November 12, 2019—KB4525233 (Security-only update)

2019-11-12T20:44:41
ID KB4525233
Type mskb
Reporter Microsoft
Modified 2019-11-12T20:45:13

Description

<html><body><p>Learn more about update KB4525233, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class="alert-band"><div class="alert alert-info" role="alert"><div class="row"><div class="col-xs-24"><p><strong>IMPORTANT </strong>Verify that<strong> </strong>you have installed the required updates listed in the <strong>How to get this update</strong> section <u>before</u> installing this update. </p></div></div></div></div><div class="alert-band"><div class="alert alert-info" role="alert"><div class="row"><div class="col-xs-24"><p class="CxSpFirst"><strong><span>IMPORTANT</span></strong><span> Customers who have <a href="https://www.microsoft.com/en-us/cloud-platform/extended-security-updates" managed-link="" target="_blank">purchased</a> the Extended Security Update (ESU) for</span> on-premises versions of some operating systems must follow specific procedures to continue receiving security updates after extended support ends on January 14, 2020. For more information, see <a data-content-id="4522133" data-content-type="article" href="" managed-link="" target="_blank">KB4522133</a>.</p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against the Intel® Processor Machine Check Error vulnerability (<u><a data-content-id="" data-content-type="" href="https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/CVE-2018-12207" managed-link="" target="_blank" title="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-12207">CVE-2018-12207</a></u>). Use the registry setting as described in the <a data-content-id="4530989" data-content-type="article" href="" managed-link="" target="_blank">Guidance KB article</a><em>. </em>(This registry setting is disabled by default.)</li><li>Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (<a data-content-id="" data-content-type="" href="https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/CVE-2019-11135" managed-link="" target="_blank">CVE-2019-11135</a>). Use the registry settings as described in the <a data-content-id="4073119" data-content-type="article" href="" managed-link="" target="_blank">Windows Client</a> and <a data-content-id="4072698" data-content-type="article" href="" managed-link="" target="_blank">Windows Server</a> articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)</li><li>Security updates to Windows Input and Composition, Microsoft Graphics Component, Windows Cryptography, Windows Virtualization, Windows Kernel, Windows Datacenter Networking, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href="https://portal.msrc.microsoft.com/security-guidance">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><p>Microsoft is not currently aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p><strong>Prerequisite:</strong></p><p>You must install the updates listed below and <strong><u>restart your device</u></strong> before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.</p><ol><li>The March 12, 2019 servicing stack update (SSU) (<a data-content-id="4490628" data-content-type="article" href="" managed-link="" target="">KB4490628</a>).  To get the standalone package for this SSU, search for it in the <a aria-live="assertive" data-bi-name="content-anchor-link" data-content-id="" data-content-type="" href="http://www.catalog.update.microsoft.com/home.aspx" managed-link="" tabindex="0" target="_blank">Microsoft Update Catalog</a>. </li><li>The latest SHA-2 update (<a data-content-id="4474419" data-content-type="article" href="" managed-link="" target="_blank">KB4474419</a>) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see <a data-content-id="4472027" data-content-type="article" href="" managed-link="" target="_blank">2019 SHA-2 Code Signing Support requirement for Windows and WSUS</a>.</li></ol><p>After installing the items above, Microsoft strongly recommends that you install the <u>latest </u>SSU (<a data-content-id="4523206" data-content-type="article" href="" managed-link="" target="_blank">KB4523206</a>). If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a aria-live="assertive" data-bi-name="content-anchor-link" data-content-id="" data-content-type="" href="http://www.catalog.update.microsoft.com/home.aspx" managed-link="" tabindex="0" target="_blank">Microsoft Update Catalog</a>. </p><p><strong>Install this update</strong></p><table class="table"><tbody><tr><td><strong>Release Channel</strong></td><td align="center"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align="center">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align="center">Yes</td><td>To get the standalone package for this update, go to the <a href="http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4525233">Microsoft Update Catalog</a> website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align="center">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:  Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p> </p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the <a data-content-id="" data-content-type="" href="https://download.microsoft.com/download/e/4/5/e4533a04-a42c-4e9e-beb4-5848a7c49b8c/4525233.csv" managed-link="" target="_blank">file information for update 4525233</a>. </p></body></html>