Users Prompted to Download, Run, Open “.ica” File Instead of Launching Connection

In recent releases of IE, Edge, Google Chrome, Firefox, and latest Citrix Workspace App clients many of the issues mentioned below have been resolved.

By default, the OS (Windows, Mac, Linux) should automatically set how to open “.ica” files when trying to launch any resource via Citrix Workspace or Citrix Storefront via the Web Store if the Citrix Workspace App is installed properly.

Confirm Citrix Workspace App is installed or use Citrix Workspace App for HTML5 (“Web Browser” option) instead.

If you continue to encounter this behavior please review the steps outlined below.

There can be a number of resolutions to the issue including but not limited to the following:

Install the Latest Version of Citrix Workspace App

Install the latest Citrix Workspace App version which can be downloaded here: Download Citrix Workspace App

Automatically Open ICA Files

When clicking on an application or desktop to launch via Citrix Workspace or Citrix Storefront on an Internet Browser (not within Citrix Workspace App) and an “.ica” file shows in the download bar on the bottom left please follow these steps to automatically open said file:

ICA file is downloaded during the process. After the ICA file is downloaded, enable the browser to open similar files automatically.

Note: Instructions below are similar for other OS’s when using Google Chrome, Firefox, or Edge Browsers.

Internet Explorer:

  1. Navigate to the Citrix Workspace Store or Citrix Storefront Store
  2. Select the resource you are trying to access – Application or Desktop
  3. You will receive a notification on the bottom of the browser to “Open, Save, Cancel”
  4. Select the Save.
  5. The download bar will now show to “Open, Open Folder, View Downloads”,
  6. Select the drop-down list next to “Open” and select “Open With”
  7. Find and select “Connection Manager”

Google Chrome:

  1. Navigate to the Citrix Workspace Store or Citrix Storefront Store
  2. Select the resource you are trying to access – Application or Desktop
  3. Chrome will prompt a dialog box to save the ‘”.ica” file
  4. Hit save to save it in the “Downloads folder”
  5. On the bottom left you will see the file, click the “^” which is the drop-down list for the file in the download bar and select “Always Open Files of This Type”

Firefox:

  1. Navigate to the Citrix Workspace Store or Citrix Storefront Store
  2. Select the resource you are trying to access – Application or Desktop
  3. Firefox will prompt you with a dialog box to save the ‘”.ica” file
  4. Select “Do this automatically for files like this from now on”
  5. Select “Open With” and click “Browse”
  6. Select “Connection Manager”

Edge Browser:

  1. Navigate to the Citrix Workspace Store or Citrix Storefront Store
  2. Select the resource you are trying to access – Application or Desktop
  3. Edge automatically saves the file to the downloads folder by default
  4. On the bottom left you will see the file, click the “…” which is the drop-down list for the file in the download bar and select “Always Open Files of This Type”

Associate .ica File Type With Citrix Connection Manager

  1. On Windows computers, go to Control Panel > Settings > Apps > Default apps > Choose default apps by file type

  2. Under Name, find .ica file type.

  3. Ensure that the current default is set to Citrix Connection Manager. If not, click Change program and choose Citrix Connection Manager.

Note: Connection Manager is the wfcrun32 file located as C:Program Files (x86)CitrixICA Clientwfcrun32.exe

Remove or Disable Third Party Browser Adware

Remove or disable any third party browser based Adware software that could be interfering with the successful launch of the ICA file. Restart the browser after removing these software and try again.

Clear the “Do not save encrypted data to disk” Option

If you are using Internet Explorer, click Tools > Internet Options > Advanced tab and clear the option “Do not save encrypted data to disk.”. This option should be cleared because the dynamic files are stored in the Temporary Internet Files folder. When applications are clicked, a file is downloaded to the folder, then launched using MIME type. If access to the folder is disabled or not available, the process cannot occur successfully.

User-added image

Below are for older Browser/Citrix Receiver Deployments:

No longer recommended to perform these steps in newer releases of Internet Browsers. Steps remain for any users not fully updated to the latest and greatest.

Add Website to Trusted Sites

Add the site to the Trusted sites list if using Internet Explorer browser using the following steps:

  1. Go to Tools > Internet Options > Security tab > Sites

  2. In the Add this website to the zone field, enter your organization’s website and click Add.

  3. Repeat this for the .com, .net, .org, or .gov Web site addresses of your organization to allow the use of the ActiveX ICA client object for the launched connection to be automatically accepted.

    Note: It might be required to also add any additional subdomain.domain.com URLs to the Trusted sites list in the Security tab setting if still experiencing unwanted prompts.

    User-added image

Disable ActiveX Filtering (Enable ActiveX)

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

Configure Internet Explorer as follows to allow successful application launching:

  1. Disable ActiveX filtering feature for the Web Interface site, either by:
  • Disabling ActiveX filtering globally:

    Click Gear icon, select Safety, de-select ActiveX Filtering. Alternatively, press Alt key and click Tools menu (ActiveX filtering is enabled if a “tick” appears next to it and is disabled if the “tick” disappears).

    User-added image

    User-added image

    Or

  • Disabling ActiveX filtering for an individual site when ActiveX filtering is enabled globally:
    1. Log on to the Web Interface site and attempt to launch an application. At the end of the address bar a blue warning sign appears, indicating filtered content.

      User-added image

    2. Click the blue warning sign and select Turn off ActiveX Filtering.

      User-added image

  1. Enable ICA launch using one of the following options:
  • Add the site to the Trusted sites list: In the Security tab of Internet Options, add the Web Interface site to Trusted Sites list to allow the use of the ActiveX ICA client object for the launch.

    Or

  • Disable the MIME filter: Rename the following registry key: HKEY_CLASSES_ROOTPROTOCOLSFilterapplication/x-ica

  1. Log off and close window then restart the browser after making this change.

Enable Citrix ICA Client plugin

Configure Internet Explorer as follows to allow successful application launching:

  1. Enable Citrix ICA Client IE plugin by following the steps below:
    • Launch Internet Explorer
    • Go to Tools > Manage add-ons
    • Select Citrix ICA Client plugin and click Enable
  2. IE plugin

Related:

Citrix Studio Slow on Start Up with Error: This snap-in is not responding

To resolve this issue, you can either provide the computer with internet access so it can verify the Authenticode signature, or disable the Authenticode signature checking feature for Microsoft Management Console as shown in the following snap- in.

Within the Internet Explorer, clear Check for publisher’s certificate revocation, as displayed in the following screen shot:

(Accessible through: Tools > Internet Options > Advanced (tab) > Security (Item))

Check for publisher’s certificate revocation

Related:

Users Prompted to Download, Run, Open Launch.ica File, Instead of Launching Connection

User-added image


More How Do I


There can be a number of resolutions to the issue including but not limited to the following:

Install the Latest Version of Citrix Receiver

Install the latest Citrix Receiver version which can be downloaded from: Download Citrix Clients.

Add Website to Trusted Sites

Add the site to the Trusted sites list if using Internet Explorer browser using the following steps:

  1. Go to Tools > Internet Options > Security tab > Sites

  2. In the Add this website to the zone field, enter your organization’s website and click Add.

  3. Repeat this for the .com, .net, .org, or .gov Web site addresses of your organization to allow the use of the ActiveX ICA client object for the launched connection to be automatically accepted.

    Note: It might be required to also add any additional subdomain.domain.com URLs to the Trusted sites list in the Security tab setting if still experiencing unwanted prompts.

    User-added image

Remove or Disable Third Party Browser Adware

Remove or disable any third party browser based Adware software that could be interfering with the successful launch of the ICA file. Restart the browser after removing these software and try again.

Clear the “Do not save encrypted data to disk” Option

If you are using Internet Explorer, click Tools > Internet Options > Advanced tab and clear the option “Do not save encrypted data to disk.”. This option should be cleared because the dynamic files are stored in the Temporary Internet Files folder. When applications are clicked, a file is downloaded to the folder, then launched using MIME type. If access to the folder is disabled or not available, the process cannot occur successfully.

User-added image

Automatically Open ICA Files

After the ICA file is downloaded, enable the browser to open similar files automatically.

  • Internet Explorer:

1. Download the file using IE 10/11

2. You’ll ge Open/Save/View download prompt.

3. Select the Save.

4. Then in Internet Explorer click Tools

5. Under Tools click the View Downloads option

6. You will see a popup containing the file that you just downloaded.

7. Right-click on the file, un-check the option : Always ask before opening this type of file

  • Google Chrome: Click the drop-down list for the file in the download bar and select Always Open Files of This Type.

Associate .ica File Type With Citrix Connection Manager

  1. On Windows computers, go to Control Panel > Settings > Apps > Default apps > Choose default apps by file type

  2. Under Name, find .ica file type.

  3. Ensure that the current default is set to Citrix Connection Manager. If not, click Change program and choose Citrix Connection Manager.

Note: Connection Manager is the wfcrun32 file located at C:Program Files (x86)CitrixICA Client. On Windows 10, this file is located at C:Program Files (x86)Citrix.

Disable ActiveX Filtering (Enable ActiveX)

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

Configure Internet Explorer as follows to allow successful application launching:

  1. Disable ActiveX filtering feature for the Web Interface site, either by:
  • Disabling ActiveX filtering globally:

    Click Gear icon, select Safety, de-select ActiveX Filtering. Alternatively, press Alt key and click Tools menu (ActiveX filtering is enabled if a “tick” appears next to it and is disabled if the “tick” disappears).

    User-added image

    User-added image

    Or

  • Disabling ActiveX filtering for an individual site when ActiveX filtering is enabled globally:
    1. Log on to the Web Interface site and attempt to launch an application. At the end of the address bar a blue warning sign appears, indicating filtered content.

      User-added image

    2. Click the blue warning sign and select Turn off ActiveX Filtering.

      User-added image

  1. Enable ICA launch using one of the following options:
  • Add the site to the Trusted sites list: In the Security tab of Internet Options, add the Web Interface site to Trusted Sites list to allow the use of the ActiveX ICA client object for the launch.

    Or

  • Disable the MIME filter: Rename the following registry key: HKEY_CLASSES_ROOTPROTOCOLSFilterapplication/x-ica

  1. Log off and close window then restart the browser after making this change.

Enable Citrix ICA Client plugin

Configure Internet Explorer as follows to allow successful application launching:

  1. Enable Citrix ICA Client IE plugin by following the steps below:
    • Launch Internet Explorer
    • Go to Tools > Manage add-ons
    • Select Citrix ICA Client plugin and click Enable
  2. IE plugin

Related:

How do I download a license file from MySymantec

I need a solution

Just renewed SEP 14 for another year. 

We can see the renewal on MySymantec>My Products, but can’t figure out how to download the license key.

“Getting started” says to click on the “Key Icon”, but we don’t have a “Key Icon”.

In the past we’ve used licensing.symantec.com, registered the product and downloaded  the license key.

What are we doing wrong?  Any special settings needed in IE11 for MySymantec? Do we need to activate the renewal, if so, how?

Any help would be greatly appreciated.

0

1579046082

Related:

  • No Related Posts

EPM 14.2 RU2 installation failure due to Error 2738: could not access VBScript run time for custom action

I need a solution

Hi,

We are running EPM 14.2 RU1 MP1 on Server 2008 R2 SP1 but when we recently tried to instlla the RU2, its observed that instllation is failed due to Error 2738: could not access VBScript run time for custom action

We tried to re register the VB Script but unsucessful, so need solution to get it done

0

Related:

Memory Exploit Mitigation Detection Notification

I need a solution

Hi all,

how to deal with:

Notification Events

Earliest Event Time: 12/17/2019 15:43:00 to Latest Event Time: 12/17/2019 15:44:00

 

   

Memory Exploit Mitigation Events

Event Time

Domain

Group

Computer

IP Address

Severity

Client User Name

Event Type

Action

Application Name

Event Description

Profile Serial Number

Location Name

12/17/2019 15:44:12

Default

My Company

computer name

….

Critical

X…

Attack: Structured Exception Handler Overwrite

Blocked

C:/Program Files (x86)/Internet Explorer/iexplore.exe

Blocked Attack: Structured Exception Handler Overwrite attack against C:Program Files (x86)Internet Exploreriexplore.exe

341A-12/11/2019 14:43:53 904

internal

12/17/2019 15:44:01

Default

My Company

computer namecomputer namecomputer namecomputer namecomputer namecomputer namecomputer name

…..

Critical

X…

Attack: Structured Exception Handler Overwrite

Blocked

C:/Program Files (x86)/Internet Explorer/iexplore.exe

Blocked Attack: Structured Exception Handler Overwrite attack against C:Program Files (x86)Internet Exploreriexplore.exe

341A-12/11/2019 14:43:53 904

internal

12/17/2019 15:43:50

Default

My Company

….

Critical

X….

Attack: Structured Exception Handler Overwrite

Blocked

C:/Program Files (x86)/Internet Explorer/iexplore.exe

Blocked Attack: Structured Exception Handler Overwrite attack against C:Program Files (x86)Internet Exploreriexplore.exe

341A-12/11/2019 14:43:53 904

internal

0

1576685664

Related:

Patch Tuesday, November 2019 Edition

Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Perhaps the most concerning of those critical holes is a zero-day flaw in Internet Exploder Explorer (CVE-2019-1429) that has already seen active exploitation. Today’s updates also address two other critical vulnerabilities in the same Windows component that handles various scripting languages.

Microsoft also fixed a flaw in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass security protections in some versions of the program that could let malicious macros through.

Macros are bits of computer code that can be embedded into Office files, and malicious macros are frequently used by malware purveyors to compromise Windows systems. Usually, this takes the form of a prompt urging the user to “enable macros” once they’ve opened a booby-trapped Office document delivered via email. Thus, Office has a feature called “disable all macros without notification.”

But Microsoft says all versions of Office still support an older type of macros that do not respect this setting, and can be used as a vector for pushing malware. Will Dornan of CERT/CC reports that while Office 2016 and 2019 for Mac will still prompt the user before executing these older macro types, Office for Mac 2011 fails to warn users before opening them.

Other Windows applications or components receiving patches for critical flaws today include Microsoft Exchange and Windows Media Player. In addition, Microsoft also patched nine vulnerabilities — five of them critical — in the Windows Hyper-V, an add-on to the Windows Server OS (and Windows 10 Pro) that allows users to create and run virtual machines (other “guest” operating systems) from within Windows.

Although Adobe typically issues patches for its Flash Player browser component on Patch Tuesday, this is the second month in a row that Adobe has not released any security updates for Flash. However, Adobe today did push security fixes for a variety of its creative software suites, including Animate, Illustrator, Media Encoder and Bridge. Also, I neglected to note last month that Adobe released a critical update for Acrobat/Reader that addressed at least 67 bugs, so if you’ve got either of these products installed, please be sure they’re patched and up to date.

Finally, Google recently fixed a zero-day flaw in its Chrome Web browser (CVE-2019-13720). If you use Chrome and see an upward-facing arrow to the right of the address bar, you have an update pending; fully closing and restarting the browser should install any available updates.

Now seems like a good time to remind all you Windows 7 end users that Microsoft will cease shipping security updates after January 2020 (this end-of-life also affects Windows Server 2008 and 2008 R2). While businesses and other volume-license purchasers will have the option to pay for further fixes after that point, all other Windows 7 users who want to stick with Windows will need to consider migrating to Windows 10 soon.

Standard heads-up: Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.

Keep in mind that while staying up-to-date on Windows patches is a good idea, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re probably not freaking out when the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.

As ever, if you experience glitches or problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a decent chance other readers have experienced the same and may even chime in here with some helpful tips.

Tags: adobe, CVE-2019-1429, CVE-2019-1457, Internet Explorer zero-day, macros, microsoft, Office for Mac, Windows 7 end-of-life

This entry was posted on Tuesday, November 12th, 2019 at 5:04 pm and is filed under Time to Patch. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

Related:

Microsoft Windows Security Updates November 2019 overview

It is the second Tuesday of November 2019 and that means that it is Microsoft Patch Day. Microsoft released security and non-security updates for its Windows operating system and other company products.

Our overview provides you with information on these updates: it starts with an executive summary and information about the number of released updates for all supported client and server versions of Windows as well as the Microsoft Edge (classic) and Internet Explorer web browsers.

What follows is information about the updates, all with links to support articles on Microsoft’s website, the list of known issues, direct download links to cumulative updates for Windows, and additional update related information.

Click here to open the October 2019 Patch Day overview.

Microsoft Windows Security Updates October 2019

Download the following Excel spreadsheet to your local system; it lists security updates that Microsoft released in November 2019: November 2019 Security Updates

Executive Summary

feature update windows 10 1909

  • Microsoft released security updates for all supported client and server versions of the Microsoft Windows operating system.
  • The following Microsoft products have received security updates as well: Internet Explorer, Microsoft Edge, Microsoft Office, Secure Boot, Microsoft Exchange Server, Visual Studio, Azure Stack.
  • The Windows 10 version 1909 features are included in the Windows 10 version 1903 update but not activated until “they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features.” Microsoft released a blog post that details how to get the update. (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)
  • Windows 10 Home, Pro, Pro for Workstations and IoT Core, version 1803 have reached end of servicing. These editions won’t receive security updates or other updates after November 12, 2019.

Operating System Distribution

  • Windows 7: 35 vulnerabilities: 4 rated critical and 31 rated important
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
    • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
  • Windows 8.1: 37 vulnerabilities: 3 rated critical and 34 rated important
    • Same as Windows 7 except for CVE-2019-1441 (not affected)
  • Windows 10 version 1803: 46 vulnerabilities: 5 critical and 41 important
    • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
  • Windows 10 version 1809: 46 vulnerabilities: 4 critical and 42 important
    • Same as Windows 10 version 1803 except for CVE-2019-1389 (not affected)
  • Windows 10 version 1903: 46 vulnerabilities: 2 critical and 28 important
    • Same as Windows 10 version 1809 plus
    • CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2: 35 vulnerabilities: 4 critical and 31 important.
    • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 37 vulnerabilities: 3 critical and 34 important.
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
  • Windows Server 2016: 38 vulnerabilities: 2 critical and 20 important.
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
  • Windows Server 2019: 46 vulnerabilities: 2 critical and 29 are important
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected) plus
    • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities: 2 critical
  • Microsoft Edge: 4 vulnerabilities: 4 critical
    • CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability
    • CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

The security-only update resolves the following issues/makes the following changes:

  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates for various operating system components.

The monthly rollup update includes all of the updates of the security-only update plus:

  • Fixes an issue that prevented certain 16-bit Visual Basic 3 applications or other VB3 applications from running.
  • Fixes a temporary user profile issue when the policy “Delete cached copies of roaming profiles” is set.

Windows 8.1 and Server 2012 R2

The security-only update resolves the following issues/makes the following changes:

  • Same as Windows 7 SP1 and Windows Server 2008 R2.

The monthly rollup update includes all of the updates of the security-only update plus:

  • Same as Windows 7 SP1 and Windows Server 2008 R2 plus
  • Fixes an issue that prevented multiple Bluetooth Basic Rate devices from functioning properly after installing the August 2019 updates.
  • Fixes an issue that caused error 0x7E when connecting Bluetooth devices after installing the June 2019 updates.

Windows 10 version 1803

The cumulative update fixes the following issues / makes the following changes:

  • Fixes an issue that caused Windows Defender Application Control Code Integrity events to become unreadable.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Windows 10 version 1809

The cumulative update fixes the following issues / makes the following changes:

  • Fixes an issue that could cause the Microsoft Defender Advanced Threat Protection service to stop running or stop sending report data.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Windows 10 version 1903

The cumulative update lists changes for Windows 10 version 1903 and 1909. It appears that Microsoft included the changes of 1909 in the cumulative update but has not activated them at the time of writing.

  • Fixes an issue in the Keyboard Lockdown Subsystem that might not filter key input correctly.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Other security updates

  • Internet Explorer Cumulative Update: KB4525106
  • 2019-11 Security Monthly Quality Rollup for Windows Server 2008 (KB4525234)
  • 2019-11 Security Only Quality Update for Windows Server 2008 (KB4525239)
  • 2019-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4525246)
  • 2019-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4525253)
  • 2019-11 Cumulative Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524570)
  • 2019-11 Cumulative Update for Windows 10 Version 1507 (KB4525232)
  • 2019-11 Cumulative Update for Windows Server 2016, and Windows 10 Version 1607 (KB4525236)
  • 2019-11 Cumulative Update for Windows 10 Version 1709 (KB4525241)
  • 2019-11 Cumulative Update for Windows 10 Version 1703 (KB4525245)
  • 2019-11 Servicing Stack Update for Windows Server 2016, and Windows 10 Version 1607 (KB4520724)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1507 (KB4523200)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1703 (KB4523201)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1709 (KB4523202)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016 (KB4523203)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019 (KB4523204)
  • 2019-11 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4523206)
  • 2019-11 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4523208)
  • 2019-11 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4524445)
  • 2019-11 Servicing Stack Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524569)
  • 2019-11 Servicing Stack Update for Windows Server 2008 (KB4526478)

Known Issues

Windows 8.1 and Windows Server 2012 R2

  • Certain operations may fail on Cluster Shared Volumes with the error code “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

Windows 10 version 1803

  • Certain operations may fail on Cluster Shared Volumes with the error code “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”
  • May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) — Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Windows 10 version 1809

  • Same as Windows 10 version 1803 plus
  • May receive error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND” with some Asian language packs installed.

Windows 10 version 1903

  • May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) — Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Security advisories and updates

ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Non-security related updates

  • 2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
  • 2019-11 Dynamic Update for Windows 10 Version 1903 (KB4525043)
  • Windows Malicious Software Removal Tool – November 2019 (KB890830)

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2019 security updates

windows updates security november 2019

Most home devices running Windows are configured to download and install security updates when they are released. Users who don’t want to wait for that to happen or have configured their systems to update manually only may run manual checks for updates or download the cumulative updates from Microsoft’s Update Catalog website.

The following needs to be done to check for updates manually:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4525235 — 2019-11 Security Monthly Quality Rollup for Windows 7
  • KB4525233 — 2019-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4525243 — 2019-11 Security Monthly Quality Rollup for Windows 8.1
  • KB4525250 — 2019-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

  • KB4525237 — 2019-11 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  • KB4523205 — 2019-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4524570 — 2019-11 Cumulative Update for Windows 10 Version 1903

Additional resources

Summary
Microsoft Windows Security Updates November 2019 overview
Article Name
Microsoft Windows Security Updates November 2019 overview
Description
Microsoft released security and non-security updates for the Microsoft Windows operating system and other company products on November 12, 2019.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News