Patchday: Updates for Windows 7/8.1/Server (Nov. 12, 2019)

Windows Update[German]On November 12, 2019, Microsoft released several (security) updates for Windows 7 SP1 and further updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.


Advertising

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support to successfully install the security updates.

KB4525235 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4525235 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes of October 2019) improvements and bug fixes and addresses the following:

  • Addresses an issue that prevents a 16-bit Visual Basic 3 (VB3) application or other VB3 applications from running.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Addresses an issue with temporary user profiles in an environment in which user profile disks (UPD) are deployed and cached roaming profiles are not deleted when the “Delete cached copies of roaming profiles” policy is enabled.
  • Security updates to Microsoft Scripting Engine, Windows Input and Composition, Microsoft Graphics Component, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.

This update is automatically downloaded and installed via Windows Update. The package is also available via Microsoft Update Catalog and will be distributed via WSUS. The installation requires that the SSU (KB4490628  of March 2019 and the SHA-2 update KB4474419 of September 10, 2019) is already installed. If installed via Windows Update, it will be installed automatically. After the update installation, Microsoft recommends to install the SSUKB4523206 (if not already installed).

Since August 2019, the SHA-2 update (KB4474419) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS. Microsoft has made an update on October 8, 2019. The update should be updated automatically.

Microsoft does not list a known problem for this update.

KB4525233 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4525233 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.


Advertising

  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Security updates to Windows Input and Composition, Microsoft Graphics Component, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.

The update is available via WSUS or in the Microsoft Update Catalog. To install the update, you must meet the prerequisites listed in the KB article and above in the Rollup Update.

When deploying WSUS, make sure that the SSU and SHA-2 updates mentioned above are installed – the automatic installation will not then be performed via Windows Update. After installation, Windows must be restarted before the Security-only Update is installed. You should also install the security update KB4525106 for IE, as this closes a 0-day vulnerability. Microsoft does not list any known issues with this update. Whether telemetry functions are included this time is currently unknown.

Updates foür Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page. .

KB4525243 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4525243 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following items.

  • Addresses an issue that prevents a 16-bit Visual Basic 3 (VB3) application or other VB3 applications from running.
  • Addresses an issue that causes only one Bluetooth Basic Rate device to function properly on some Bluetooth controllers after installing the August 13, 2019 update.
  • Addresses an issue that causes error 0x7E when you connect Bluetooth devices after installing the June 11, 2019 update.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Addresses an issue with temporary user profiles in an environment in which user profile disks (UPD) are deployed and cached roaming profiles are not deleted when the “Delete cached copies of roaming profiles” policy is enabled.
  • Security updates to Microsoft Scripting Engine, Internet Explorer, Microsoft Graphics Component, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. For manual installation, the latest Servicing Stack Update (SSU) must be installed first.

The update has a known problem: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4525250 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4525250 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following intems.

  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Use the registry setting as described in the Guidance KB article. (This registry setting is disabled by default.)
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
  • Security updates to Microsoft Graphics Component, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.

The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known problems as the rollup update, these are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. In addition, you should also install the  KB4525106 security update for IE, as this fixes a 0-day vulnerability. In this update, Microsoft lists the same known issues as for update KB4525243.

Similar articles:
Microsoft Office Patchday (November 5, 2019)
Microsoft Security Update Summary (November 12, 2019)
Patchday: Updates für Windows 7/8.1/Server (12. Nov. 2019)
Patchday Windows 10 Updates (November 12, 2019)
Patchday Microsoft Office Updates (November 12, 2019)
Office November 2019 Updates are causing Access Error 3340


Advertising


This entry was posted in Security, Update, Windows and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *