Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)

Windows Update[German]On October 8, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support to successfully install the security updates.

KB4519976 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4519976 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes and addresses the following:

  • Addresses an issue that may fail to disable VBScript in Internet Explorer by default after installing KB4507437 (Preview of Monthly Rollup) or KB4511872 (Internet Explorer Cumulative Update) and later.
  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Windows Authentication, Microsoft JET Database Engine, Windows Kernel, Internet Information Services, the Microsoft Scripting Engine, and Windows Server.

According to the above list, the printer issues that has kept some users in suspense since September 2019 should finally be fixed. But I received feedback from German users, who are facing now printer issues for the first time (don't know the exact update that has been installed on Oct. 8, 2019).

This update will be downloaded and installed automatically via Windows Update. The package is also available via Microsoft Update Catalog and will be distributed via WSUS. The installation requires that the SSU (KB4490628 of March 2019) is already installed. If you install it via Windows Update, it will be installed automatically. After the update installation Microsoft recommends to install the SSU KB4516655 (if not already installed).

Since August 2019, the SHA-2 update (KB4474419) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS. Microsoft has made an update on October 8, 2019. The update should be updated automatically.

Microsoft does not list a known issues for this update.

KB4520003 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4520003 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.

  • Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don't support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don't support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
  • Security updates to Windows Authentication, Microsoft JET Database Engine, Windows Kernel, Internet Information Services, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. To install the update, the following preconditions must be met.

  1. The March 12, 2019 servicing stack update (SSU) (KB4490628). If you are using Windows Update, this SSU will be offered to you automatically. To get the standalone package for this SSU, search for it in the Microsoft Update Catalog.
  2. The latest SHA-2 update (KB4474419) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
  3. The latest SSU (KB4516655). If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

When deploying via WSUS, make sure that the above-mentioned SSU and SHA-2 updates are installed – the automatic installation will not then be performed via Windows Update. After installation, Windows must be restarted before the Security-only Update is installed. You should also install the security update KB4519974 for IE. Microsoft does not list any known problems with this update. From what I've heard, there doesn't seem to be a telemetry feature this time.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft site.

KB4520005 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4520005 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.

  • Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
  • Security updates to Windows Cryptography, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Microsoft JET Database Engine, Internet Information Services, the Microsoft Scripting Engine, and Windows Server.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. For manual installation, the latest Servicing Stack Update (SSU) must be installed first.

The update has a known issue: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4519990 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4519990 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following item.

Security updates to Windows Cryptography, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Microsoft JET Database Engine, Internet Information Services, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known problems as the rollup update, these are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. You should also install the KB4519974 update for IE.

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)
Patchday Microsoft Office Updates (October 8, 2019)

This entry was posted in Security, Update, Windows and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *