Patchday: Updates for Windows 7/8.1/Server (April 14, 2020)

Windows Update[German]On April 14, 2020, Microsoft released various (security) updates for Windows 7 SP1 (ESU) and other updates for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.


Advertising

Updates for Windows 7/Windows Server 2008 R2

A rollup and a security-only update have been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. However, these updates are now only available for systems with ESU licenses. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support for successful installation of the security updates.

Starting January 15, 2020, Windows 7 will display a full-screen notification of the end of support in Starter, Home Basic, Home Premium, Professional (without ESU license) and Ultimate. This must then be closed by the user.

As of January 14, 2020, Windows 7 SP1 and Windows Server 2008 R2 SP1 have reached the end of support and will only receive paid security updates under the ESU program. ESU license holders should visit the Windows Message Center for details.

Microsoft has also updated the Techcommunity article on the ESU program for 2/11/22020. Please refer to the notes on requirements (SSU, SHA-2). Additionally, for ESU systems, you must manually install update KB4538483 from the Update Catalog.

Because the updates are provided in the Microsoft Update Catalog, do not attempt to install them on non-ESU systems. The installation fails and a rollback occurs. But what works: Apply the BypassESU method described in the links at the end of this article (see Windows 7: Forcing February 2020 Security Updates– Part 1). This night somebody has confirmed to me that the April updates could be installed with this solution.

KB4550964 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4550964 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) includes (in addition to the security fixes from the previous month) improvements and bug fixes and addresses the following:

  • Addresses an issue that might cause certain operations, such as rename, to fail when you perform those operations on files or folders that are on a Cluster Shared Volume (CSV). The error is, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This issue occurs when you perform the operation on a CSV owner node from a process that doesn't have administrator privilege.
  • Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Kernel, Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.

Compared to the previous months, nothing has changed for ESU systems. This update is automatically downloaded and installed by Windows Update. The package is also available through the Microsoft Update Catalog and is distributed via WSUS. Details about the requirements and known issues can be found in the KB article. This article also provides information about which SSUs are required and known issues with the update.

KB4550965 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4550965 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the following issues.

  • Addresses an issue that might cause certain operations, such as rename, to fail when you perform those operations on files or folders that are on a Cluster Shared Volume (CSV). The error is, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This issue occurs when you perform the operation on a CSV owner node from a process that doesn't have administrator privilege.
  • Security updates to Windows Kernel, Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.

The update is available via WSUS or in the Microsoft Update Catalog.To install the update, you must meet the prerequisites listed in the KB article and in the Rollup Update above. In addition, the security update KB4550905 for IE should also be installed.


Advertising

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4550961 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4550961 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.

Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Kernel, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. For a manual installation, the latest Servicing Stack Update (SSU KB4550961) must be installed first.

The update has a known issue: Certain actions, such as renaming, that you perform on files or folders that are located on a cluster shared volume (CSV) may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4550970 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4550970 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

Security updates to Windows Kernel, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.

The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known issues as the rollup update, which are described in the KB article. In case of a manual installation the latest Servicing Stack Update (SSU) must be installed before. You should also install the security update KB4550905 for Internet Explorer.

Similar articles:
Microsoft Office Patchday (April 7, 2020)
Microsoft Security Update Summary (April 14, 2020)
Patchday: Windows 10 Updates (April 14, 2020)
Patchday: Updates for Windows 7/8.1/Server (April 14, 2020)

Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4

Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial

Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security, Update, Windows and tagged , , , , , , , , . Bookmark the permalink.

One Response to Patchday: Updates for Windows 7/8.1/Server (April 14, 2020)

  1. Ed says:

    Possible mistake
    KB4550961 (Monthly Rollup) for Windows 8.1/Server 2012 R2
    "This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. For a manual installation, the latest Servicing Stack Update (SSU KB4550961) must be installed first".

    To manually install KB4550961 this must be installed first? Catch-22?

Leave a Reply

Your email address will not be published. Required fields are marked *