- November 2019 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Microsoft Windows Security Updates November 2019 overview

It is the second Tuesday of November 2019 and that means that it is Microsoft Patch Day. Microsoft released security and non-security updates for its Windows operating system and other company products.
Our overview provides you with information on these updates: it starts with an executive summary and information about the number of released updates for all supported client and server versions of Windows as well as the Microsoft Edge (classic) and Internet Explorer web browsers.
What follows is information about the updates, all with links to support articles on Microsoft's website, the list of known issues, direct download links to cumulative updates for Windows, and additional update related information.
Click here to open the October 2019 Patch Day overview.
Microsoft Windows Security Updates November 2019
Download the following Excel spreadsheet to your local system; it lists security updates that Microsoft released in November 2019: November 2019 Security Updates
Executive Summary
- Microsoft released security updates for all supported client and server versions of the Microsoft Windows operating system.
- The following Microsoft products have received security updates as well: Internet Explorer, Microsoft Edge, Microsoft Office, Secure Boot, Microsoft Exchange Server, Visual Studio, Azure Stack.
- The Windows 10 version 1909 features are included in the Windows 10 version 1903 update but not activated until "they are turned on using an enablement package, which is a small, quick-to-install “master switch†that simply activates the Windows 10, version 1909 features." Microsoft released a blog post that details how to get the update. (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)
- Windows 10 Home, Pro, Pro for Workstations and IoT Core, version 1803 have reached end of servicing. These editions won't receive security updates or other updates after November 12, 2019.
Operating System Distribution
- Windows 7: 35 vulnerabilities: 4 rated critical and 31 rated important
- CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
- CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
- Windows 8.1: 37 vulnerabilities: 3 rated critical and 34 rated important
- Same as Windows 7 except for CVE-2019-1441 (not affected)
- Windows 10 version 1803: 46 vulnerabilities: 5 critical and 41 important
- CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
- Windows 10 version 1809: 46 vulnerabilities: 4 critical and 42Â important
- Same as Windows 10 version 1803 except for CVE-2019-1389 (not affected)
- Windows 10 version 1903: 46 vulnerabilities: 2 critical and 28 important
- Same as Windows 10 version 1809 plus
- CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows Server products
- Windows Server 2008 R2: 35 vulnerabilities: 4 critical and 31 important.
- CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
- CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
- CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
- Windows Server 2012 R2: 37 vulnerabilities: 3 critical and 34 important.
- same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
- Windows Server 2016: 38 vulnerabilities: 2 critical and 20 important.
- same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
- Windows Server 2019: 46 vulnerabilities: 2 critical and 29 are important
- same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected) plus
- CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability
Other Microsoft Products
- Internet Explorer 11: 2 vulnerabilities: 2 critical
- CVE-2019-1390 | VBScript Remote Code Execution Vulnerability
- CVE-2019-1429 | Scripting Engine Memory Corruption Vulnerability
- Microsoft Edge: 4 vulnerabilities: 4 critical
- CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability
- CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability
- CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
The security-only update resolves the following issues/makes the following changes:
- Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
- Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
- Security updates for various operating system components.
The monthly rollup update includes all of the updates of the security-only update plus:
- Fixes an issue that prevented certain 16-bit Visual Basic 3 applications or other VB3 applications from running.
- Fixes a temporary user profile issue when the policy "Delete cached copies of roaming profiles" is set.
Windows 8.1 and Server 2012 R2
The security-only update resolves the following issues/makes the following changes:
- Same as Windows 7 SP1 and Windows Server 2008 R2.
The monthly rollup update includes all of the updates of the security-only update plus:
- Same as Windows 7 SP1 and Windows Server 2008 R2 plus
- Fixes an issue that prevented multiple Bluetooth Basic Rate devices from functioning properly after installing the August 2019 updates.
- Fixes an issue that caused error 0x7E when connecting Bluetooth devices after installing the June 2019 updates.
Windows 10 version 1803
- Support article: KB4525237
The cumulative update fixes the following issues / makes the following changes:
- Fixes an issue that caused Windows Defender Application Control Code Integrity events to become unreadable.
- Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
- Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
- Security updates
Windows 10 version 1809
- Support article: KB4523205
The cumulative update fixes the following issues / makes the following changes:
- Fixes an issue that could cause the Microsoft Defender Advanced Threat Protection service to stop running or stop sending report data.
- Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
- Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
- Security updates
Windows 10 version 1903
- Support article: KB4524570Â
The cumulative update lists changes for Windows 10 version 1903 and 1909. It appears that Microsoft included the changes of 1909 in the cumulative update but has not activated them at the time of writing.
- Fixes an issue in the Keyboard Lockdown Subsystem that might not filter key input correctly.
- Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
- Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
- Security updates
Other security updates
- Internet Explorer Cumulative Update:Â KB4525106
- 2019-11 Security Monthly Quality Rollup for Windows Server 2008 (KB4525234)
- 2019-11 Security Only Quality Update for Windows Server 2008 (KB4525239)
- 2019-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4525246)
- 2019-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4525253)
- 2019-11 Cumulative Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524570)
- 2019-11 Cumulative Update for Windows 10 Version 1507 (KB4525232)
- 2019-11 Cumulative Update for Windows Server 2016, and Windows 10 Version 1607 (KB4525236)
- 2019-11 Cumulative Update for Windows 10 Version 1709 (KB4525241)
- 2019-11 Cumulative Update for Windows 10 Version 1703 (KB4525245)
- 2019-11 Servicing Stack Update for Windows Server 2016, and Windows 10 Version 1607 (KB4520724)
- 2019-11 Servicing Stack Update for Windows 10 Version 1507 (KB4523200)
- 2019-11 Servicing Stack Update for Windows 10 Version 1703 (KB4523201)
- 2019-11 Servicing Stack Update for Windows 10 Version 1709 (KB4523202)
- 2019-11 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016 (KB4523203)
- 2019-11 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019 (KB4523204)
- 2019-11 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4523206)
- 2019-11 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4523208)
- 2019-11 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4524445)
- 2019-11 Servicing Stack Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524569)
- 2019-11 Servicing Stack Update for Windows Server 2008 (KB4526478)
Known Issues
Windows 8.1 and Windows Server 2012 R2
- Certain operations may fail on Cluster Shared Volumes with the error code "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)"
Windows 10 version 1803
- Certain operations may fail on Cluster Shared Volumes with the error code "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)"
- May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) -- Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.
Windows 10 version 1809
- Same as Windows 10 version 1803 plus
- May receive error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND" with some Asian language packs installed.
Windows 10 version 1903
- May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) -- Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.
Security advisories and updates
ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
Non-security related updates
- 2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
- 2019-11 Dynamic Update for Windows 10 Version 1903 (KB4525043)
- Windows Malicious Software Removal Tool - November 2019 (KB890830)
Microsoft Office Updates
You find Office update information here.
How to download and install the November 2019 security updates
Most home devices running Windows are configured to download and install security updates when they are released. Users who don't want to wait for that to happen or have configured their systems to update manually only may run manual checks for updates or download the cumulative updates from Microsoft's Update Catalog website.
The following needs to be done to check for updates manually:
- Open the Start Menu of the Windows operating system, type Windows Update and select the result.
- Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.
Direct update downloads
Windows 7 SP1 and Windows Server 2008 R2 SP
- KB4525235 -- 2019-11 Security Monthly Quality Rollup for Windows 7
- KB4525233 -- 2019-11 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4525243 -- 2019-11 Security Monthly Quality Rollup for Windows 8.1
- KB4525250 -- 2019-11 Security Only Quality Update for Windows 8.1
Windows 10 (version 1803)
- KB4525237 -- 2019-11 Cumulative Update for Windows 10 Version 1803
Windows 10 (version 1809)
- KB4523205Â -- 2019-11 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1903)
- KB4524570Â -- 2019-11 Cumulative Update for Windows 10 Version 1903
Additional resources


FROM Microsoft
ISSUE: Win 2012 Trusted installer reboot loop (Stage: 2 out of 4) post Nov month update.
CAUSE: A bug has been filed and we are working towards a resolution.
On Affected Machines: Attempt revertpendingactions from WinRE.
As mentioned earlier, unless a fix is released, we recommend not installing the latest servicing stack and November CU.
Nice article!
i have an issue with windows security updates, not installing on my pc even Microsoft security Essential not updating same happened with windows defender other updated downloading and installing smoothly just security updated having problems i tried to download from catalogs.microsoft.com there also the other updates installing just security updates having problem
Dunno if this is related to the updates but i have a server running 2012 r2, i see 3 updates that installed early this morning, and now the server is crashing about once an hour. Luckily it boots up pretty quick, but it’s pretty debilitating. Anyone seen this?
No problem here too under Win 7×64 (Defender disabled) and Win 8.1×64.
Thank you Martin.
I see any update of my Windows 7 Ultimate x64 with last update May 2017 more critical than the vulnerabilities. After May 2017 there are introduced a number of bugs and leaks that haven’t been fixed, yet, and probably never will be either ! Microsoft will do as they did with 2000, XP and Vista, just leave it….
Did test a fully updated Windows 7 Ultimate x64 and several of my important softwares failed. I restored the older one from a backup, and ofcourse no problems at all.
This is the first time that Windows 10 has updated really fine for me. First I installed those security packages, then I installed W10 19.09 with no single issue nor problem found. All old personal configuration options are still as there was before. Sincerely, I am very happy with this unexpected good update and upgrade process. All major ISO upgrades should be like 19.09. ðŸ˜
Windows Malicious Software Removal Tool Error code: 800B0109 on Windows 7 SP1 Ultimate 32-bit.
I successfully got to Microsoft Windows [Version 10.0.18363.476] after 2 invocations of Windows Update followed by a manual update of Windows Security (Defender) to Virus Definitions Version 2019-11-12 Rev 1.305.1973.0 after turning Windows Security back on at 23:00 UTC.
Martin,
Thanks for this handy security update explenation article.
You wrought: ” (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)”
I have just updated main 1903 to build 18362.476 but now after checking to update to 1909 I am getting no response?
Could it be that Microsoft already pulled the 1909 or could it be a metter of day before Microsoft again has enough broughtband to update/upgrade me?
The update is not made available if Microsoft is aware of compatibility issues (as usual).
Not pulled I updated to 1909 an hour ago.
I noticed that “Microsoft Compatibility Appraiser” scheduler was re-enabled after this update
Not seeing that on a Win7 or a Win8.1 system after installing the monthly rollups. It along with all other telemetry tasks and services are all still disabled.
November update was downloaded and installed KB4524570 for 1903 win 10 now the Malwarebytes Premium is shown as off and does not register as running on the machine is the a fix for this anywhere ?
Same here: can´t install KB890830, Error code: 800B0109 on x64 win7.
Same to me, Windows 7 Prof. SP 1 64bit: KB890830 with Error Code 800B0109
Windows 10 updated to 18363.476 without problems… but where are the “big” changes of this new build?
Can not install Windows Malicious Software Removal Tool – November 2019 (KB890830) on Windows 7 SP1 64-Bit.
Error Code: 800B0109
Same with me on Windows 7 Prof. SP 1 64bit: KB890830 with Error Code 800B0109 on 11/12/2019. Tried several times because the bugger repeatedly showed up In my Window’s Update, and still does.
Regarding Windows Malicious Software Removal Tool (KB890830) error on Windows 7:
After a reboot, I was offered “2019-11 Servicing Stack Update for Windows 7 for x64-based Systems (KB4523206)”. I installed it, but now I am no longer offered KB890830. Odd.
Win 7 Pro.
I installed Servicing Stack Update for Windows 7 for x64-based Systems (KB4523206) via updates then KB4525233 (security only) from MS Catalogue, installed fine.
Like in September, no MSRT offered.
@ Will next month be the last or can we expect a ‘so long and thanks for all the fish’ Jan grand finale?
Same here.
I started a new search for updates … the “2019-11 Servicing Stack Update for Windows 7 for x64-based Systems (KB4523206)” was offered … after installation: no KB890830 anymore.
Same issue on my Win 7.
Same for me !
The automatic install of KB890830 (for Mov 2019) on Win 7 64 bit fails repeatedly
with error 800B0109..
The MS Catalog contains 2 exe files for download:
windows-kb890830-v5.77-delta_a9f4bcd60fdf765b24ed4b3c30af93a31d3517d4.exe
windows-kb890830-v5.77_853d6a05c2b8ec07320dd22e4f1e5a2afb028a94.exe
The first one runs ok (scans all the required files for malware),
the second one seems to do nothing, and by the size (6.8M) this seems to be the one that the automatic update is downloading.
I guess that during the automatic update the second file is supposed to launch the run of the first one, and this fails.
After some research, I think that error 800B0109 is related to the file being improperly signed,
so Microsoft should correct this !!!
A small correction to the above:
The file:
windows-kb890830-v5.77_853d6a05c2b8ec07320dd22e4f1e5a2afb028a94.exe
runs ok.
The file:
windows-kb890830-v5.77-delta_a9f4bcd60fdf765b24ed4b3c30af93a31d3517d4.exe
does nothing !
Same here.
Thank you Martin, as always!
Just manually updated LTSC, currently running DISM cleanup-image commands. All seems fine.
>2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
I’ve just noticed this. I never installed anything like this, my LTSC 1809 x64 updates just fine without this thing. I doubt it’s necessary if you do these updates manually, it’s probably just some WU client update.
All I install is the latest SSU then the latest update pack (full, not delta). This month they were:
windows10.0-kb4523204-x64_57098d9954748b2d7d767f73f60493bc592ff286.msu
windows10.0-kb4523205-x64_3d07bc5ec0f47e164cde50fbd7fbf3fc6d200d44.msu
Received version 1909 (SO 18363.476) but repeatedly receiving MSRT (KB890830 for November)
Checked this morning and it’s stopped doing it – no further update, just not being offered as an update again.
Same as well.