[German]On February 11, 220, Microsoft released various (security) updates for Windows 7 SP1 (ESU) and other updates for Windows 8.1 and the corresponding server versions. Here is an overview of these updates. Addition: Various information about Windows 7 added.
Advertising
Updates for Windows 7/Windows Server 2008 R2
A rollup and a security-only update have been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. However, these updates are now only available for systems with an ESU license. The update history for Windows 7 can be found on this Microsoft site. Installation requires installed SHA2 support for successful installation of the security updates.
Beginning January 15, 2020, Windows 7 will display a full-screen end-of-support notification in Starter, Home Basic, Home Premium, Professional (without ESU license), and Ultimate. This must then be closed by the user.
As of January 14, 2020, Windows 7 SP1 and Windows Server 2008 R2 SP1 have reached the end of support and will only receive paid security updates under the ESU program. ESU license holders should visit the Windows Message Center for details.
In addition, Microsoft has updated the Techcommunity article on the ESU program on February 11, 2020. Please refer to the notes on the requirements (SSU, SHA-2). Additionally, for ESU systems, you must manually install update KB4538483 from the Update Catalog.
Because the updates are provided in the Microsoft Update Catalog, do not attempt to install them on non-ESU systems. According to feedback I have received, the installation fails and a rollback occurs.
KB4537820 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB44537820 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes from last month) improvements and bug fixes and addresses:
Security updates to Internet Explorer, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server.
There are some security fixes – Microsoft does not disclose any details. However, a remote code execution vulnerability CVE-2020-0662 in memory object handling has been closed for Windows 7. Compared to the previous months, nothing has changed for ESU systems. This update is automatically downloaded and installed by Windows Update. It is also available from the Microsoft Update Catalog and is distributed via WSUS. Details about the requirements and known issues can be found in the KB article – first installation experiences can be found in my German blog.
The installation requires that the SSU(KB4490628 rom March 2019 and the SHA-2 update KB4474419 from September 10, 2019, but if in doubt, go through the notes here, currently the MS documentation seems inconsistent) is already installed. When installing via Windows Update, this will be installed automatically. After the update installation Microsoft recommends to install SSU KB4536952 (if not already installed).
If you do not have an ESU license and want to continue running Windows 7 SP1 online, you should take a look at the 0patch solution. There is no micro-patch available yet, but I will report as soon as I know details.
In addition to the RCE vulnerability mentioned above, there is CVE-2020-0683 in the MSI installer that has already been exploited.
KB4537813(Security Only) for Windows 7/Windows Server 2008 R2
Update KB4537813 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the following issues.
Advertising
Security updates to Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, and Windows Server.
The update is available via WSUS or in the Microsoft Update Catalog. In order to install the update, the preconditions listed in the KB article and above for the rollup update must be met (but if in doubt, go through the notes here, currently the MS documentation does not seem consistent). In addition, the security update KB4537767 for IE should also be installed.
Note: Currently I can't quite place it, but I'd like to refer you to the tweet from Woody Leonhard:
And that quote… "We investigated and determined that some users encountered issues after attempting to deploy SHA-2 signed updates without fully deploying the latest SHA-2 enablement packages." Sure doesn't sound right to me. How could they install without SHA-2 support?
— Woody Leonhard (@AskWoody) February 11, 2020
Would explain the issues discussed within the blog post Win 7/Server 2008 R2: Boot issues with Update KB4539602 irgendwie erklären.
Updates for Windows 8.1/Windows Server 2012 R2
For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.
KB4537821 (Monthly Rollup) for Windows 8.1/Server 2012 R2
Update KB4537821 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following.
- Disables Microsoft Visual Basic Script (VBScript) by default in the Internet and Restricted sites zones in Internet Explorer and the WebBrowser control.
- Security updates to Internet Explorer, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server.
This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB4524445) must be installed before.
The update has a known issue: Certain actions, such as renaming, that you perform on files or folders that are located on a cluster shared volume (CSV) may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.
KB4537803 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB4537803 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.
Security updates to Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, and Windows Server.
The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known issues as the rollup update, these are described in the KB article. In case of a manual installation the latest Servicing Stack Update (SSU) must be installed before. You should also install the security update KB4537767 for IE. For this update, Microsoft lists the same known issues as for rollup update.
Update KB4502496 for Windows 8.1-10/Server
Microsoft has released also the update KB4502496 for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 and Windows Server 2012.
Addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability.
The update comes via Windows Update and WSUS and can be found in the Microsoft Update Catalog.
Similar articles:
Adobe Flash Player 32.0.0.330 released
Microsoft Office Patchday (February 4, 2020)
Microsoft Security Update Summary (February 11, 2020)
Patchday Windows 10-Updates (February 11, 2020)
Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020)
Patchday Microsoft Office Updates (February 11, 2020)
Pingback: Microsoft Alters Windows Extended Security Updates Requirements Yet Again - Redmondmag.com