The May security updates have been released and consist of 79 CVEs along with two advisories. Of these 79 CVEs, 22 are rated Critical and 57 are rated Important in severity. Two of these bugs are listed as publicly known and one is listed as under active attack at the time of release.
The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service, Spoofing, and Security Feature Bypass and apply to the following: The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.
Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows 10:
The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service, Spoofing, and Security Feature Bypass and apply to the following: The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.
Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows 10:
- Windows 10, Version 1809: KB4494441 (OS Build 17763.503). Prerequisite: The servicing stack update (SSU) (KB4499728) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.
- Windows 10, Version 1803: KB4499167 (OS Build 17134.765)