Patchday: Updates for Windows 7/8.1/Server (Dec. 10, 2019)

Windows Update[German]On December 10, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.


Advertising

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support to successfully install the security updates.

Starting January 15, 2020, Windows 7 will display a full-screen end of support notification in Starter, Home Basic, Home Premium, Professional (without ESU license) and Ultimate. This must then be closed by the user.

KB4530734 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4530734 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) addresses (besides the security fixes of October 2019) the following security issues:

Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows Server.

The security advisories tells that CVE-2019-1458 (a Win32k elevation of privilege vulnerability) has been closed in Win32k. The privilege escalation is possible if the Win32k component does not properly process objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code in kernel mode. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges. To exploit this vulnerability, an attacker must first log on to the system. An attacker could then run a specially developed application that could exploit the vulnerability and take control of an affected system.

This update is automatically downloaded and installed via Windows Update. The package is also available via Microsoft Update Catalog and will be distributed via WSUS. The installation requires that the SSU (KB4490628 of March 2019 and the SHA-2 update KB4474419 of September 10, 2019) is already installed. If installed via Windows Update, it will be installed automatically. After the update installation Microsoft recommends to install the SSUKB4531786 (if not already installed). This SSU was released on December 10, 2019 and brings improvements to the Service Stack.

Since August 2019, the SHA-2 update (KB4474419) must be installed before installing this security update. Newer updates will only be delivered via SHA-2 Code Signing for Windows Update and WSUS. Microsoft has made an update on October 8, 2019. The update should be updated automatically.

Microsoft does not list a known issue for this update.


Advertising

KB4530692 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4530692 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.

Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. To install the update, you must meet the prerequisites listed in the KB article and above in the Rollup Update.

When deploying WSUS, make sure that the SSU and SHA-2 updates mentioned above are installed – the automatic installation will not then be performed via Windows Update. After installation, Windows must be restarted before the Security-only Update is installed. You should also install the security update KB4530677 for IE. Microsoft does not list any known problems with this update. Whether telemetry functions are included this time is currently unknown.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4530702 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4530702 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

Security updates to Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows  Server.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. For manual installation, the latest Servicing Stack Update (SSU) must be installed first.

The update has a known problem: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4530730 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4530730 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

Security updates to Windows Virtualization, Windows Kernel, Windows Peripherals, and Windows  Server.

The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known problems as the rollup update, these are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. You should also install the KB4530677 security update for IE. With this update, Microsoft lists the same known issues as for Rollup Update.

Similar articles:
Microsoft Office Patchday (December 3, 2019)
Microsoft Security Update Summary (December 10, 2019)
Patchday: Updates for Windows 7/8.1/Server (Dec. 10, 2019)
Patchday Windows 10-Updates (December 10, 2019)
Patchday Microsoft Office Updates (December 10, 2019)


Advertising


This entry was posted in Security, Update, Windows and tagged , , , , , , , , , . Bookmark the permalink.

10 Responses to Patchday: Updates for Windows 7/8.1/Server (Dec. 10, 2019)

  1. RsB says:

    This patch caused our Server 2008R2 server to have problems – RDP connection failed, DFS Namespace server would not start – the dependant Server service did not start.

    Removed the patch and all is working again.

    Thx MS

    • Adminny says:

      I had the same problems.
      RDP failes, some services failed, very long starting.
      And try to install Security Only KB4530692 – the same problem.
      Removed and it’s ok.

  2. LL says:

    I have problem with the KB4530734 and KB4530692 patches . After the installation of these pathes the Winwows 2008R2 server not booting and goes to the recovery console.
    This problem appear in VMware VM, I created test VM for testing. If you have the same experiance with these patches I will share what I did till that time.

  3. mc says:

    can share the solution?

  4. Advertising

  5. Dave says:

    We had a problem with one of the above updates (unclear which) causing a boot stoppage on windows 7 with file digital signature does not match, c:\windows\system32\winload.exe
    Replaced file with older version using offline linux sysresccd, then windows boots and completes updates.

  6. Randy says:

    my card reader stopped working after the update to Windows 8.1

  7. GK says:

    The issue might occur due to the changes in the winload.exe file location. Please try the below-mentioned steps which help to resolve the issue.

    1. Boot the server either in recovery console or boot via disabling driver signature off (command ‘bcdedit /set {default} nointegritychecks ON’).
    2. Run the following command to change the winload.exe path i.e bcdedit /set {default} path \windows\system32\winload.exe
    3. Once done then reboot the server by turning on driver signing. To enable device driver signing, type “BCDEDIT /set nointegritychecks OFF” then press “Enter“

  8. Deepsys says:

    @GK, Thank you very, very much!!

    Your solution works :-)

Leave a Reply to LL Cancel reply

Your email address will not be published. Required fields are marked *