WIXLIB

This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update.Key changes include:06-2017 Security Update Addressed issue where, after installingKB3164035, users cannot printenhanced metafiles (EMF) ordocuments containing bitmapsrendered out of bounds using theBitMapSection(DIBSection)function. Addressed issue where updates werenot correctly installing all componentsand would prevent them from booting.Addressed issue where anunsupported hardware notification isshown and Windows Updates notscanning, for systems using the AMDCarrizo DDR4 processor. For theaffected systems, follow the steps inthe Additional Information section toinstall this update.Security updates to Windows kernel,Microsoft Graphics Component,Microsoft Uniscribe, Windows kernelmode drivers, the Windows OS,Windows COM and Windows shell. Formore information about the securityvulnerabilities resolved, please referto the Security Update Guide. KB40227221KB40192631This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update.Key changes include: 05-2017Security Update Updated Windows Cryptography APIto deprecate SHA-1 for SSL/TLSServer Authentication, including inMicrosoft Edge and Internet Explorer11 . See Advisory 4010323 for moreinformation.Security updates to Microsoft GraphicsComponent, Windows COM, MicrosoftActiveX, Windows Server, Windowskernel, and Microsoft Windows DNS.

04-2017 Security Update04-2017.NET FrameworkSecurity UpdateThis security update resolves securityvulnerabilities in scripting engine, Hyper-V,libjpeg image-processing library, Adobe TypeManager Font Driver, Win32K, MicrosoftOutlook, Internet Explorer, GraphicsComponent, Windows kernel-mode drivers andLightweight Directory Access Protocol. Thisupdate also enables detection of processorgeneration and hardware support status whenPC tries to scan or download updates throughWindows Update.This update resolves a vulnerability in theMicrosoft .NET Framework that could allowremote code execution when the .NETFramework fails to properly validate inputbefore loading libraries. An attacker whosuccessfully exploits this vulnerability couldtake control of an affected system. Theattacker could then install programs; view,change, or delete data; or create new accountswith full user rights. Users whose accounts areconfigured to have fewer user rights on thesystem could be less impacted than users whooperateKB40155461KB40145731KB40122121with administrative user rights. To learn moreabout this vulnerability, see Microsoft CommonVulnerabilities and Exposures CVE-2017-0160.This security update resolves the followingvulnerabilities in Windows 7 SP1 and WindowsServer 2008 R2 SP1:03-2017Security Only MultipleUpdate MS17-022 Security update forMicrosoft XML Core Services MS17-021 Security update forDirectShow MS17-020 Security update forWindows DVD Maker MS17-019 Security update for ActiveDirectory Federation Services MS17-018 Security update forWindows Kernel-Mode Drivers MS17-017 Security update forWindows Kernel MS17-016 Security update forInternet Information Services MS17-013 Security update forMicrosoft Graphics Component MS17-012 Security update forMicrosoft Windows MS17-011 Security update forMicrosoft Uniscribe

04-2017.NET Framework securityupdate MS17-010 Security update forWindows SMB Server MS17-008 Security update forWindows Hyper-VThis update resolves a vulnerability in theMicrosoft .NET Framework that could allowremote code execution when the .NETFramework fails to properly validate inputbefore loading libraries. An attacker whosuccessfully exploits this vulnerability couldtake control of an affected system. Theattacker could then install programs; view,change, or delete data; or create new accountswith full user rights. Users whose accounts areconfigured to have fewer user rights on thesystem could be less impacted than users whooperateKB40145581This security update resolves several reportedvulnerabilities in Internet Explorer. The mostsevere of these vulnerabilities could allowremote code execution if a user views aspecially crafted webpage in Internet Explorer.To learn more about these vulnerabilities, seeMicrosoft Common Vulnerabilities andExposures.KB44898731This update helps protect against DLLpreloading vulnerabilities in softwareapplications on the Windows platform.KB22641071with administrative user rights. To learn moreabout this vulnerability, see Microsoft CommonVulnerabilities and Exposures CVE-2017-0160.03-2019 CumulativeSecurity Update forInternet Explorer03-2010Security Update

The Windows Malicious Software Removal Tool(MSRT) helps remove malicious software fromcomputers that are running any of thefollowing operating systems:01-2019Malicious Software ToolUpdate 201920162012 R220122008KB8908301

The following are important updates for the BD EpiCenter on the Windows 7 operatingsystem that were validated by BD:Patch NamePatch DescriptionThis security update resolves vulnerabilities inMicrosoft .NET Framework that could allow thefollowing: 02-2019.NET 3.5.1Framework Securityupdate02-2019.NET 3.5.1 Quality rollupA Remote Code Execution vulnerabilityin .NET Framework software if thesoftware does not check the sourcemarkup of a file. An attacker whosuccessfully exploits the vulnerabilitycould run arbitrary code in the contextof the current user. If the current user islogged on by using administrative userrights, an attacker could take control ofthe affected system. An attacker couldthen install programs; view, change, ordelete data; or create new accounts thathave full user rights. Users whoseaccounts are configured to have feweruser rights on the system could be lessaffected than users who haveadministrative user rights.This security update resolves vulnerabilities inMicrosoft .NET Framework that could allow thefollowing: A Remote Code Execution vulnerabilityin .NET Framework software if thesoftware does not check the sourcemarkup of a file. An attacker whosuccessfully exploits the vulnerabilitycould run arbitrary code in the contextof the current user. If the current user islogged on by using administrative userrights, an attacker could take control ofthe affected system. An attacker couldthen install programs; view, change, ordelete data; or create new accounts thathave full user rights. Users whoseaccounts are configured to have feweruser rights on the system could be lessaffected than users who haveadministrative user rights.Patch IDNotesKB44834831KB4483458

This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update. Keychanges include: 01-2019 Security rollupfor Win7Provides protections against anadditional subclass of speculativeexecution side-channel vulnerabilityknown as Speculative Store Bypass(CVE-2018-3639) for AMD-basedcomputers. These protections aren'tenabled by default. For Windows client(IT pro) guidance, follow the instructionsin KB4073119. For Windows Serverguidance, follow the instructions inKB4072698. Use these guidancedocuments to enable mitigations forSpeculative Store Bypass (CVE-20183639). Additionally, use the mitigationsthat have already been released forSpectre Variant 2 (CVE-2017-5715) andMeltdown (CVE-2017-5754). Addresses an issue that affectsPowerShell remoting loop back usingnon-administrator accounts. For moredetails, see Windows Security changeaffecting PowerShell. Addresses an issue related to the dateformat for the Japanese Era calendar.For more information, see KB4469068. Addresses an issue that causes theGetCalendarInfo function to return awrong value for the Japanese Era. Formore information, see KB4469068. Security updates to Windows Kernel,Windows Storage and Filesystems,Windows Wireless Networking, and theMicrosoft JET Database Engine.KB4480960This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update. Keychanges include: 12-2018Monthly Rollup for Win7 Provides protections against anadditional subclass of speculativeexecution side-channel vulnerabilityknown as Speculative Store Bypass(CVE-2018-3639) for AMD-basedcomputers. These protections aren'tenabled by default. For Windows client(IT pro) guidance, follow the instructionsin KB4073119. For Windows Serverguidance, follow the instructions inKB4072698. Use these guidancedocuments to enable mitigations forSpeculative Store Bypass (CVE-20183639). Additionally, use the mitigationsthat have already been released forSpectre Variant 2 (CVE-2017-5715) andMeltdown (CVE-2017-5754).Addresses an issue that affectsPowerShell remoting loop back usingKB44713281

non-administrator accounts. For moredetails, see Windows Security changeaffecting PowerShell.12-2018.NET 3.5.1 FrameworkSecurity08-2018.NET 3.5.1 FrameworkSecurity Addresses an issue related to the dateformat for the Japanese Era calendar.For more information, see KB4469068. Addresses an issue that causes theGetCalendarInfo function to return awrong value for the Japanese Era. Formore information, see KB4469068. Security updates to Windows Kernel,Windows Storage and Filesystems,Windows Wireless Networking, and theMicrosoft JET Database Engine.This security update resolves a vulnerability inMicrosoft .NET Framework that could allowremote code execution when Microsoft .NETFramework doesn't validate input correctly. Anattacker who successfully exploits thisvulnerability could take control of an affectedsystem. The attacker could then installprograms; view, change, or delete data; orcreate new accounts that use full user rights.Users whose accounts are configured to havefewer user rights on the system could be lessaffected than users who operate withadministrative user rights.This security update resolves an informationdisclosure vulnerability in Microsoft .NETFramework that could allow an attacker to accessinformation in multi-tenant environments. Thevulnerability is caused when .NET Framework isused in high-load/high-density networkconnections in which content from one streamcan blend into another stream.KB44706001KB43441771KB43388231This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update. Keychanges include: 07-2018Security Update Provides protections for an additionalvulnerability involving side-channelspeculative execution known as LazyFloating Point (FP) State Restore (CVE2018-3665) for 64-Bit (x64) versions ofWindows.Security updates to Windows apps,Windows graphics, Windows Shell,Windows datacenter networking,Windows wireless networking, andWindows virtualization.

This security update resolves the followingvulnerabilities:07-2018.NET 3.5.1 FrameworkSecurity05-2018SecurityUpdate A "remote code execution" vulnerabilityexists when .NET Framework does notvalidate input correctly. An attacker whosuccessfully exploits this vulnerabilitycould take control of an affected system.An attacker could then install programs;view, change, or delete data; or createnew accounts that have full user rights.Users whose accounts are configured tohave fewer user rights on the systemcould be less affected than users whohave administrative user rights. Toexploit the vulnerability, an attackerwould have to pass specific input to anapplication through susceptible .NETFramework methods. This securityupdate addresses the vulnerability bycorrecting how .NET Frameworkvalidates input. To learn more about thisvulnerability, see Microsoft CommonVulnerabilities and Exposures CVE-20188284. An "elevation of privilege" vulnerabilityexists in .NET Framework that couldallow an attacker to elevate their userrights level. To exploit the vulnerability,an attacker would first have to accessthe local computer, and then run amalicious program. This updateaddresses the vulnerability by correctinghow .NET Framework enables COMobjects. To learn more about thisvulnerability, see Microsoft CommonVulnerabilities and Exposures CVE-20188202. A "security feature bypass" vulnerabilityexists when .NET Frameworkcomponents do not correctly validatecertificates. An attacker could presentexpired certificates when challenged.This security update addresses thevulnerability by making sure that .NETFramework components correctlyvalidate certificates. To learn moreabout this vulnerability, see MicrosoftCommon Vulnerabilities and ExposuresCVE-2018-8356.This update resolves a vulnerability inMicrosoft .NET Framework that could causedenial of service when .NET Framework and .NETcore components process XML documentsincorrectly. An attacker who has successfullyexploited this vulnerability could cause a denialof service against a .NET Framework application.To learn more about this vulnerability, seeMicrosoft Common Vulnerabilities and ExposuresCVE-2018-0765.Additionally, this update resolves a securityfeature bypass vulnerability in Windows thatKB43386121KB40955141

could allow an attacker to bypass Device Guard.An attacker who successfully exploits thisvulnerability could circumvent a User Mode CodeIntegrity (UMCI) policy on the computer. To learnmore about this vulnerability, see MicrosoftCommon Vulnerabilities and Exposures CVE2018-1039.This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update. Keychanges include:12-2017Security Update11-2017Security Update Addresses additional issues withupdated time zone information. Security updates to the MicrosoftScripting Engine and Windows Server.This security update includes qualityimprovements. No new operating systemfeatures are being introduced in this update. Keychanges include: Addressed issue where applicationsbased on the Microsoft JET DatabaseEngine (Microsoft Access 2007 and olderor non-Microsoft applications) fail whencreating or opening Microsoft Excel .xlsfiles. The error message is: “Unexpectederror from external database driver (1).(Microsoft JET Database Engine)". 11-2017.NET 3.5.1 urity updates to Microsoft WindowsSearch Component, Windows MediaPlayer, Microsoft Graphics Component,Windows kernel, and Windows kernelmode drivers.This security update resolves a vulnerability inthe Microsoft .NET Framework that could allowremote code execution when Microsoft .NETFramework processes untrusted input. Anattacker who successfully exploits thisvulnerability by using the .NET Framework couldtake control of an affected system. The attackercould then install programs; view, change, ordelete data; or create new accounts that havefull user rights. Users whose accounts areconfigured to have fewer user rights on thesystem could be less affected than users whooperate by using administrative user rights.

09-2017.NET 3.5.1 FrameworkSecurityThis security update resolves a vulnerability inthe Microsoft .NET Framework that could allowremote code execution when Microsoft .NETFramework processes untrusted input. Anattacker who successfully exploits thisvulnerability in software by using the .NETFramework could take control of an affectedsystem. An attacker could then install programs;view, change, or delete data; or create newaccounts that have full user rights. Users whoseaccounts are configured to have fewer user rightson the system could be less affected than userswho operate by using administrative user 77WPAD Security UpdateThis security update resolves vulnerabilities inMicrosoft Windows. The vulnerabilities couldallow elevation of privilege if the Web Proxy AutoDiscovery (WPAD) protocol falls back to avulnerable proxy discovery process on a targetsystem.KB3161949106-2016MS16-072Security UpdateThis security update resolves a vulnerability inMicrosoft Windows. The vulnerability could allowelevation of privilege if an attacker launches aman-in-the-middle (MiTM) attack against thetraffic passing between a domain controller andthe target machine.KB31593981This article describes an update that addressesan issue in Windows Server 2012, Windows 7Service Pack 1 (SP1), and Windows Server 2008R2 SP1 that is described in the followingKnowledge Base article:10-2017Security Update05-2017.NET 3.5.1 FrameworkSecurityThe .NET Framework 4.7 installation is blockedon Windows 7, Windows Server 2008 R2 andWindows Server 2012 because of a missingd3dcompiler updateThis security update for the Microsoft .NETFramework resolves a security feature bypassvulnerability in which the .NET Framework (andthe .NET Core) components do not completelyvalidate certificates. To learn more about thisvulnerability, see Microsoft CommonVulnerabilities and Exposures CVE-2017-0248.This update also contains security-enhancingfixes to the Windows Presentation FrameworkPackageDigitalSignatureManagercomponent's ability to sign packages with theSHA256 hash algorithm.

This security update resolves a vulnerability inMicrosoft Windows. The vulnerability could allowremote code execution if Windows Media Centeropens a specially crafted Media Center link (.mcl)file that references malicious code. An attackerwho successfully exploited this vulnerability couldgain the same user rights as the current user.Users whose accounts are configured to havefewer user rights on the system could be lessaffected than those who operate withadministrative user rights.KB3150220103-2016Security UpdateThis security update resolves a vulnerability inMicrosoft Windows. The vulnerability could allowelevation of privilege if the Windows SecondaryLogon Service fails to properly manage requesthandles in memory.KB3139914103-2016 Security UpdateThis security update resolves a vulnerability inMicrosoft Windows. The vulnerability could allowelevation of privilege if an attacker with physicalaccess inserts a specially crafted USB device intothe system.KB31393981KB31272201KB3126587105-2016 Security Update02-2016MS16-019.NET 3.5.1 FrameworkSecurity Update02-2016MS16-014Security Only MultipleUpdateThis update resolves a vulnerability in theMicrosoft .NET Framework. The vulnerabilitycould allow denial of service if an attacker insertsspecially crafted XSLT into a client-side XML webpart that causes recursive calls on the server. Tolearn more about this vulnerability, see MicrosoftSecurity Bulletin MS16-019.This security update resolves vulnerabilities inWindows. The most severe of the vulnerabilitiescould allow remote code execution if an attackeris able to log on to a target system and run aspecially crafted application. To learn more aboutthe vulnerabilities, see Microsoft Security BulletinMS16-014.

02-2016MS16-019.NET 3.5.1 Frameworksecurity updateThis update resolves a vulnerability in theMicrosoft .NET Framework. The vulnerabilitycould allow denial of service if an attacker insertsspecially cra

BD has identified patches from Microsoft that have been identified as critical or security related for May 2019. These patches were not found to adversely affect BD products and will be applied according to customers' service agreement. Customers that maintain patches independent of BD automated delivery should ensure the