Microsoft Fixes High CPU Usage Bug and Two Vulnerabilities with the Latest Windows 10 Update
Update: Microsoft has clarified that it had incorrectly marked these vulnerabilities as under attack; the flaws aren't zero-days.
Microsoft delivered cumulative updates to several versions of Windows 10 last night, including the May 2019 Update. The M19U has been experiencing a number of bugs these past couple of months, including a Cortana/Search issue that resulted in massive CPU usage for some users.
With the release of September Patch Tuesday (KB4515384), Microsoft has now addressed that particular bug. The release notes read:
Windows Desktop Search may not return any results and may have high CPU usage
Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.
Fixed on Sept 10: Addresses an issue that causes high CPU usage from SearchUI.exe for a small number of users. This issue only occurs on devices that have disabled searching the web using Windows Desktop Search.
Not the only reason why Microsot's latest Windows 10 update is important
Along with the bug fix, the Windows maker has also patched several critical security issues in the operating system, including providing protections against Microarchitectural Data Sampling, a new class of speculative execution side-channel vulnerabilities.
Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
As noted by the folks at ZDNet, the company has also addressed two zero-days, tracked as CVE-2019-1214 and CVE-2019-1215. They are both are elevation of privilege (EoP) flaws that impact the Windows Common Log File System (CLFS) driver and the ws2ifsl.sys (Winsock) service, respectively.
Microsoft has also released security updates to "Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server."
You can install this latest update (KB4515384 - Build 18362.356) via Windows Update or manually through the Microsoft Update Catalog website.