{"id":11869,"date":"2019-11-13T13:37:43","date_gmt":"2019-11-13T12:37:43","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=11869"},"modified":"2019-11-19T09:56:50","modified_gmt":"2019-11-19T08:56:50","slug":"patchday-updates-for-windows-7-8-1-server-nov-12-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/11\/13\/patchday-updates-for-windows-7-8-1-server-nov-12-2019\/","title":{"rendered":"Patchday: Updates for Windows 7\/8.1\/Server (Nov. 12, 2019)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline; border-width: 0px;\" title=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/02\/Update.jpg\" alt=\"Windows Update\" width=\"54\" height=\"54\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/11\/13\/patchday-updates-fr-windows-7-8-1-server-12-nov-2019\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]On November 12, 2019, Microsoft released several (security) updates for Windows 7 SP1 and further updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.<\/p>\n<p><!--more--><\/p>\n<h2>Updates for Windows 7\/Windows Server 2008 R2<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/6cab8fb168cd4ab38df19969e59c03cb\" alt=\"\" width=\"1\" height=\"1\" \/>For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4009469\" target=\"_blank\" rel=\"noopener noreferrer\">this Microsoft page<\/a>. Installation requires installed SHA2 support to successfully install the security updates.<\/p>\n<h3>KB4525235 (Monthly Rollup) for Windows 7\/Windows Server 2008 R2<\/h3>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4525235\" target=\"_blank\" rel=\"noopener noreferrer\">KB4525235<\/a> (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes of October 2019) improvements and bug fixes and addresses the following:<\/p>\n<ul>\n<li>Addresses an issue that prevents a 16-bit Visual Basic 3 (VB3) application or other VB3 applications from running.<\/li>\n<li>Provides protections against the Intel\u00ae Processor Machine Check Error vulnerability (<u><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-12207\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-12207<\/a><\/u>). Use the registry setting as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4530989\" target=\"_blank\" rel=\"noopener noreferrer\">Guidance KB article<\/a><em>. <\/em>(This registry setting is disabled by default.)<\/li>\n<li>Provides protections against the Intel\u00ae Transactional Synchronization Extensions (Intel\u00ae TSX) Transaction Asynchronous Abort vulnerability (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2019-11135\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-11135<\/a>). Use the registry settings as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Client<\/a> and <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072698\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server<\/a> articles<em>. <\/em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)<\/li>\n<li>Addresses an issue with temporary user profiles in an environment in which user profile disks (UPD) are deployed and cached roaming profiles are not deleted when the \"Delete cached copies of roaming profiles\" policy is enabled.<\/li>\n<li>Security updates to Microsoft Scripting Engine, Windows Input and Composition, Microsoft Graphics Component, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.<\/li>\n<\/ul>\n<p>This update is automatically downloaded and installed via Windows Update. The package is also available via <a href=\"https:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB4525235\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Update Catalog<\/a> and will be distributed via WSUS. The installation requires that the SSU (<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4490628\" target=\"_blank\" rel=\"noopener noreferrer\">KB4490628<\/a>\u00a0 of March 2019 and the SHA-2 update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4474419\" target=\"_blank\" rel=\"noopener noreferrer\">KB4474419<\/a> of September 10, 2019) is already installed. If installed via Windows Update, it will be installed automatically. After the update installation, Microsoft recommends to install the SSU<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4523206\" target=\"_blank\" rel=\"noopener noreferrer\">KB4523206<\/a> (if not already installed).<\/p>\n<blockquote><p>Since August 2019, the SHA-2 update (<a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4474419\/sha-2-code-signing-support-update\">KB4474419<\/a>) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS. Microsoft has made an update on October 8, 2019. The update should be updated automatically.<\/p><\/blockquote>\n<p>Microsoft does not list a known problem for this update.<\/p>\n<h3>KB4525233 (Security Only) for Windows 7\/Windows Server 2008 R2<\/h3>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4525233\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4525233<\/a> (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.<\/p>\n<ul>\n<li>Provides protections against the Intel\u00ae Processor Machine Check Error vulnerability (<u><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-12207\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-12207<\/a><\/u>). Use the registry setting as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4530989\" target=\"_blank\" rel=\"noopener noreferrer\">Guidance KB article<\/a><em>. <\/em>(This registry setting is disabled by default.)<\/li>\n<li>Provides protections against the Intel\u00ae Transactional Synchronization Extensions (Intel\u00ae TSX) Transaction Asynchronous Abort vulnerability (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2019-11135\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-11135<\/a>). Use the registry settings as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Client<\/a> and <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072698\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server<\/a> articles<em>. <\/em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)<\/li>\n<li>Security updates to Windows Input and Composition, Microsoft Graphics Component, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.<\/li>\n<\/ul>\n<p>The update is available via WSUS or in the <a href=\"http:\/\/catalog.update.microsoft.com\/v7\/site\/Search.aspx?q=KB4525233\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Update Catalog<\/a>. To install the update, you must meet the prerequisites listed in the KB article and above in the Rollup Update.<\/p>\n<p>When deploying WSUS, make sure that the SSU and SHA-2 updates mentioned above are installed &#8211; the automatic installation will not then be performed via Windows Update. After installation, Windows must be restarted before the Security-only Update is installed. You should also install the security update <a href=\"https:\/\/support.microsoft.com\/help\/4525106\" target=\"_blank\" rel=\"noopener noreferrer\">KB4525106<\/a> for IE, as this closes a 0-day vulnerability. Microsoft does not list any known issues with this update. Whether telemetry functions are included this time is currently unknown.<\/p>\n<h2>Updates fo\u00fcr Windows 8.1\/Windows Server 2012 R2<\/h2>\n<p>For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4009470\/windows-8-1-windows-server-2012-r2-update-history\" target=\"_blank\" rel=\"noopener noreferrer\">this Microsoft page<\/a>. .<\/p>\n<h3>KB4525243 (Monthly Rollup) for Windows 8.1\/Server 2012 R2<\/h3>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4525243\" target=\"_blank\" rel=\"noopener noreferrer\">KB4525243<\/a> (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following items.<\/p>\n<ul>\n<li>Addresses an issue that prevents a 16-bit Visual Basic 3 (VB3) application or other VB3 applications from running.<\/li>\n<li>Addresses an issue that causes only one Bluetooth Basic Rate device to function properly on some Bluetooth controllers after installing the August 13, 2019 update.<\/li>\n<li>Addresses an issue that causes error 0x7E when you connect Bluetooth devices after installing the June 11, 2019 update.<\/li>\n<li>Provides protections against the Intel\u00ae Processor Machine Check Error vulnerability (<u><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-12207\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-12207<\/a><\/u>). Use the registry setting as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4530989\" target=\"_blank\" rel=\"noopener noreferrer\">Guidance KB article<\/a><em>. <\/em>(This registry setting is disabled by default.)<\/li>\n<li>Provides protections against the Intel\u00ae Transactional Synchronization Extensions (Intel\u00ae TSX) Transaction Asynchronous Abort vulnerability (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2019-11135\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-11135<\/a>). Use the registry settings as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Client<\/a> and <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072698\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server<\/a> articles<em>. <\/em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)<\/li>\n<li>Addresses an issue with temporary user profiles in an environment in which user profile disks (UPD) are deployed and cached roaming profiles are not deleted when the \"Delete cached copies of roaming profiles\" policy is enabled.<\/li>\n<li>Security updates to Microsoft Scripting Engine, Internet Explorer, Microsoft Graphics Component, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.<\/li>\n<\/ul>\n<p>This update is automatically downloaded and installed by Windows Update, but is also available in the <a href=\"http:\/\/catalog.update.microsoft.com\/v7\/site\/Search.aspx?q=KB4525243\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Update Catalog<\/a> and via WSUS. For manual installation, the latest Servicing Stack Update (SSU) must be installed first.<\/p>\n<p>The update has a known problem: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.<\/p>\n<h3>KB4525250 (Security-only update) for Windows 8.1\/Server 2012 R2<\/h3>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4525250\" target=\"_blank\" rel=\"noopener noreferrer\">KB4525250<\/a> (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following intems.<\/p>\n<ul>\n<li>Provides protections against the Intel\u00ae Processor Machine Check Error vulnerability (<u><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-12207\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-12207<\/a><\/u>). Use the registry setting as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4530989\" target=\"_blank\" rel=\"noopener noreferrer\">Guidance KB article<\/a><em>. <\/em>(This registry setting is disabled by default.)<\/li>\n<li>Provides protections against the Intel\u00ae Transactional Synchronization Extensions (Intel\u00ae TSX) Transaction Asynchronous Abort vulnerability (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2019-11135\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-11135<\/a>). Use the registry settings as described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Client<\/a> and <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072698\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server<\/a> articles<em>. <\/em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)<\/li>\n<li>Security updates to Microsoft Graphics Component, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.<\/li>\n<\/ul>\n<p>The update is available via WSUS or in the <a href=\"http:\/\/catalog.update.microsoft.com\/v7\/site\/Search.aspx?q=KB4525250\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Update Catalog<\/a>. The update has the same known problems as the rollup update, these are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. In addition, you should also install the\u00a0 <a href=\"https:\/\/support.microsoft.com\/help\/4525106\" target=\"_blank\" rel=\"noopener noreferrer\">KB4525106<\/a> security update for IE, as this fixes a 0-day vulnerability. In this update, Microsoft lists the same known issues as for update KB4525243.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/11\/06\/microsoft-office-patchday-november-5-2019\/\">Microsoft Office Patchday (November 5, 2019)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/11\/13\/microsoft-security-update-summary-november-12-2019\/\">Microsoft Security Update Summary (November 12, 2019)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/11\/13\/patchday-updates-for-windows-7-8-1-server-nov-12-2019\/\">Patchday: Updates f\u00fcr Windows 7\/8.1\/Server (12. Nov. 2019)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/11\/13\/patchday-windows-10-updates-november-12-2019\/\">Patchday Windows 10 Updates (November 12, 2019)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/11\/14\/patchday-microsoft-office-updates-november-12-2019\/\" rel=\"bookmark\">Patchday Microsoft Office Updates (November 12, 2019)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/11\/13\/office-november-2019-updates-are-causing-access-error-3340\/\">Office November 2019 Updates are causing Access Error 3340<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]On November 12, 2019, Microsoft released several (security) updates for Windows 7 SP1 and further updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[2171,2170,2172,2173,1079,195,194],"class_list":["post-11869","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-kb4525233","tag-kb4525235","tag-kb4525243","tag-kb4525250","tag-sicherheit","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=11869"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11869\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=11869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=11869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=11869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}