Windows 10 Cumulative Updates Are Live – Microsoft Fixes a Wormable Critical RCE Flaw


Microsoft has released Windows 10 cumulative updates for the month of July. Along with other fixes, today's updates also bring a fix for a DNS Server vulnerability CVE-2020-1350, which is a critical Remote Code Execution (RCE) vulnerability rated 10 on the CVSS score, and is classified as wormable.

"This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions," the company explains. "Non-Microsoft DNS Servers are not affected."

Windows 11 Build 22000.706 (KB5014019) Is Out for Release Preview Channel

Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.

Windows Server 2008 through to Windows Server, version 2004 (Server Core installation), are affected. Those who have automatic updates turned on do not need to take any additional action; Microsoft said it "strongly" recommends server administrators to apply the security update (KB4569509) "at their earliest convenience."

Highlights of KB4565483 (Builds 18362.959 and 18363.959) Windows 10 cumulative updates for versions 1909 and 1903

  • Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.
  • Updates to improve security when using Microsoft Office products.
  • Updates to improve security when using input devices (such as a mouse, keyboard, or stylus).
  • Improves security in the Microsoft Store.
  • Updates to improve security when Windows performs basic operations.
  • Updates for storing and managing files.
  • Updates an issue that might prevent some applications from printing documents that contain graphics or large files.

Microsoft noted that starting with today, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability (CVE-2020-1036). Once it's disabled, attempting to start virtual machines (VMs) will show following messages:

  • “The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”
  • “The virtual machine cannot be started because the server has insufficient GPU resources.”

For more details, head over to the support pages.

Today's Windows 10 cumulative updates are live for the May 2020 Update (version 2004), the November 2019 Update (version 1909), the May 2019 Update (version 1903), the October 2018 Update (KB4558998 - Build 17763.1339), the April 2018 Update (KB4565489 - Build 17134.1610), the Fall Creators Update (KB4565508 - Build 16299.1992), the Creators Update (KB4565499 - Build 15063.2439), the Anniversary Update (KB4565511 - Build 14393.3808), and the original Windows 10 update (KB4565513 - Build 10240.18638).

- Relevant: how do download latest version 2004, May 2020 Update