Microsoft Windows Security Updates December 2020

Today is the last Microsoft Patch Day of the year 2020. Microsoft released security updates and non-security updates for all supported client and server versions of the company’s Windows operating system, and updates for other company products such as Microsoft Office, Microsoft Edge, Internet Explorer, or the .NET Framework.

Our Patch Day overview provides you with detailed information on released patches, security issues, and related information. You can download an Excel spreadsheet of the released security updates, check out the operating system distribution, find links to all support pages, and the list of known issues here in this guide.

Check out the November 2020 Security Updates overview here in case you missed it.

Microsoft Windows Security Updates December 2020

Download the following Excel spreadsheet that contains the released security updates to your system. Note that Microsoft’s new platform is quite slow and that it may be possible that updates are missing. Let us know in the comments if you notice anything missing: Security Updates 2020 12 Microsoft Windows

Executive Summary

Operating System Distribution

  • Windows 7(extended support only): 9 vulnerabilities: 0 critical and 9 important
  • Windows 8.1: 5 vulnerabilities: 0 rated critical and 5 rated important
  • Windows 10 version 1809: 19 vulnerabilities: 1 critical and 18 important
  • Windows 10 version 1903 and 1909: 18 vulnerabilities: 1 critical and 17 important
  • Windows 10 version 2004 and 20H2: 19 vulnerabilities, 1 critical, 18 important

Windows Server products

  • Windows Server 2008 R2 (extended support only): 9 vulnerabilities: 0 critical and 9 important
  • Windows Server 2012 R2: 6 vulnerabilities: 0 critical and 6 important.
  • Windows Server 2016: 16 vulnerabilities: 1 critical and 15 important.
  • Windows Server 2019: 20 vulnerabilities: 1 critical and 19 are important

Other Microsoft Products

  • Internet Explorer 11: 0 vulnerabilities:
  • Microsoft Edge (classic): 1 vulnerabilities: 1 critical
    • CVE 2020 17131 — Chakra Scripting Engine Memory Corruption Vulnerability
  • Microsoft Edge (Chromium)
    • see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Fixed an issue that prevented PDF24 Creator version 9.1.1 from opening .txt files. (Monthly Rollup only)
  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 10 version 1809

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 10 version 1903 and 1909

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 10 version 2004 and 20H2

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Other security updates

KB4592468 — 2020-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4592468)

KB4592497 — 2020-12 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4592497)

KB4592498 — 2020-12 Security Monthly Quality Rollup for Windows Server 2008 (KB4592498)

KB4592504 — 2020-12 Security Only Quality Update for Windows Server 2008 (KB4592504)

KB4592464 — 2020-12 Cumulative Update for Windows 10 Version 1507 (KB4592464)

KB4593226 — 2020-12 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB4593226)

KB4592473 — 2020-12 Cumulative Update for Windows 10 Version 1703 (KB4592473)

KB4592446 — 2020-12 Cumulative Update for Windows 10 Version 1803 (KB4592446)

Servicing Stack Updates:

2020-12 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4592510)

2020-12 Servicing Stack Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004 (KB4593175)

Known Issues

Windows 7 SP1 and Windows Server 2008 R2

  • Updates will fail to install with the error ““Failure to configure Windows updates. Reverting Changes. Do not turn off your computer” if ESU is not supported or activated.
  • Certain operations may fail on cluster shared volumes. Workarounds available.

Windows 8.1 and Server 2012 R2

  • Certain operations may fail on cluster shared volumes. Workarounds available.

Windows 10 version 1809

  • Devices with “some” Asian language packs may throw the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”. Microsoft suggests to either try and uninstall the language packs and make sure that a recent version of Windows 10 is installed, or to reset the PC.

Windows 10 version 1903 and 1909

  • System and user certificates may be lost when updating a device from Windows 10 version 1809 or later, to a later version of Windows 10. Does not affect Windows Update devices or Windows Update for business devices. Workaround available.

Windows 10 version 2004 and 20H2

  • System and user certificates may be lost when updating a device from Windows 10 version 1809 or later, to a later version of Windows 10. Does not affect Windows Update devices or Windows Update for business devices. Workaround available.
  • The correct Furigana characters may not be displayed when using the Microsoft Japanese Input Method Editor. Microsoft is working on a resolution.

Security advisories and updates

ADV 200013 — Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver

ADV 990001 — Latest Servicing Stack Updates

Non-security related updates

Microsoft Office Updates

You find Office update information here.

How to download and install the December 2020 security updates

windows updates december 2020

Updates are already available via Windows Updates and other update management systems. Default Windows installations are configured to find and install updates automatically, but it is also possible to download updates manually to install them.

Tip: it is essential that you create a backup of the system before you install Windows updates as things may go wrong and backups help you restore the previous status quo.

You can check manually for updates in the following way:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB4592471 — 2020-12 Security Monthly Quality Rollup for Windows 7
  • KB4592503 — 2020-12 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4592484 — 2020-12 Security Monthly Quality Rollup for Windows 8.1
  • KB4592495 — 2020-12 Security Only Quality Update for Windows 8.1

Windows 10 (version 1809)

  • KB4592440 — 2020-12 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4592449 — 2020-12 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4592449 — 2020-12 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB4592438 — 2020-12 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB4592438 — 2020-12 Cumulative Update for Windows 10 Version 20H2

Additional resources

Summary
Microsoft Windows Security Updates December 2020 overview
Article Name
Microsoft Windows Security Updates December 2020 overview
Description
Microsoft released security updates and non-security updates for all supported versions of the company’s Windows operating system, client and server, as well as other company products such as Microsoft Office on the December 2020 Patch Day.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News
Advertisement

Related:

  • No Related Posts

Microsoft Windows Security Updates November 2020

Microsoft has released security updates for all support client and server versions of Windows as well as other company products such as Microsoft Office, Microsoft Edge, and Internet Explorer.

Our November 2020 Patch Day overview provides you with details on the released patches. It begins with an executive summary listing the most important bits of information; this is followed by the operating system distribution, details about cumulative updates for Windows, other released security updates, download links, and lots of links to Microsoft support pages.

Check out the October 2020 Security Updates overview here in case you missed it.

Microsoft Windows Security Updates November 2020

You can download the following Excel spreadsheet that includes information about the released security updates in November 2020. It is provided as an archive that you need to extract on the local system. A viewer such as Microsoft Excel or LibreOffice Cacl is needed to open the spreadsheet.

Click on the following link to download the spreadsheet to your system: Security Updates 2020-11-10-070727pm

Executive Summary

  • Microsoft released security updates for all supported client and server versions of Windows.
  • All server and client versions of Windows are affected by the same two critical vulnerabilities.
  • Security updates are also released for Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Dynamics, Microsoft Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, Azure DevOps and Visual Studio.
  • Products with known issues: SharePoint Server 2016 and 2019, Windows 10 versions 2004, 1903, 1809, Windows 7, Windows 8.1, Windows Server products and Microsoft Exchange Server

Operating System Distribution

  • Windows 7(extended support only): 20 vulnerabilities: 2 critical and 18 important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 8.1: 33 vulnerabilities: 2 rated critical and 31 rated important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 1809: 48 vulnerabilities: 2 critical and 45 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 1903 and 1909: 53 vulnerabilities: 2 critical and 54 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 2004 and 20H2: 52 vulnerabilities, 2 critical, 49 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 2 critical and 18 important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 34 vulnerabilities: 2 critical and 22 important.
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2016: 40 vulnerabilities: 2 critical and 38 important.
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2019: 46 vulnerabilities: 2 critical and 44 are important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 3 vulnerabilities: 3 critical
  • Microsoft Edge (classic): 4 vulnerabilities: 3 critical, 1 important
    • CVE 2020 17048 — Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE 2020 17052 — Scripting Engine Memory Corruption Vulnerability
    • CVE 2020 17058 — Microsoft Browser Memory Corruption Vulnerability
  • Microsoft Edge (Chromium)
    • see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates
  • Administrators may enable “Save Target As” in Group Policy for Microsoft Edge IE Mode (Monthly Rollup only).
  • Fixes an issue with LDAP session authentication (Monthly Rollup only).

Windows 10 version 1809

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Windows 10 version 1903 and 1909

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Fixed an issue with the package frame launcher.
  • Security updates

Windows 10 version 2004 and 20H2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Other security updates

KB4586768 — 2020-11 Cumulative Security Update for Internet Explorer

KB4586807 — 2020-11 Security Monthly Quality Rollup for Windows Server 2008

KB4586817 — 2020-11 Security Only Quality Update for Windows Server 200

KB4586808 — 2020-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4586834 — 2020-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4586787 — 2020-11 Cumulative Update for Windows 10 Version 1507

KB4586782 — 2020-11 Cumulative Update for Windows 10 Version 1703

KB4586785 — 2020-11 Cumulative Update for Windows 10 Version 1803

KB4586830 — 2020-11 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607

Known Issues

Windows 7 SP1 and Server 2008 R2

  • Updates will uninstall if the system is not subscribed to ESU (Extended Security Updates).
  • Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.

Windows 8.1 and Server 2012 R2

  • Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.

Windows 10 version 1809

  • Some Asian language packs may throw the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND”. Microsoft suggest to remove the language packs and reinstall them, update Windows to the latest version, or Reset the PC.

Windows 10 version 1903, 1909, 2004, 20H2

  • System and user certificates may be lost when updating from Windows 10 version 1809 or later to a newer version of Windows 10. This happens mainly when managed devices are updated using outdated bundles or media according to Microsoft. Devices that use Windows Update or Windows Update for Business are not impacted. Microsoft suggests to go back to the previous version of Windows to fix the issue.

Security advisories and updates

ADV 990001 — Latest Servicing Stack Updates

Non-security related updates

KB4497165 — 2020-09 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4558130 — 2020-09 Update for Windows Server, version 2004 and Windows 10 Version 2004

KB4580419 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004

KB4580980 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4585207 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607

KB4585208 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4585210 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016

KB4586082 — 2020-11 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809

KB4589198 — 2020-11 Update for Windows 10 Version 1507

KB4589206 — 2020-11 Update for Windows 10 Version 1803

KB4589208 — 2020-11 Update for Windows Server 2019 and Windows 10 Version 1809

KB4589210 — 2020-11 Update for Windows Server 2016 and Windows 10 Version 1607

KB4589211 — 2020-11 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4589212 — 2020-11 Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004

KB890830 — Windows Malicious Software Removal Tool

KB4585204 — 2020-11 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4585205 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4585211 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4585212 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4585213 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4585214 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4586083 — 2020-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4586084 — 2020-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4586085 — 2020-11 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4586086 — 2020-11 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2020 security updates

microsoft windows november 2020 security updates

The November 2020 security patches are already available for all supported versions of Windows and other Microsoft products. Home users get these via Windows Updates or direct downloads, business customers and Enterprises get these via update management systems such as WSUS predominantly.

Updates are installed automatically by default on Home systems, but you can run a manual check for updates to download and install these earlier.

Note: we recommend that you create a backup of important data, better the entire system, before you install updates.

Do this to manually check for updates:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB4586827 — 2020-11 Security Monthly Quality Rollup for Windows 7
  • KB4586805 — 2020-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4586845 — 2020-11 Security Monthly Quality Rollup for Windows 8.1
  • KB4586823 — 2020-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1809)

  • KB4586793 — 2020-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 20H2

Additional resources

Summary
Microsoft Windows Security Updates November 2020 overview
Article Name
Microsoft Windows Security Updates November 2020 overview
Description
Microsoft released security updates and non-security updates for all supported versions of the company’s Windows operating system, client and server, as well as other company products such as Microsoft Office on the November 2020 Patch Day.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News
Advertisement

Related:

  • No Related Posts

Microsoft releases Windows 10 builds 18363.815, 18362.815 with a ton of fixes

Patch Tuesday was only a week ago, but it’s now time for this month’s round of optional updates. Typically, Microsoft does this in several installments, offering updates to different versions at different times. But today, Windows 10 version 1909, 1903, 1809, 1803, and 1607 are all getting updates.

The reason that they’re all getting patched today is likely because this is going to be one of the last times to do it. Starting in May, Microsoft won’t be releasing optional cumulative updates anymore, only Patch Tuesday updates. This is to focus on stability for those working from home during the COVID-19 pandemic.

For those on Windows 10 versions 1909 and 1903, you’ll get KB4550945, bringing the build number to 18363.815 and 18362.815, respectively. You can manually download it here, and these are the highlights:

  • Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears.
  • Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that generates unexpected notifications when you change the default application settings.
  • Updates an issue that causes Windows Update to stop responding when you check for updates.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears.
  • Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
  • Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
  • Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses an issue that generates unexpected notifications related to changing the default application settings.
  • Addresses an issue that causes the sign in screen to be blurry.
  • Addresses an issue that causes Windows Update to stop responding when you check for updates.
  • Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI).
  • Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM.
  • Addresses an issue that causes communication with the TPM to time out and fail.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
  • Addresses an issue that causes the Clipboard service to unexpectedly stop working.

Windows 10 version 1809 just had its support extended, and those users will get KB4550969, bringing the build number to 17763.1192. You can manually download it here, and these are the highlights:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes high CPU usage on Active Directory (AD) domain controllers when migrating to Windows Server 2019. This increases latency in Microsoft Exchange operations, causes Managed Store contention, and severely impacts index creation in Active Directory and the Global Catalog’s performance.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue that might cause the Remote Desktop Gateway service to stop working.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.
  • Addresses an issue that causes stop error 0x18 (REFERENCE_BY_POINTER) when Remote Desktop sessions redirect devices that are not input devices.

This one does have one known issue to be aware of:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_ COMPONENT_NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.


For those running Windows 10 version 1803, which is only supported for Enterprise and Education SKUs, you’ll get KB4550944, bringing the build number to 17134.1456. You can manually download it here, and there’s one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses a Task Manager CPU frequency display issue that locks to the base frequency on devices equipped with certain CPUs.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that prevents certain apps from installing if they are published using a Group Policy Object.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.

Finally, Windows 10 version 1607 is still supported for LTSB and Windows Server 2016 customers, and they’ll get KB4550947, bringing the build number to 14393.3659. You can manually download it here, and it has the same one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that might prevent Dynamic Host Configuration Protocol (DHCP) servers from providing the right options to clients when a reservation exists.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue in Srv2.sys that might cause 0x18, 0xC2, and 0x19 errors.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.

This one also has one known issue:

Symptom Workaround
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.


As mentioned earlier, these updates are optional. That means that you can get it through Windows Update if you opt into it, or you can install it manually. If you choose to not take the update, these fixes will be bundled into next month’s Patch Tuesday updates.

Related:

Symantec blocking windows updates

I need a solution

Hi,

I am using SEPM 14.0(RU1 MP2) and SEP 14.0 RU1 MP2. I have enabled “Application and Device control” under client management to control unknow software installation by users.

Because of this even my windows updates shows as download pending and if I download it and starts installaing it gives a error (0x80070005) which intern informs about “The error code is also described as ACCESS DENIED and it usually appears when you lack of permissions of file or registry which are demanded when reinstalling updates. … Error 0x80070005 occurs when you attempt to install system updates and you do not get the required permissions to do the operation.”

And when I disable Application and device control under SEP change settings, the windows updates installs properly, Need help to identiy the issue and resolve it.

The error are attached as image. 

Regards

Varun

0

1580765129

Related:

ShareConnect Automatic Updates

You can easily install the latest version of ShareConnect whenever an update is available using the automatic updates feature.

The desktop app is automatically updated for all Windows users. Mac users can choose to be prompted to install the latest version or to be automatically updated seamlessly when you’re not in session. By default, the automatic updates feature is enabled for Macs.

Enable automatic updates on Mac

1. Click the ShareConnect icon in the top menu bar of your Mac and select Preferences.

2. In the ShareConnect Preferences window, you will see 2 options. Choose one of the following:

  • Automatically install updates (Recommended) – Updates the remote computer with the latest version of ShareConnect automatically
  • Ask me to install updates – Informs you that a new version of ShareConnect is available and you can choose to either update or not

Related:

Microsoft Releases November 2019 Windows 10 Patch Which Fixes 74 Flaws

Windows Alternatives - Feature Image
  • The November Windows patch is out, and it comes with a large number of critical fixes.
  • All users are urged to update immediately, as the patch covers a wide range of software tools and products.
  • Some known minor issues accompany this update as always, but there are workarounds.

Microsoft has just released a pretty comprehensive patch for Windows 10, bringing 74 fixes, 13 of which address critical remote code execution (RCE) flaws. The software that is covered this time ranges from the OS core and the Edge browser to the Azure Stack, the Visual Studio, and the Exchange Server. All Windows 10 users will see the update on their settings menu, and everyone is advised to apply the patches as soon as possible, as they will help you stay safe and secure against a wide variety of threats.

More specifically, here are the most critical flaws that were fixed this time:

  • Hyper-V arbitrary code execution and failure to validate input from guest OSes (CVE-2019-0721, CVE-2019-1389, CVE-2019-1397, and CVE-2019-1398)
  • Microsoft Exchange RCE flaw (CVE-2019-1373)
  • SharePoint server information disclosure flaw (CVE-2019-1443)
  • Windows TCP/IP improper IPv6 packet handling (CVE-2019-1324)
  • Windows Graphics Device Interface information disclosure flaw (CVE-2019-1439)
  • Windows Graphics Component privilege elevation vulnerabilities (CVE-2019-1407 and CVE-2019-1433)
  • Microsoft Office for Mac inability to disable macros properly (CVE-2019-1457)
  • VBScript remote code execution vulnerability (CVE-2019-1390)
  • Microsoft Scripting Engine memory corruption flaws (CVE-2019-1426, CVE-2019-1427, CVE-2019-1428, and CVE-2019-1429)

The rest of the patches concern “important” level flaws, so they are also crucial in several use-case scenarios. For example, CVE-2019-1020 is a bypass vulnerability in the Windows secure boot process, allowing an attacker to load malicious software via a third-party bootloader. With the latest patch, this threat has been blocked.

Remember, if you’re using a security solution, it will get updated with new rules to cover the disclosed vulnerabilities. However, applying the OS updates should be an absolute priority in order to defend from any form of known exploitation methods. Moreover, Microsoft delivers Windows updates in a cumulative form, so you will also get other optimizations and improvements bundled with the security fixes.

Applying this update may cause a number of side-effects which Microsoft describes in their “known issues” section. For example, the Exchange Server may greet you with a “File failed to upload” error when trying to save files on a network location, and the exchange services may remain in a disabled state. OOBE (Out of Box Experience) may also be associated with problems creating a local user through IME (Input Method Editor). Finally, renaming files and folders on a CSV (Cluster Shared Volume) may fail with the following error: “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. For most of these, there are workarounds provided by Microsoft.

Are you applying these monthly patches immediately, or do you instead do it whenever you have the time? Let us know in the comments down below, or on our socials, on Facebook and Twitter.

Related:

Patch Tuesday, November 2019 Edition

Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Perhaps the most concerning of those critical holes is a zero-day flaw in Internet Exploder Explorer (CVE-2019-1429) that has already seen active exploitation. Today’s updates also address two other critical vulnerabilities in the same Windows component that handles various scripting languages.

Microsoft also fixed a flaw in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass security protections in some versions of the program that could let malicious macros through.

Macros are bits of computer code that can be embedded into Office files, and malicious macros are frequently used by malware purveyors to compromise Windows systems. Usually, this takes the form of a prompt urging the user to “enable macros” once they’ve opened a booby-trapped Office document delivered via email. Thus, Office has a feature called “disable all macros without notification.”

But Microsoft says all versions of Office still support an older type of macros that do not respect this setting, and can be used as a vector for pushing malware. Will Dornan of CERT/CC reports that while Office 2016 and 2019 for Mac will still prompt the user before executing these older macro types, Office for Mac 2011 fails to warn users before opening them.

Other Windows applications or components receiving patches for critical flaws today include Microsoft Exchange and Windows Media Player. In addition, Microsoft also patched nine vulnerabilities — five of them critical — in the Windows Hyper-V, an add-on to the Windows Server OS (and Windows 10 Pro) that allows users to create and run virtual machines (other “guest” operating systems) from within Windows.

Although Adobe typically issues patches for its Flash Player browser component on Patch Tuesday, this is the second month in a row that Adobe has not released any security updates for Flash. However, Adobe today did push security fixes for a variety of its creative software suites, including Animate, Illustrator, Media Encoder and Bridge. Also, I neglected to note last month that Adobe released a critical update for Acrobat/Reader that addressed at least 67 bugs, so if you’ve got either of these products installed, please be sure they’re patched and up to date.

Finally, Google recently fixed a zero-day flaw in its Chrome Web browser (CVE-2019-13720). If you use Chrome and see an upward-facing arrow to the right of the address bar, you have an update pending; fully closing and restarting the browser should install any available updates.

Now seems like a good time to remind all you Windows 7 end users that Microsoft will cease shipping security updates after January 2020 (this end-of-life also affects Windows Server 2008 and 2008 R2). While businesses and other volume-license purchasers will have the option to pay for further fixes after that point, all other Windows 7 users who want to stick with Windows will need to consider migrating to Windows 10 soon.

Standard heads-up: Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.

Keep in mind that while staying up-to-date on Windows patches is a good idea, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re probably not freaking out when the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.

As ever, if you experience glitches or problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a decent chance other readers have experienced the same and may even chime in here with some helpful tips.

Tags: adobe, CVE-2019-1429, CVE-2019-1457, Internet Explorer zero-day, macros, microsoft, Office for Mac, Windows 7 end-of-life

This entry was posted on Tuesday, November 12th, 2019 at 5:04 pm and is filed under Time to Patch. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

Related:

Any known issues with SEP 14.2 and later versions with Server 2016?

I need a solution

Previous versions of SEP have affected windows updates in Windows server 2012 R2. The only way to install updates was to disable SEP while updates were being installed.

Are there any known issues with SEP 14.2.770 and later versions that affect Windows Server 2016 windows updates?

Thanks

0

1571930866

Related: