[German]On September 8, 2020 Microsoft released various (security) updates for Windows 7 SP1 (ESU) and Windows Server 2008 R2. Here is an overview of these updates.
Updates for Windows 7/Windows Server 2008 R2
For Windows 7 SP1 and Windows Server 2008 R2 SP1 a rollup and a security-only update have been released. However, these updates are only available for systems with ESU license. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support for the successful installation of the security updates.
Beginning January 15, 2020, Windows 7 will display a full-screen end-of-support notification in Starter, Home Basic, Home Premium, Professional (without ESU license) and Ultimate. This must then be closed by the user.
As of January 14, 2020, Windows 7 SP1 and Windows Server 2008 R2 SP1 have reached the end of support and will in future only receive paid security updates as part of the ESU program. ESU license holders are advised to take a look at the Windows Message Center for details.
The Techcommunity article on the ESU program was last updated by Microsoft on March 10, 2020. Please refer to the notes on the requirements (SSU, SHA-2). For ESU systems, you must also install the KB4538483 (see Windows 7 ESU-Update KB4538483 (May 2020)) and the update KB4575903 (see Windows 7 ESU Preparation Package Update KB4575903 (July 31, 2020)).
Because the updates are provided in the Microsoft Update Catalog, do not attempt to install them on systems without an ESU license. The installation fails and a rollback is performed. But what works: Apply the BypassESU method. Discussions about using ByPassESU for September 2020 may be found in my German blog here.
Important: From July 2020 all Windows updates disable the RemoteFX vGPU feature due to the CVE-2020-1036 vulnerability (see also KB4570006). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail. More information can be found in the KB article and here.
KB4577051 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB4577051 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes from last month) improvements and bug fixes and addresses the following issues:
- Updates time zone information for Yukon, Canada.
- Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After you install this update, HTTP-based intranet servers cannot leverage a user proxy to detect updates by default. Scans that use these servers will fail if the clients do not have a configured system proxy. If you must leverage a user proxy, you must configure the behavior by using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” This change does not affect customers who secure their Windows Server Update Services (WSUS) servers that use the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. For more information, see Improving security for devices receiving updates via WSUS.
- Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Cryptography, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, the Microsoft Scripting Engine, and Windows SQL components.
Compared to the previous months, nothing has changed for ESU systems. This update is automatically downloaded and installed via Windows Update, but is also availabe within the Microsoft Update Catalog and will be offered on WSUS. Details about the requirements and known issues (without ESU the installation fails and there is a “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)” error) can be found in the KB article.
KB4577053 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB4577053 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the following issues.
Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Cryptography, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, and Windows SQL components.
The update is available via WSUS or in the Microsoft Update Catalog. To install the update, the preconditions listed in the KB article and above for the rollup update must be met.
Additionally, the security update KB4577010 for IE should be installed. Both updates (Rollup, Security-only) contains telemetry components.
Microsoft Office Patchday (September 1, 2020)
Microsoft Security Update Summary (September 1, 2020)
Patchday: Windows 10-Updates (September 8, 2020)
Patchday: Windows 8.1/Server 2012-Updates (September 8, 2020)
Patchday: Updates für Windows 7/Server 2008 R2 (September 8, 2020)
Patchday Microsoft Office Updates (September 8, 2020)
Cookies helps to fund this blog: Cookie settings