Microsoft Windows Security Updates November 2019 overview

by Martin Brinkmann on November 12, 2019 in Companies, Microsoft, Windows - Last Update: December 10, 2019 - 33 comments

It is the second Tuesday of November 2019 and that means that it is Microsoft Patch Day. Microsoft released security and non-security updates for its Windows operating system and other company products.

Our overview provides you with information on these updates: it starts with an executive summary and information about the number of released updates for all supported client and server versions of Windows as well as the Microsoft Edge (classic) and Internet Explorer web browsers.

What follows is information about the updates, all with links to support articles on Microsoft's website, the list of known issues, direct download links to cumulative updates for Windows, and additional update related information.

Click here to open the October 2019 Patch Day overview.

Microsoft Windows Security Updates November 2019

Download the following Excel spreadsheet to your local system; it lists security updates that Microsoft released in November 2019: November 2019 Security Updates

Executive Summary

feature update windows 10 1909

  • Microsoft released security updates for all supported client and server versions of the Microsoft Windows operating system.
  • The following Microsoft products have received security updates as well: Internet Explorer, Microsoft Edge, Microsoft Office, Secure Boot, Microsoft Exchange Server, Visual Studio, Azure Stack.
  • The Windows 10 version 1909 features are included in the Windows 10 version 1903 update but not activated until "they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features." Microsoft released a blog post that details how to get the update. (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)
  • Windows 10 Home, Pro, Pro for Workstations and IoT Core, version 1803 have reached end of servicing. These editions won't receive security updates or other updates after November 12, 2019.

Operating System Distribution

  • Windows 7: 35 vulnerabilities: 4 rated critical and 31 rated important
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
    • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
  • Windows 8.1: 37 vulnerabilities: 3 rated critical and 34 rated important
    • Same as Windows 7 except for CVE-2019-1441 (not affected)
  • Windows 10 version 1803: 46 vulnerabilities: 5 critical and 41 important
    • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
  • Windows 10 version 1809: 46 vulnerabilities: 4 critical and 42  important
    • Same as Windows 10 version 1803 except for CVE-2019-1389 (not affected)
  • Windows 10 version 1903: 46 vulnerabilities: 2 critical and 28 important
    • Same as Windows 10 version 1809 plus
    • CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2: 35 vulnerabilities: 4 critical and 31 important.
    • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 37 vulnerabilities: 3 critical and 34 important.
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
  • Windows Server 2016: 38 vulnerabilities: 2 critical and 20 important.
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
  • Windows Server 2019: 46 vulnerabilities: 2 critical and 29 are important
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected) plus
    • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities: 2 critical
  • Microsoft Edge: 4 vulnerabilities: 4 critical
    • CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability
    • CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

The security-only update resolves the following issues/makes the following changes:

  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates for various operating system components.

The monthly rollup update includes all of the updates of the security-only update plus:

  • Fixes an issue that prevented certain 16-bit Visual Basic 3 applications or other VB3 applications from running.
  • Fixes a temporary user profile issue when the policy "Delete cached copies of roaming profiles" is set.

Windows 8.1 and Server 2012 R2

The security-only update resolves the following issues/makes the following changes:

  • Same as Windows 7 SP1 and Windows Server 2008 R2.

The monthly rollup update includes all of the updates of the security-only update plus:

  • Same as Windows 7 SP1 and Windows Server 2008 R2 plus
  • Fixes an issue that prevented multiple Bluetooth Basic Rate devices from functioning properly after installing the August 2019 updates.
  • Fixes an issue that caused error 0x7E when connecting Bluetooth devices after installing the June 2019 updates.

Windows 10 version 1803

The cumulative update fixes the following issues / makes the following changes:

  • Fixes an issue that caused Windows Defender Application Control Code Integrity events to become unreadable.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Windows 10 version 1809

The cumulative update fixes the following issues / makes the following changes:

  • Fixes an issue that could cause the Microsoft Defender Advanced Threat Protection service to stop running or stop sending report data.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Windows 10 version 1903

The cumulative update lists changes for Windows 10 version 1903 and 1909. It appears that Microsoft included the changes of 1909 in the cumulative update but has not activated them at the time of writing.

  • Fixes an issue in the Keyboard Lockdown Subsystem that might not filter key input correctly.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Other security updates

  • Internet Explorer Cumulative Update: KB4525106
  • 2019-11 Security Monthly Quality Rollup for Windows Server 2008 (KB4525234)
  • 2019-11 Security Only Quality Update for Windows Server 2008 (KB4525239)
  • 2019-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4525246)
  • 2019-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4525253)
  • 2019-11 Cumulative Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524570)
  • 2019-11 Cumulative Update for Windows 10 Version 1507 (KB4525232)
  • 2019-11 Cumulative Update for Windows Server 2016, and Windows 10 Version 1607 (KB4525236)
  • 2019-11 Cumulative Update for Windows 10 Version 1709 (KB4525241)
  • 2019-11 Cumulative Update for Windows 10 Version 1703 (KB4525245)
  • 2019-11 Servicing Stack Update for Windows Server 2016, and Windows 10 Version 1607 (KB4520724)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1507 (KB4523200)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1703 (KB4523201)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1709 (KB4523202)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016 (KB4523203)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019 (KB4523204)
  • 2019-11 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4523206)
  • 2019-11 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4523208)
  • 2019-11 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4524445)
  • 2019-11 Servicing Stack Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524569)
  • 2019-11 Servicing Stack Update for Windows Server 2008 (KB4526478)

Known Issues

Windows 8.1 and Windows Server 2012 R2

  • Certain operations may fail on Cluster Shared Volumes with the error code "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)"

Windows 10 version 1803

  • Certain operations may fail on Cluster Shared Volumes with the error code "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)"
  • May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) -- Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Windows 10 version 1809

  • Same as Windows 10 version 1803 plus
  • May receive error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND" with some Asian language packs installed.

Windows 10 version 1903

  • May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) -- Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Security advisories and updates

ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Non-security related updates

  • 2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
  • 2019-11 Dynamic Update for Windows 10 Version 1903 (KB4525043)
  • Windows Malicious Software Removal Tool - November 2019 (KB890830)

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2019 security updates

windows updates security november 2019

Most home devices running Windows are configured to download and install security updates when they are released. Users who don't want to wait for that to happen or have configured their systems to update manually only may run manual checks for updates or download the cumulative updates from Microsoft's Update Catalog website.

The following needs to be done to check for updates manually:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4525235 -- 2019-11 Security Monthly Quality Rollup for Windows 7
  • KB4525233 -- 2019-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4525243 -- 2019-11 Security Monthly Quality Rollup for Windows 8.1
  • KB4525250 -- 2019-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

  • KB4525237 -- 2019-11 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  • KB4523205  -- 2019-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4524570  -- 2019-11 Cumulative Update for Windows 10 Version 1903

Additional resources

Summary
Microsoft Windows Security Updates November 2019 overview
Article Name
Microsoft Windows Security Updates November 2019 overview
Description
Microsoft released security and non-security updates for the Microsoft Windows operating system and other company products on November 12, 2019.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

whatsapp facebook privacy update

Facebook caves in: WhatsApp users who don't accept the new privacy policy won't have their accounts deleted

skytube youtube app android open source

SkyTube: open source YouTube app for Android with ad-blocking and video downloading

opt-out amazon sidewalk

If you don't want Amazon devices to share your bandwidth with your neighbors, you need to opt-out!

twitter hide trends

Hide Twitter Trends and other sidebar suggestions

google two-factor authentication mandatory

Google will soon enforce the use of two-step verification for Google accounts

Google Earth's Timelapse feature shows videos of how the planet has changed over 30 years

Google Earth's Timelapse feature shows videos of how the planet has changed over 30 years


Previous Post: «
Next Post: «

Comments

  1. Johannes said on November 12, 2019 at 7:51 pm
    Reply

    Received version 1909 (SO 18363.476) but repeatedly receiving MSRT (KB890830 for November)

    1. YB said on November 12, 2019 at 9:51 pm
      Reply

      Same as well.

    2. Taomyn said on November 13, 2019 at 6:55 am
      Reply

      Checked this morning and it’s stopped doing it – no further update, just not being offered as an update again.

  2. Yuliya said on November 12, 2019 at 7:52 pm
    Reply

    Just manually updated LTSC, currently running DISM cleanup-image commands. All seems fine.

    1. Yuliya said on November 12, 2019 at 8:02 pm
      Reply

      >2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
      I’ve just noticed this. I never installed anything like this, my LTSC 1809 x64 updates just fine without this thing. I doubt it’s necessary if you do these updates manually, it’s probably just some WU client update.
      All I install is the latest SSU then the latest update pack (full, not delta). This month they were:
      windows10.0-kb4523204-x64_57098d9954748b2d7d767f73f60493bc592ff286.msu
      windows10.0-kb4523205-x64_3d07bc5ec0f47e164cde50fbd7fbf3fc6d200d44.msu

  3. AJ North said on November 12, 2019 at 8:31 pm
    Reply

    Thank you Martin, as always!

  4. user said on November 12, 2019 at 8:54 pm
    Reply

    Can not install Windows Malicious Software Removal Tool – November 2019 (KB890830) on Windows 7 SP1 64-Bit.
    Error Code: 800B0109

    1. de Cosmos said on November 12, 2019 at 9:58 pm
      Reply

      Same issue on my Win 7.

      1. jhvance said on November 12, 2019 at 11:02 pm
        Reply

        Same here.

      2. Iudith Mentzel said on November 13, 2019 at 4:03 am
        Reply

        Same for me !

        The automatic install of KB890830 (for Mov 2019) on Win 7 64 bit fails repeatedly
        with error 800B0109..

        The MS Catalog contains 2 exe files for download:

        windows-kb890830-v5.77-delta_a9f4bcd60fdf765b24ed4b3c30af93a31d3517d4.exe
        windows-kb890830-v5.77_853d6a05c2b8ec07320dd22e4f1e5a2afb028a94.exe

        The first one runs ok (scans all the required files for malware),
        the second one seems to do nothing, and by the size (6.8M) this seems to be the one that the automatic update is downloading.

        I guess that during the automatic update the second file is supposed to launch the run of the first one, and this fails.

        After some research, I think that error 800B0109 is related to the file being improperly signed,
        so Microsoft should correct this !!!

      3. Iudith Mentzel said on November 13, 2019 at 4:05 am
        Reply

        A small correction to the above:

        The file:
        windows-kb890830-v5.77_853d6a05c2b8ec07320dd22e4f1e5a2afb028a94.exe
        runs ok.

        The file:
        windows-kb890830-v5.77-delta_a9f4bcd60fdf765b24ed4b3c30af93a31d3517d4.exe
        does nothing !

    2. Deron J said on November 13, 2019 at 12:01 am
      Reply

      Regarding Windows Malicious Software Removal Tool (KB890830) error on Windows 7:
      After a reboot, I was offered “2019-11 Servicing Stack Update for Windows 7 for x64-based Systems (KB4523206)”. I installed it, but now I am no longer offered KB890830. Odd.

      1. user said on November 13, 2019 at 8:57 am
        Reply

        Same here.
        I started a new search for updates … the “2019-11 Servicing Stack Update for Windows 7 for x64-based Systems (KB4523206)” was offered … after installation: no KB890830 anymore.

      2. Stan said on November 14, 2019 at 3:18 am
        Reply

        Win 7 Pro.
        I installed Servicing Stack Update for Windows 7 for x64-based Systems (KB4523206) via updates then KB4525233 (security only) from MS Catalogue, installed fine.
        Like in September, no MSRT offered.
        @ Will next month be the last or can we expect a ‘so long and thanks for all the fish’ Jan grand finale?

    3. Ay Con said on November 15, 2019 at 1:12 am
      Reply

      Same with me on Windows 7 Prof. SP 1 64bit: KB890830 with Error Code 800B0109 on 11/12/2019. Tried several times because the bugger repeatedly showed up In my Window’s Update, and still does.

  5. xxxVDxxx said on November 12, 2019 at 9:11 pm
    Reply

    Windows 10 updated to 18363.476 without problems… but where are the “big” changes of this new build?

  6. LoveWindows said on November 12, 2019 at 9:16 pm
    Reply

    Same to me, Windows 7 Prof. SP 1 64bit: KB890830 with Error Code 800B0109

  7. JF Berne said on November 12, 2019 at 9:20 pm
    Reply

    Same here: can´t install KB890830, Error code: 800B0109 on x64 win7.

  8. Andy said on November 12, 2019 at 9:52 pm
    Reply

    November update was downloaded and installed KB4524570 for 1903 win 10 now the Malwarebytes Premium is shown as off and does not register as running on the machine is the a fix for this anywhere ?

  9. Word of warning said on November 12, 2019 at 10:53 pm
    Reply

    I noticed that “Microsoft Compatibility Appraiser” scheduler was re-enabled after this update

    1. Mothy said on November 15, 2019 at 3:27 pm
      Reply

      Not seeing that on a Win7 or a Win8.1 system after installing the monthly rollups. It along with all other telemetry tasks and services are all still disabled.

  10. Paul(us) said on November 12, 2019 at 11:51 pm
    Reply

    Martin,
    Thanks for this handy security update explenation article.
    You wrought: ” (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)”

    I have just updated main 1903 to build 18362.476 but now after checking to update to 1909 I am getting no response?
    Could it be that Microsoft already pulled the 1909 or could it be a metter of day before Microsoft again has enough broughtband to update/upgrade me?

    1. Cinikal said on November 13, 2019 at 5:49 am
      Reply

      Not pulled I updated to 1909 an hour ago.

    2. Martin Brinkmann said on November 13, 2019 at 7:02 am
      Reply

      The update is not made available if Microsoft is aware of compatibility issues (as usual).

  11. chesscanoe said on November 13, 2019 at 12:32 am
    Reply

    I successfully got to Microsoft Windows [Version 10.0.18363.476] after 2 invocations of Windows Update followed by a manual update of Windows Security (Defender) to Virus Definitions Version 2019-11-12 Rev 1.305.1973.0 after turning Windows Security back on at 23:00 UTC.

  12. Jimmy G said on November 13, 2019 at 3:18 am
    Reply

    Windows Malicious Software Removal Tool Error code: 800B0109 on Windows 7 SP1 Ultimate 32-bit.

  13. John G. said on November 13, 2019 at 6:55 am
    Reply

    This is the first time that Windows 10 has updated really fine for me. First I installed those security packages, then I installed W10 19.09 with no single issue nor problem found. All old personal configuration options are still as there was before. Sincerely, I am very happy with this unexpected good update and upgrade process. All major ISO upgrades should be like 19.09. 😁

  14. stefann said on November 13, 2019 at 7:30 am
    Reply

    I see any update of my Windows 7 Ultimate x64 with last update May 2017 more critical than the vulnerabilities. After May 2017 there are introduced a number of bugs and leaks that haven’t been fixed, yet, and probably never will be either ! Microsoft will do as they did with 2000, XP and Vista, just leave it….

    Did test a fully updated Windows 7 Ultimate x64 and several of my important softwares failed. I restored the older one from a backup, and ofcourse no problems at all.

  15. Belga said on November 13, 2019 at 9:13 am
    Reply

    No problem here too under Win 7×64 (Defender disabled) and Win 8.1×64.
    Thank you Martin.

  16. Mike said on November 14, 2019 at 8:30 pm
    Reply

    Dunno if this is related to the updates but i have a server running 2012 r2, i see 3 updates that installed early this morning, and now the server is crashing about once an hour. Luckily it boots up pretty quick, but it’s pretty debilitating. Anyone seen this?

  17. kashif mughal said on November 15, 2019 at 11:06 pm
    Reply

    i have an issue with windows security updates, not installing on my pc even Microsoft security Essential not updating same happened with windows defender other updated downloading and installing smoothly just security updated having problems i tried to download from catalogs.microsoft.com there also the other updates installing just security updates having problem

  18. Anonymous said on November 19, 2019 at 6:29 pm
    Reply

    Nice article!

  19. Anonymous said on December 5, 2019 at 11:43 am
    Reply

    FROM Microsoft

    ISSUE: Win 2012 Trusted installer reboot loop (Stage: 2 out of 4) post Nov month update.

    CAUSE: A bug has been filed and we are working towards a resolution.

    On Affected Machines: Attempt revertpendingactions from WinRE.
    As mentioned earlier, unless a fix is released, we recommend not installing the latest servicing stack and November CU.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Ghacks Newsletter Sign Up

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Advertisement

Popular Posts

Advertisement

Recently Updated

Deal of the day

See all deals

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2021 - All rights reserved