8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.275 Low
EPSS
Percentile
96.7%
Applications that do not have a manifest that indicates the correct Windows version of 6.3 may receive the scripting error, “Intl is not available”. Ensure that the applications have a manifest with the appropriate Windows version. For more information, see Targeting your application for Windows.
This security update includes improvements and fixes that were a part of update KB4487016 (released February 19, 2019) and addresses the following issues:
Symptom | Workaround |
---|---|
After installing this update, Internet Explorer 11 and other applications that use WININET.DLLmay have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: |
Cache size and location show zero or empty.
Keyboard shortcuts may not work properly.
Webpages may intermittently fail to load or render correctly.
Issues with credential prompts.
Issues when downloading files.
| This issue is resolved in KB4493446.
After installing this update, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(),insertBefore(), andmoveNode().The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.| This issue is resolved in KB4493446.
After installing this security update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.| This issue is resolved in KB4493446.
After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.| This issue is resolved in KB4503276.
After installing this update, devices with a winsock kernel client may receive D1, FC, and other errors. Additionally, systems that run the Skype for Business or Lync Server Edge Transport role may be affected by this issue.| This issue is resolved in KB4489893.
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBltAPI may display embedded objects incorrectly.For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.| This issue is resolved in KB4493446.
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.| Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Microsoft is working on a resolution and will provide an update in an upcoming release.
This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4489881.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.275 Low
EPSS
Percentile
96.7%