[German]On June 11, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.
Advertising
Updates for Windows 7/Windows Server 2008 R2
For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.
KB4503292 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB4503292 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in last month's update. The update addresses the following:
- Addresses an issue with the HTTP and HTTPS string character limit for URLs when using Internet Explorer.
- Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, and the Microsoft JET Database Engine.
This update is automatically downloaded and installed by Windows Update. The package is also available via Microsoft Update Catalog. Installation requires that the latest SSU is already installed. If you install it using Windows Update, it will be installed automatically.
Known Issues
Also in this update, Microsoft explicitly mentions issues related to Mc Afee antivirus software. There is the issue identified in April 2019 on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8. The antivirus solution may cause the system to boot slowly after this update is installed, or may cause the system to stop responding when rebooted. Mc Afee provides a workaround in the posts linked in the KB article.
Internet Explorer 11 may stop working when Power BI reports with line graphs with markers are loaded or interacting with them. This problem can also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.
Advertising
As of April 2019 or update KB4493472, the monthly rollup updates no longer contain the program PciClearStaleCache.exe. This installation utility fixes inconsistencies in the internal PCI cache. This may cause the symptoms listed below when installing monthly updates that do NOT contain PciClearStaleCache:
- Existing NIC definitions in control panel networks may be replaced with a new Ethernet Network Interface Card (NIC) but with default settings. Any custom settings on the previously NIC persist in the registry but were unused.
- Static IP address settings were lost on network interfaces.
- Wi-Fi profile settings were not displayed in the network flyout.
- WIFI network adapters were disabled
These symptoms are particularly common in guest virtual machines and machines that have not been updated since March 2018. Administrators should therefore ensure that one or more of the monthly rollups released between April 10, 2018 (KB 4093118) and March 12, 2019 (KB 4489878) have been installed before installing the April 2019 and later updates. Each of these rollup updates contains the PciClearStaleCache.exe.
KB4503269 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB4503269 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.
Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, and the Microsoft JET Database Engine.
There are no known issues with this update. The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU). If you install the Security Only Update, you must also install KB4503259 for IE. Microsoft is not aware of any problems with this update.
Addenum: I received a feedback from a German blog reader, that this update is causing sync issues on Windows Server 2008 R2 SP1.
Errors in the event log:
Source: User Profile Service
Event ID: 1504The server saved profile could not be completely updated. For details, see the previous events.
Source: User Profile General
Event ID: 1509
The file C:\User\User\ could not be copied to \\\server\Path\User\. Possible causes are network problems or insufficient security rights.Details – A file cannot be created if it already exists.
I've published the German article Windows Server 2008 R2: Update KB4503269 bringt Sync-Fehler bei TS-Profilen. But there seems no final solution yet (uninstalling the update helped only temporary).
Updates for Windows 8.1/Windows Server 2012 R2
For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.
KB4503276 (Monthly Rollup) for Windows 8.1/Server 2012 R2
Update KB4503276 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the previous month's rollup. It also addresses the following points.
- Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, "Your Bluetooth device attempted to establish a debug connection….", then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
- Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
- Addresses an issue with the HTTP and HTTPS string character limit for URLs when using Internet Explorer.
- Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, and the Microsoft JET Database Engine.
This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog. Update KB4503276 has several known issues (including issues with McAfee), some of which occurred as early as April 2019.
KB4503290 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB4503290 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.
- Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
- Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, "Your Bluetooth device attempted to establish a debug connection….", then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.
- Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Internet Information Services, and the Microsoft JET Database Engine.
The update is available via WSUS or in the Microsoft Update Catalog. If you install the Security Only Update, you must also install KB4503259 for IE. The update also has known issues that are described in the KB article.
Similar articles:
Adobe security updates for Flash, ColdFusion, Campaign
Microsoft Office Patchday (June 4, 2019)
Microsoft Security Update Summary (June 11, 2019)
Patchday: Updates for Windows 7/8.1/Server (June 11, 2019)
Patchday Windows 10 Updates (June 11, 2019)
Patchday Microsoft Office Updates (June 11, 2019)
Advertising