[German]On August 13, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.
Regarding the patches, see the notes in the blog post Windows: Critical Patches (CVE-2019-1181/CVE-2019-1182) August 13, 2019. Windows 7 also requires installed SHA2 support for the successful installation of the security updates (where Norton security products cause trouble under Windows 7, see below).
Updates for Windows 7/Windows Server 2008 R2
For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.
KB4512506 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB4512506 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in last month's update. The update addresses the following:
Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, Microsoft Scripting Engine, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, and Windows Server.
This update is automatically downloaded and installed by Windows Update. The package is also available via Microsoft Update Catalog. Installation requires that the latest SSU is already installed. If you install it using Windows Update, it will be installed automatically.
Since August 2019, the SHA-2 update (KB447444419) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS.
Known issues: Norton blocks SHA2 packages
This update comes with some known issues that are listed in the details in support article KB4512506.
- This can lead to startup problems after the update installation on 64-bit systems with Intel architecture. The fix is performed by installing the security update KB4474419 (see following sections).
- Devices that start with PXE (Preboot Execution Environment) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may report the error 0xc000000001 and refuse to boot. In KB4512816 Devices that start with PXE (Preboot Execution Environment) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may report the error 0xc000000001 and refuse to boot. In KB4512816, Microsoft gives some hints on what to do.
- Microsoft also explicitly mentions issues related to Norton antivirus software (Symantec Antivirus or Norton Antivirus). These are updates that are signed only by SHA2 and are not available for Symantec Endpoint Protection (see this article).
Due to the security fixes mentioned above to mitigate vulnerabilities in remote desktop services, this is a difficult situation.
KB4512486 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB4512486 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.
Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, and Windows Server.
The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU). If you install the Security Only Update, you must also install KB4511872 for IE. For this update, Microsoft lists the same issues as for update KB4512506.
SHA2-Update KB4474419 v2 released
Microsoft has released version 2 of the security update KB4474419 on August 13, 2019. The package includes the bootmgfw.efi file to avoid boot errors with IA64 versions of Windows 7 SP1 and Windows Server 2008 R2 SP1 (see KB4512506 section). The updates are also available in Microsoft Update Catalog.
Updates for Windows 8.1/Windows Server 2012 R2
For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.
KB4512488 (Monthly Rollup) for Windows 8.1/Server 2012 R2
Update KB4512488 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the previous month's rollup. It also addresses the following issues.
Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Microsoft Scripting Engine, Windows MSXML, Internet Explorer, and Windows Server.
This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog. For manual installation, the latest Servicing Stack Update (SSU) must be installed first. The update has several known issues. See the KB article for details.
KB4512489 (Security-only update) foür Windows 8.1/Server 2012 R2
Update KB4512489 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.
Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows MSXML, and Windows Server.
The update is available via WSUS or in the Microsoft Update Catalog. The update also has known issues that are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. If you install this update, you must also install the Security Only Update KB4511872 for IE. With this update, Microsoft lists the same issues as for update KB4512488.
Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)
Windows 7 SP1: Update KB4512506 causes error 0x800F0816
Windows 7 SP1: Update KB4512506 causes error 0xc0000225
Windows 7: Reinstallation causes boot error 0xc0000428
The key is the update kb3133977. You have to check if this update is installed before installing the other. If the computer is in pending state waiting for reboot after installing the others updates, you'll need to uninstall those and install kb3133977 (be carefull if you have asus mb).
If you have already the reboot loop issue, boot with a win7 dvd or usb and use this command in command prompt : dism.exe /image:C:\ /cleanup-image /revertpendingactions
then reboot, install kb3133977, reboot and install others update.
This can occur with wsus if you dont synchronize simple update class, because kb3133977 is a part of that class.
Hope this helps.
Thx for your addendum. A missing update kb3133977 (bitlocker fix) or SSU may causes several issues during install. See also the 3 last blog posts in the link list at the end of the article.
But your hint is rather helpful to those affected.