Windows 7: Patchday Review September 2019

win7[German]Microsoft has released a rollup and a security-only update as well as a Servicing Stack Update (SSU) on September 10, 2019. The Security-only update comes with telemetry, the updates may cause installation issues and the SSU has a surprise in its baggage. Here is an overview of what is known so far.


had described the updates in the blog post Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019). Below I try to summarize information, which is I got from readers as comments or which I outlined in other blog posts.

Security-only Update KB4516033 with Telemetry

For years, the rollup updates for Windows 7 were equipped with telemetry functions, but the security-onlye updates were telemetry-free. Users who didn't want any new telemetry functions installed the Security-online updates. Already in July update KB4507456. was rolled out with telemetry functions surprisingly for me. I had written in the blog post Windows 7 Update KB4507456 (security only) with Telemetry about this fact. 

Telemetry is also included with the security-only update KB4516033, released on September 10, 2019. Details about this update including the question what to do against telemetry can be found in the article Windows 7: Security-only Update KB4516033 with Telemetry.

Refreshing the Servicing Stack Update KB4516655

Microsoft has begun rolling out regularly updated Servicing Stack Updates (SSUs) for Windows 7 and Windows 10 at patchday. But Microsoft's documentation on the updated SSUs is clue less:

This update improves the quality of the service stack, which is the component that installs Windows updates.

Microsoft also strongly recommends that you install the latest Service Stack Update (SSU) before installing the latest Cumulative Updates (LCU). For Windows 7, this would be Rollup and Security-only updates.Microsoft says:


By installing service stack updates (SSU), you ensure that you have a robust and reliable service stack so that your devices can receive and install Microsoft security fixes.

However, with the SSU KB4516655 shipped on September 10, 2019, it was again the case that it was automatically installed after the Rollup update installation. This users to worry, as can be seen in the following comment.

I was offered KB4516655 in Windows Update, when I had already successfully installed the updates KB4516065 – KB4514602 – KB4474419.

I had discussed it in this comment, Microsoft fixes issues with refreshed SSUs. Unfortunately Microsoft doesn't get it solved that the update client installs the patches in the required order (I mentioned this in the blog post Windows 10: SSU issue addressed in SCCM UserVoice). In many cases the installation goes well and the SSU will be installed on the system afterwards. But in some cases update installation fails because of the missing SSU. Then the SSU installation need to be forced and the user need to wait until the SSU has been installed. Then the failed update has to be re-installed.

The above procedure does not seem necessary for the September 2019 update. That SSU KB451665 does not seem to fix any bugs. German blog reader Bolko has inspected the package and according to his comment here found a new file:

The new Servicing Stack Update KB4516655 contains a file to install the updates from February 2020: ExtendedSecurityUpdatesAI.dll

This file did not exist in the previous Servicing Stack Update KB4490628.

When manually installing an SSU, be aware that no other installation procedures should be performed when installing an SSU.

Revision Version 3 of the SHA-2 update KB4474419

Since August 2019, the SHA-2 update (KB4474419/) must be installed in order to install further updates. In the German comment here blog reader Gerold points out that the SHA-2 update KB4474419 has been refreshed to version v3. Microsoft writes about it:

This security update was updated on September 10, 2019 to include Start Manager files, thereby preventing startup errors on Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2..

Users who experience problems with nonbooting systems after installing Update KB4516065 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) or Update KB4516033 (Security-only Update) should repair the system and then download and manually install the updated SHA-2 Update KB4474419 v3 from the Microsoft Update Catalog. This could also help with other installation problems with the September 2019 Windows 7 updates. 

Update installation terminates with error 0x80092004

Within this comment, a user reports that the update installation ends with error code 0x80092004. The error code 0x80092004 stands for CRYPT_E_NOT_FOUND. There are some bugs in the SHA-2/Bitlocker patch environment in imho. I had discussed the problem for August 2019 in the blog post Windows Updates KB4512506/KB4512486 drops error 0x80092004

Similar articles:
Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019)
Windows 7 Update KB4507456 (security only) with Telemetry
Windows 7: Security-only Update KB4516033 with Telemetry
Windows Updates KB4512506/KB4512486 drops error 0x80092004
Windows 7: Reinstallation causes boot error 0xc0000428
Windows 10: SSU issue addressed in SCCM UserVoice

Cookies helps to fund this blog: Cookie settings

This entry was posted in Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *