apps from installing if they are published using a Group Policy Object.(Monthly Rollup)
  • Fixed an issue that made Windows report the connection state of network interfaces incorrectly. (Monthly Rollup)

Windows 8.1 and Windows Server 2012 R2

Changes, fixes, and improvements

  • Kingdom of Morocco daylight saving time updates. (both)
  • Security Updates. (both)
  • Addressed an issue that causes offline file syncing to stop responding or fail in mobsyc.exe. (Monthly Rollup)

Windows 10 version 1803

Changes, fixes, and improvements

  • Kingdom of Morocco daylight saving time updates.
  • Addressed an issue that prevents a call to NCryptGetProperty() from returning the correct pbOutput value when pszProperty is set to "Algorithm Group" and you are using a Trusted Platform Module (TPM) 1.2 device.
  • Security Updates

Windows 10 version 1809

Changes, fixes, and improvements

  • Same as Windows 10 version 1803, plus
  • Shell Launcher v2 added to "improve reliability and usability".

Windows 10 version 1903 and 1909

Changes, fixes, and improvements

  • Kingdom of Morocco daylight saving time updates.
  • Security Updates.

Other security updates

KB4556798 -- Cumulative security update for Internet Explorer: May 12, 2020

KB4556840 -- 2020-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4556852 -- 2020-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4556853 -- 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2

KB4556854 -- 2020-05 Security Only Quality Update for Windows Server 2008

KB4556860 -- 2020-05 Security Monthly Quality Rollup for Windows Server 2008

KB4556804 -- 2020-05 Cumulative Update for Windows 10 Version 1703

KB4556812 -- 2020-05 Cumulative Update for Windows 10 Version 1709

KB4556813 -- 2020-05 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607

KB4556826 -- 2020-05 Cumulative Update for Windows 10 Version 1507

.NET

KB4552919 -- 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4552920 -- 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4552921 -- 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4552922 -- 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4552923 -- 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4552932 -- 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4552933 -- 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4552939 -- 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008

KB4552940 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4552946 -- 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2

KB4552947 --2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4552951 -- 2020-05 Security Only Update for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4552952 -- 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4552953 -- 2020-05 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4552958 -- 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4552959 -- 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4552961 -- 2020-05 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4552962 -- 2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4552963 -- 2020-05 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012

KB4552964 -- 2020-05 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008

KB4552965 -- 2020-05 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4552966 -- 2020-05 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2

KB4552967 -- 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2

KB4552968 -- 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4552979 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012

KB4552982 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2

KB4556399 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4556400 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4556401 -- 2020-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4556402 -- 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

KB4556403 -- 2020-05 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4556404 -- 2020-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4556405 -- 2020-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4556406 -- 2020-05 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

KB4552924 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809

KB4552926 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607

KB4552927 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4552928 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

KB4552929 -- 2020-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016 (1803)

KB4552930 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809

KB4552931 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4556441 -- 2020-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809

KB4552925 -- 2020-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004

Servicing Stack Updates

KB4555448 -- 2020-05 Servicing Stack Update for Windows Server 2008

KB4555449 -- 2020-05 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

Known Issues

Windows 7 SP1 

  • Windows may show "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer" after installing the update.
    • This is expected if a) the device is not supported for ESU or b) if the ESU MAK add-on key is not installed or activated.

Windows 10 version 1809

  • Devices with some Asian language packs installed may show the error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.".
    • Mitigation 1: Update and reinstall any recently installed language packs. Select Check for Updates in Windows Update to install the latest cumulative update.
    • Mitigation 2 (if 1 does not work): Reset the PC to an earlier version or restore a backup.

Security advisories and updates

ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library

ADV200007 | OpenSSL Remote Denial of Service Vulnerability

Non-security related updates

KB4557900 -- 2020-05 Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB890830 -- Windows Malicious Software Removal Tool

Microsoft Office Updates

You find Office update information here.

How to download and install the May 2020 security updates

Security updates for Windows are published via Windows Updates, other update management systems such as WSUS, as well as direct downloads on the Microsoft Update Catalog website.

We recommend that backups are created before updates are installed.

Do the following to check for new updates:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 and Server 2008 R2

  • KB4556836 -- 2020-05 Security Monthly Quality Rollup for Windows 7
  • KB4556843 -- 2020-05 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4556846 -- 2020-05 Security Monthly Quality Rollup for Windows 8.1
  • KB4556853 -- 2020-05 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

  • KB4556807 -- 2020-05 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1809)

  • KB4551853 -- 2020-05 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4556799 -- 2020-5 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4556799 -- 2020-05 Cumulative Update for Windows 10 Version 1909

Additional resources

Summary
Microsoft Windows Security Updates May 2020 overview
Article Name
Microsoft Windows Security Updates May 2020 overview
Description
Welcome to the overview for Microsoft's May 2020 Patch Day; Microsoft released security updates and non-security updates for all supported versions of Windows -- both client and server versions -- on May 10, 2020.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Victor said on June 19, 2020 at 6:32 pm
    Reply

    This site rocks!

  2. Anonymous said on May 22, 2020 at 9:39 pm
    Reply

    Has anyone had any issues with kb4552923? Our .net app just fails after this has been installed.

  3. John G. said on May 19, 2020 at 1:02 pm
    Reply

    Weird sound problems here! This is getting worse twice per month! Really tired! :(

  4. Widdershins said on May 14, 2020 at 11:22 pm
    Reply

    Many issues with KB4556399 .NET Rollup, and no universal agreement on how or what triggers it or how to fix it. . One Admin has 5000 machines WITH valid ESU’s get all of them fouled up by this.Go to askwoody.com and check it out.

    Hold off installing this one for now!

  5. Antmavr said on May 14, 2020 at 6:35 pm
    Reply

    KB4556399 (Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1) solution for error 643. Just remove WU ESU Patcher and try to install the up date!Works fine!!!

  6. Anonymous said on May 14, 2020 at 11:59 am
    Reply

    Windows Server 2008 R2 (extended support only): 26 vulnerabilities, 5 critical, 27 important

    Might be a typo here appreciate your help

    1. Martin Brinkmann said on May 14, 2020 at 12:18 pm
      Reply

      Fixed, copy/paste error.

  7. ispeakforadminseverywhere said on May 13, 2020 at 7:13 pm
    Reply

    It’s really sickening that we have to go through all the anxiety of bricking our machines in a company to ensure security. If MS gave a damn about security they would not update using a system that has been broken since Windows 8 years ago.

    And we get no choice in the matter.

    Really, f*uck Microsoft already. Anyone else agree that this is hopelessly broken and unconscionable?

    And no, not Yuliya.

  8. chesscanoe said on May 13, 2020 at 12:26 pm
    Reply

    After running WU to get to Microsoft Windows [Version 10.0.18363.836], the enforced restart was not sufficient to get the Windows chirp on keyboard chicklet depression. A shutdown and logon fixed that problem for me.

  9. TelV said on May 13, 2020 at 9:02 am
    Reply

    I hope you’ve got a good secretary Martin. Having to type all that data especially for .NET would drive me bonkers in no time at all.

    Thanks once more for your supreme efforts.

    1. Aegir said on May 13, 2020 at 1:18 pm
      Reply

      I wonder where the details come from. Is it from this site? https://portal.msrc.microsoft.com/en-us/security-guidance/summary

  10. Anon said on May 13, 2020 at 3:04 am
    Reply

    windows 10 v.1903 link is not working

    1. Martin Brinkmann said on May 13, 2020 at 7:27 am
      Reply

      Fixed the direct download links.

  11. Yuliya said on May 12, 2020 at 9:12 pm
    Reply

    KB4551853 is nowhere to be found.

    1. EP said on May 12, 2020 at 9:17 pm
      Reply

      it’s available now, Yuliya – just needed to wait another 30 minutes to show up on MS Update Catalog:
      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4551853

      And note to Martin – KB4556803 build 19041.264 available for v2004 users in the slow & RP rings:
      https://blogs.windows.com/windowsexperience/2020/05/12/releasing-windows-10-insider-preview-build-19041-264-to-the-slow-release-preview-rings/

      1. Yuliya said on May 13, 2020 at 1:27 pm
        Reply

        Great, I updated my PC :)

      2. Yuliya said on May 13, 2020 at 8:22 pm
        Reply

        By the way, this: https://www.ghacks.net/2020/04/14/microsoft-windows-security-updates-april-2020-overview/#comment-4460466
        was fixed on 21st April in KB4550969. At least on LTSC and Server 1809, idk about 1909.
        Therefore, KB4551853 has this issue fixed as well.

  12. Paul(us) said on May 12, 2020 at 9:04 pm
    Reply

    Thanks, Martin, for letting me know what is happing patch wise speaking with main Windows 10 version 1903 and this month 78 vulnerabilities: 5 critical and 73 important.
    This patch & update moment brought my system to version 1909 build 18368.836.

    And thanks for the link to the Excel spreadsheet with the list of all security updates that Microsoft released on the May 2020 patch day for all of its products. Next to your article its also a real threat.
    Did I already mention that like always the monthly update & patch article is an easy read?

  13. Franck said on May 12, 2020 at 8:57 pm
    Reply

    Thanks a lot for the detailed article!

  14. Anonymous said on May 12, 2020 at 8:44 pm
    Reply

    Are .Net updates still allowed for Windows 7 are those no longer supported also? I didn’t want to try installing it if it isn’t going to work anyway.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.