Today is the second Tuesday of the month, which means that it is time for Patch Tuesday. While all versions of Windows 10 (excluding version 1511, the first feature update) received cumulative updates today, older versions of Windows such as Windows 7 and 8.1 too received updates.
To start off, if you’re running Windows 7 or Windows Server 2008 R2 SP1, you should receive monthly rollup KB4516065. The update also contains fixes from KB4512514. You can also download the update manually from here. The list of improvements and fixes in this update include:
- Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
- Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Kernel, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Server, and the Microsoft Scripting Engine.
However, there is one known issue in this update:
Symptom | Workaround |
---|---|
VBScript in Internet Explorer 11 should be disabled by default after installing KB4507437 (Preview of Monthly Rollup) or KB4511872 (Internet Explorer Cumulative Update) and later. However, in some circumstances, VBScript may not be disabled as intended. | To mitigate this issue, follow these steps:
We are working on a resolution and will provide an update in an upcoming release. |
The security-only update, KB4516033, brings with it the same improvements and fixes and can be downloaded manually from here. This update, as usual, is not available through Windows Update and needs to be installed manually. The company notes that users check that they have installed the updates listed in the ‘recommended updates’ area of the “How to get this update’ section before installing these patches for Windows 7.
Next up, those on Windows 8.1 or Windows Server 2012 R2 should receive monthly rollup KB4516067, which can also be downloaded manually from here. The fixes and improvements for this update include:
- Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
- Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.
This update also has one known issue that users might want to check out before updating:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
The security-only update for these versions, KB4516064, brings with it almost all the fixes and improvements from the monthly rollup and can be downloaded manually from here.