Patch Tuesday: Here's what's new for Windows 7 and Windows 8.1

Today is the second Tuesday of the month, making it Patch Tuesday. That means that Microsoft released new updates for all supported versions of Windows. While every version of Windows 10 except for the unsupported 1511 got updates, older versions of the OS like Windows 7 and 8.1 get updates as well.

If you"re on Windows 7 SP1 or Windows Server 2008 R2 SP1, you"ll get KB4512506. You can manually download it here, and it contains the following fixes:

  • Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, Microsoft Scripting Engine, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, and Windows Server.

There are also some known issues to be aware of:

Symptom Workaround
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error "Status: 0xc0000001, Info: A required device isn"t connected or can"t be accessed" after installing this update on a WDS server.

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

After installing this update, IA64-based devices may fail to start with the following error:

"File: \Windows\system32\winload.efi

Status: 0xc0000428

Info: Windows cannot verify the digital signature for this file."
This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019). Please verify that it is installed and restart your machine before installing this update.
Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Guidance for Symantec customers can be found in the Symantec support article.


There"s also a security-only update, KB4512486, which has the same changelog and same known issues. You can manually download it here. Note that if you don"t go the manual route and you go through Windows Update, you"ll get the monthly rollup update above.

For those on Windows 8.1 and Windows Server 2012 R2, you"ll get KB4512488 as your monthly rollup. You can manually download it here and it contains the following fixes:

  • Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Microsoft Scripting Engine, Windows MSXML, Internet Explorer, and Windows Server.

This one only has two known issues:

Symptom Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
Microsoft is working on a resolution and will provide an update in an upcoming release.
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error "Status: 0xc0000001, Info: A required device isn"t connected or can"t be accessed" after installing this update on a WDS server.

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.


Like the security-only update for Windows 7, the security-only update for Windows 8.1, KB4512489, has the same changelog and known issues. You can manually download it here.

Report a problem with article
Next Article

Microsoft issues fixes for two critical, wormable vulnerabilities in Windows

Previous Article

NVIDIA registers the world's quickest BERT training time and largest transformer-based model