KB5019959 Cumulative Update for Windows 10

KB5019959 is November month’s cumulative update for Windows 10 versions 20H2, 21H1, 21H2, and 22H2. The update was released on 8th November. We look at some important aspects of KB5019959 for Windows 10 below.

Salient points about KB5019959 for Windows 10

  • KB5019959 is a cumulative update for Windows 10 versions 20H2, 21H1, 21H2, and 22H2.
  • For Windows 10 versions 20H2, 21H1 and 21H2, KB5019959 replaces or supersedes KB5018410. KB5018410 is October month’s cumulative update for Windows 10. You can read more about KB5018410 on this page.
  • KB5019959 also contains all changes that are part of the KB5020435, KB5018482, and KB5020953. KB5020435 and KB5020953 are out of band (OOB) updates. KB5018482 is a preview update.
  • KB5019959 also resolved security vulnerabilities on Windows 10 systems. There are four zero-day vulnerabilities on Windows 10 versions 20H2, 21H1, 21H2, and 22H2. These vulnerabilities are CVE-2022-41091, CVE-2022-41073, CVE-2022-41118 and CVE-2022-41128.
  • Windows 10 build 2251 corresponds to KB5019959. Depending on your Windows 10 version, the finalized builds on Windows 10 would be OS Builds 19042.2251, 19043.2251, 19044.2251, and 19045.2251.

Installing KB5019959 on Windows 10

The best method to patch Windows 10 systems is through an automated patch deployment. You can use one of the following automated deployment processes for Windows 10:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

If you intend to make use of WSUS for deploying KB5019959, you can configure the product classification as under:

  • Product: Windows 10, version 1903 and later
  • Classification: Security Updates

This should enable WSUS to pull security updates for Windows 10 versions 20H2, 21H1, 21H2, and 22H2.

KB5019959 can be deployed manually through an offline installer file. For this, you can check the Microsoft Catalog page for KB5019959. For ready reference, the download links for Windows 10 security update KB5019959 are shared below.

Download KB5019959 for Windows 10 versions 20H2, 21H1, 21H2 and 22H2

You can download the MSU update files for Windows 10 versions 20H2, 21H1, 21H2, and 22H2 from the direct download links shared below.

Download KB5019959 for Windows 10 20H2 version

Windows 10 versionDownload linkUpdate size
Windows 10 20H2 x86 Download KB5019959356.9 MB
Windows 10 20H2 ARM64Download KB5019959707.4 MB
Windows 10 20H2 x64Download KB5019959687 MB

Download KB5019959 for Windows 10 version 21H1

Windows 10 versionDownload updateUpdate size
Windows 10 version 21H1 x86Download KB5019959356.9 MB
Windows 10 version 21H1 ARM64Download KB5019959707.4 MB
Windows 10 version 21H1 x64Download KB5019959687 MB

Download KB5019959 for Windows 10 version 21H2

Windows 10 versionDownload updateUpdate size
Windows 10 version 21H2 x86Download KB5019959356.9 MB
Windows 10 version 21H2 ARM64Download KB5019959707.4 MB
Windows 10 version 21H2 x64Download KB5019959687 MB

Download KB5019959 for Windows 10 version 22H2

Windows 10 versionDownload updateUpdate size
Windows 10 version 22H2 x86Download KB5019959356.9 MB
Windows 10 version 22H2 ARM64Download KB5019959707.4 MB
Windows 10 version 22H2 x64Download KB5019959687 MB

Upon installing these security updates, the Windows 10 computer may restart for the update to take effect. So, please plan for any change management sequence accordingly.

Prerequisites before installing KB5019959 on Windows 10

There are specific requirements for the cumulative updates or Servicing Stack Updates before installing KB5019959 on Windows versions 20H2, 21H1, 21H2 or 22H2.

  • For WSUS deployments, your systems should have had May 2021 cumulative update KB5003173 or any later cumulative update on the system. If your Windows 10 systems do not have May 2021 cumulative update or any later cumulative update, please install the Servicing Stack Update KB5005260 to comply. The size of the Servicing Stack Update file is under 15 MB and it can be installed without causing system reboot.

Zero-day vulnerabilities on Windows 10 under KB5019959

The following zero-day threats affect Windows 10 versions 20H2, 21H1, 21H2 and 22H2. These threats are patched in KB5019959 for Windows 10.

VulnerabilityImpactSeverity
CVE-2022-41091Windows Mark of the Web Security Feature Bypass Vulnerability5.4
CVE-2022-41125Elevation of Privileges on Windows CNG Key Isolation Service.7.8
CVE-2022-41128Remote Code Execution on Windows Scripting Languages (only affects Windows Server 2019, does not affect Windows Server 2019 Server Core installation).8.8
CVE-2022-41073Elevation of Privileges on Windows Print Spooler.7.8