[German]On September 10, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.
Advertising
Updates for Windows 7/Windows Server 2008 R2
For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support to successfully install the security updates.
KB4516065 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB4516065 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes and addresses the following items:
- Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
- Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Kernel, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.
In addition to the many unnamed vulnerabilities, the update once again addresses vulnerabilities caused by speculative side-channel attacks. This update is automatically downloaded and installed via Windows Update. The package is also available via Microsoft Update Catalog and again distributed via WSUS. The installation requires that the latest SSU (KB4516655) is already installed. If you install it via Windows Update, it will be installed automatically.
Since August 2019, the SHA-2 update (KB447444419) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS.
For this update, Microsoft lists the known issue that users may receive an error when opening or using the Toshiba Qosmio AV Center after installing this update. Errors may also occur in the event log associated with cryptnet.dll. Microsoft is working with Toshiba to resolve this issue and will provide a fix with upcoming updates.
But there is a second problem: VBScript in Internet Explorer 11 should be disabled by default after installing KB4507437 (preview of monthly rollup) or KB4511872 (Internet Explorer cumulative update) and later. Under certain circumstances, however, VBScript may not be disabled as intended. The KB article contains instructions on how to solve the issue.
Advertising
KB4516033 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB4516033 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the same issues as Update KB4516065 (see above). The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU) (see above). You should also install the security update KB4516046 or IE. In this update, Microsoft lists the same Toshiba AV Security Center issues as for update KB4516033.
Updates foür Windows 8.1/Windows Server 2012 R2
For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.
KB4516067 (Monthly Rollup) for Windows 8.1/Server 2012 R2
Update KB4516067 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following istems.
- Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
- Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.
This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog For manual installation, the latest Servicing Stack Update (SSU) must be installed first.
The update has a known problem: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.
KB4516064 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB4516064 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same points as update KB4516067. The update is available via WSUS or via the Microsoft Update Catalog. The update also has known issues that are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed beforehand. For this update, Microsoft lists the same issues as for update KB4512488. You should also install the KB4516046 update for IE.
Similar articles:
Microsoft Office Patchday (September 3, 2019)
Adobe Flash Player 32.0.0.255
Microsoft Security Update Summary (September 10, 2019)
Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019)
Patchday: Windows 10 Updates (September 10, 2019)
Patchday Microsoft Office Updates (September 10, 2019)
Advertising