[German]On July 14, 2020, Microsoft released various (security) updates for Windows 7 SP1 (ESU) and Windows Server 2008 R2. Here is an overview of these updates.
Updates for Windows 7/Windows Server 2008 R2
A rollup and a security-only update have been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. However, these updates are now only available for systems with ESU licenses. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support for successful installation of the security updates.
Starting January 15, 2020, Windows 7 will display a full-screen notification of the end of support in Starter, Home Basic, Home Premium, Professional (without ESU license) and Ultimate. This must then be closed by the user.
As of January 14, 2020, Windows 7 SP1 and Windows Server 2008 R2 SP1 have reached the end of support and will only receive paid security updates under the ESU program. ESU license holders should visit the Windows Message Center for details.
Microsoft last updated the Techcommunity article on the ESU program on February 11, 2020. Please refer to the notes on requirements (SSU, SHA-2). Additionally, for ESU systems, you must manually install the KB4538483 update from the Update Catalog. Furthermore, the update KB4538483 was released in May 2020 (see Windows 7 ESU-Update KB4538483 (May 2020)).
Because the updates are provided in the Microsoft Update Catalog, do not attempt to install them on systems that do not have an ESU license. The installation fails and a rollback occurs. But what works: Use the BypassESU method described in the links at the end of this article (see Windows 7: Forcing February 2020 Security Updates – Part 1). This German comment confirms that the July updates could be installed with it. Also note the discussion here.
Important: Starting in July 2020 all Windows updates disable the RemoteFX vGPU feature due to the CVE-2020-1036 vulnerability (see also KB4570006). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail. More information can be found in the KB article and here.
KB4565524 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB4565524 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes from last month) improvements and bug fixes and addresses the following issues:
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Graphics, Windows Input and Composition, Windows Fundamentals, Windows Kernel, Windows Remote Desktop, Internet Explorer, the Microsoft Scripting Engine, and Windows SQL components.
Compared to the previous months, nothing has changed for ESU systems. This update is automatically downloaded and installed by Windows Update. The package is also available through the Microsoft Update Catalog and is distributed via WSUS. For details about requirements and known issues (without ESU, installation fails and there is a "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)" error), see the KB article. There you will also find information that the SSU KB4565354 has to be installed afterwards.
KB4565539 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB4565539 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the following issues.
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Graphics, Windows Input and Composition, Windows Fundamentals, Windows Kernel, Windows Remote Desktop, and Windows SQL components.
The update is available via WSUS or in the Microsoft Update Catalog. To install the update, you must meet the prerequisites listed in the KB article and in the Rollup Update above. In addition, the security update KB4565479 for IE should also be installed.
Servicing Stack Update KB4565354
The Servicing Stack Update KB4565354 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 was released on July 14, 2020. This update makes quality improvements to the service stack and ensures that Windows has a robust and reliable service stack to receive and install Microsoft updates.
This update also fixes an increased privilege escalation vulnerability that occurs when the Windows Modules Installer does not process file operations correctly. An attacker who successfully exploited this vulnerability could be granted elevated privileges. This security update resolves the vulnerability by ensuring that Windows Modules Installer correctly handles file operations. For more information, see CVE-2020-1346 (Windows Modules Installer Elevation of Privilege Vulnerability).
Similar articles:
Microsoft Office Patchday (July 7, 2020)
Microsoft Security Update Summary (14. Juli 2020)
Patchday: Windows 10-Updates (14. Juli 2020)
Patchday: Windows 8.1/Server 2012-Updates (July 14, 2020)
Patchday: Windows 7/Server 2008 R2 Updates (07/14/2020)