A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.

To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.

The update addresses the vulnerability by correcting how RDP handles connection requests.

Information published.

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system.

The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Information published.

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Information published.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Information published.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

Information published.

An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

To exploit this vulnerability, an attacker would have to log on to an affected system and open a specifically crafted file.

The update addresses the vulnerability by correcting how Windows Media Player handles objects in memory.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Information published.

An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

To exploit this vulnerability, an attacker would have to log on to an affected system and open a specifically crafted file.

The update addresses the vulnerability by correcting how Windows Media Player handles objects in memory.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Information published.

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

The security update addresses the vulnerability by correcting how AppX Deployment Server handles junctions.

Information published.

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, causing Windows to execute arbitrary code.

The update addresses the vulnerability by correcting how Windows OLE validates user input.

Information published.

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions. This vulnerability could result in sensitive data being exposed.

To exploit this vulnerability an attacker would need to be authenticated to have rights to view the sensitive data.

This security update addresses the vulnerability by modifying how the data is sanitized.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

Information published.

A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers. An attacker could exploit the vulnerability to trigger warnings and false positives when no threat is present.

To exploit the vulnerability, an attacker would first require execution permissions on the victim system.

The security update addresses the vulnerability by ensuring Microsoft Defender properly handles these buffers.

Information published.

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application.

Why is there no update for this vulnerability?

Microsoft will not provide an update for this vulnerability because Windows XP is out of support. Microsoft strongly recommends upgrading to a supported version of Windows software.

Information published.

This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

1. Why are all of the Servicing Stack Updates (SSU) critical updates?

The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update.

2. When was the most recent SSU released for each version of Microsoft Windows?

Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:

3. Where can I find more information about the Servicing Stack Updates?

You can find more information by following these links:

• Servicing Stack Updates
• Windows 7 servicing stack updates

FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an informational change only.

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1809 for x64-based Systems to 4470788. This is an informational change only.

A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version 1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version 1709, Windows Server, version 1709, Windows 10 version 1803, Windows Server, version 1803, Windows 10 version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version 1809. See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server 2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server, version 1903 (Server Core installation). See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server, version 1903 (Server Core installation). See the FAQ section for more information.

A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ section for more information.

A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more information.

In the Security Updates table, corrected the KB Article Number and Download links for Server 2012, the 32-bit and x64-based versions of Windows 8.1, and Server 2012 R2. See the FAQ section for more information.

A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ section for more information.

Information published.

Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational change only.

A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information.

Updated supersedence information. This is an informational change only.

Fixed a typo in the FAQ.

A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information.

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1803 for x64-based Systems to 4485449. This is an informational change only.

A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows Server 2019 (Server Core installation). See the FAQ section for more information.

A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more information.

A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information.

Fixed some incorrect KB numbers. This is an information change only.

A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 7, Windows Server 2008 R2, and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information.

A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content.

To exploit the vulnerability, an attacker would need to convince an authenticated user to click a specially-crafted link to an affected SSRS server.

The update addresses the vulnerability by correcting SSRS URL sanitization.

Information published.

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo.

The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input.

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Information published.

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo.

The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input.

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Information published.

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.

To exploit the vulnerability, an attacker must clone a file using a specially crafted path on a vulnerable system.

The security update fixes the vulnerability by ensuring Git for Visual Studio properly handles folder paths.

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Information published.

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo.

The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input.

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Information published.

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo.

The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input.

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Information published.

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo.

The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input.

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Information published.

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Information published.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.

Information published.

A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.

Exploitation of the vulnerability requires that a specially crafted document be sent to a vulnerable user.

The security update addresses the vulnerability by correcting how Microsoft Word handles objects in memory.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

I have Microsoft Word 2010 installed. Why am I not being offered the 4475598 update?

The 4475598 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.

Information published.

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office PowerPoint software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft PowerPoint handles objects in memory.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Information published.

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Information published.