{"id":13118,"date":"2020-02-12T18:12:26","date_gmt":"2020-02-12T17:12:26","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13118"},"modified":"2024-10-05T18:41:10","modified_gmt":"2024-10-05T16:41:10","slug":"patchday-updates-for-windows-7-8-1-server-feb-11-2020","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/02\/12\/patchday-updates-for-windows-7-8-1-server-feb-11-2020\/","title":{"rendered":"Patchday: Updates for Windows 7\/8.1\/Server (Feb. 11, 2020)"},"content":{"rendered":"

\"Windows[German<\/a>]On February 11, 220, Microsoft released various (security) updates for Windows 7 SP1 (ESU) and other updates for Windows 8.1 and the corresponding server versions. Here is an overview of these updates. Addition: Various information about Windows 7 added.<\/p>\n

<\/p>\n

Updates for Windows 7\/Windows Server 2008 R2<\/h2>\n

\"\"A rollup and a security-only update have been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. However, these updates are now only available for systems with an ESU license. The update history for Windows 7 can be found on this Microsoft site<\/a>. Installation requires installed SHA2 support for successful installation of the security updates.<\/p>\n

Beginning January 15, 2020, Windows 7 will display a full-screen end-of-support notification in Starter, Home Basic, Home Premium, Professional (without ESU license), and Ultimate. This must then be closed by the user.<\/p>\n

As of January 14, 2020, Windows 7 SP1 and Windows Server 2008 R2 SP1 have reached the end of support and will only receive paid security updates under the ESU program. ESU license holders should visit the Windows Message Center<\/a> for details.<\/p>\n

In addition, Microsoft has updated the Techcommunity article on the ESU program<\/a> on February 11, 2020. Please refer to the notes on the requirements (SSU, SHA-2). Additionally, for ESU systems, you must manually install update KB4538483<\/a> from the Update Catalog.<\/p>\n

Because the updates are provided in the Microsoft Update Catalog, do not attempt to install them on non-ESU systems. According to feedback<\/a> I have received, the installation fails and a rollback occurs.<\/p><\/blockquote>\n

KB4537820 (Monthly Rollup) for Windows 7\/Windows Server 2008 R2<\/h3>\n

Update KB44537820<\/a> (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes from last month) improvements and bug fixes and addresses:<\/p>\n

Security updates to Internet Explorer, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server.<\/p><\/blockquote>\n

There are some security fixes – Microsoft does not disclose any details. However, a remote code execution vulnerability CVE-2020-0662<\/a> in memory object handling has been closed for Windows 7. Compared to the previous months, nothing has changed for ESU systems. This update is automatically downloaded and installed by Windows Update. It is also available from the Microsoft Update Catalog<\/a> and is distributed via WSUS. Details about the requirements and known issues can be found in the KB article<\/a> – first installation experiences can be found in my German blog<\/a>.<\/p>\n

The installation requires that the SSU(KB4490628<\/a> rom March 2019 and the SHA-2 update KB4474419<\/a> from September 10, 2019, but if in doubt, go through the notes here<\/a>, currently the MS documentation seems inconsistent) is already installed. When installing via Windows Update, this will be installed automatically. After the update installation Microsoft recommends to install SSU KB4536952<\/a> (if not already installed).<\/p>\n

\n

If you do not have an ESU license and want to continue running Windows 7 SP1 online, you should take a look at the 0patch solution. There is no micro-patch available yet, but I will report as soon as I know details.<\/p>\n

In addition to the RCE vulnerability mentioned above, there is CVE-2020-0683<\/a>\u00a0 in the MSI installer that has already been exploited<\/a>.<\/p><\/blockquote>\n<\/blockquote>\n

KB4537813(Security Only) for Windows 7\/Windows Server 2008 R2<\/h3>\n

Update KB4537813<\/a> (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the following issues.<\/p>\n

Security updates to Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, and Windows Server.<\/p><\/blockquote>\n

The update is available via WSUS or in the Microsoft Update Catalog<\/a>. In order to install the update, the preconditions listed in the KB article and above for the rollup update must be met (but if in doubt, go through the notes here<\/a>, currently the MS documentation does not seem consistent). In addition, the security update KB4537767<\/a> for IE should also be installed.<\/p>\n

Note: <\/strong>Currently I can't quite place it, but I'd like to refer you to the tweet from Woody Leonhard:<\/p>\n

\n

And that quote… \"We investigated and determined that some users encountered issues after attempting to deploy SHA-2 signed updates without fully deploying the latest SHA-2 enablement packages.\" Sure doesn't sound right to me. How could they install without SHA-2 support?<\/p>\n

\u2014 Woody Leonhard (@AskWoody) February 11, 2020<\/a><\/p><\/blockquote>\n