Microsoft Windows Security Updates November 2019 overview

It is the second Tuesday of November 2019 and that means that it is Microsoft Patch Day. Microsoft released security and non-security updates for its Windows operating system and other company products.

Our overview provides you with information on these updates: it starts with an executive summary and information about the number of released updates for all supported client and server versions of Windows as well as the Microsoft Edge (classic) and Internet Explorer web browsers.

What follows is information about the updates, all with links to support articles on Microsoft's website, the list of known issues, direct download links to cumulative updates for Windows, and additional update related information.

Click here to open the October 2019 Patch Day overview.

Microsoft Windows Security Updates November 2019

Download the following Excel spreadsheet to your local system; it lists security updates that Microsoft released in November 2019: November 2019 Security Updates

Executive Summary

• Microsoft released security updates for all supported client and server versions of the Microsoft Windows operating system.
• The following Microsoft products have received security updates as well: Internet Explorer, Microsoft Edge, Microsoft Office, Secure Boot, Microsoft Exchange Server, Visual Studio, Azure Stack.
• The Windows 10 version 1909 features are included in the Windows 10 version 1903 update but not activated until "they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features." Microsoft released a blog post that details how to get the update. (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)
• Windows 10 Home, Pro, Pro for Workstations and IoT Core, version 1803 have reached end of servicing. These editions won't receive security updates or other updates after November 12, 2019.

Operating System Distribution

• Windows 7: 35 vulnerabilities: 4 rated critical and 31 rated important
  • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
  • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
• Windows 8.1: 37 vulnerabilities: 3 rated critical and 34 rated important
  • Same as Windows 7 except for CVE-2019-1441 (not affected)
• Windows 10 version 1803: 46 vulnerabilities: 5 critical and 41 important
  • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
• Windows 10 version 1809: 46 vulnerabilities: 4 critical and 42  important
  • Same as Windows 10 version 1803 except for CVE-2019-1389 (not affected)
• Windows 10 version 1903: 46 vulnerabilities: 2 critical and 28 important
  • Same as Windows 10 version 1809 plus
  • CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Windows Server products

• Windows Server 2008 R2: 35 vulnerabilities: 4 critical and 31 important.
  • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
  • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
  • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
• Windows Server 2012 R2: 37 vulnerabilities: 3 critical and 34 important.
  • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
• Windows Server 2016: 38 vulnerabilities: 2 critical and 20 important.
  • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
• Windows Server 2019: 46 vulnerabilities: 2 critical and 29 are important
  • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected) plus
  • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability

Other Microsoft Products

• Internet Explorer 11: 2 vulnerabilities: 2 critical
  • CVE-2019-1390 | VBScript Remote Code Execution Vulnerability
  • CVE-2019-1429 | Scripting Engine Memory Corruption Vulnerability
• Microsoft Edge: 4 vulnerabilities: 4 critical
  • CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

• Monthly Rollup: KB4525235
• Security-only Update: KB4525233

The security-only update resolves the following issues/makes the following changes:

• Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
• Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
• Security updates for various operating system components.

The monthly rollup update includes all of the updates of the security-only update plus:

• Fixes an issue that prevented certain 16-bit Visual Basic 3 applications or other VB3 applications from running.
• Fixes a temporary user profile issue when the policy "Delete cached copies of roaming profiles" is set.

Windows 8.1 and Server 2012 R2

• Monthly Rollup: KB4525243
• Security-only Update: KB4525250

The security-only update resolves the following issues/makes the following changes:

• Same as Windows 7 SP1 and Windows Server 2008 R2.

The monthly rollup update includes all of the updates of the security-only update plus:

• Same as Windows 7 SP1 and Windows Server 2008 R2 plus
• Fixes an issue that prevented multiple Bluetooth Basic Rate devices from functioning properly after installing the August 2019 updates.
• Fixes an issue that caused error 0x7E when connecting Bluetooth devices after installing the June 2019 updates.

Windows 10 version 1803

• Support article: KB4525237

The cumulative update fixes the following issues / makes the following changes:

• Fixes an issue that caused Windows Defender Application Control Code Integrity events to become unreadable.
• Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
• Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
• Security updates

Windows 10 version 1809

• Support article: KB4523205

The cumulative update fixes the following issues / makes the following changes:

• Fixes an issue that could cause the Microsoft Defender Advanced Threat Protection service to stop running or stop sending report data.
• Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
• Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
• Security updates

Windows 10 version 1903

• Support article: KB4524570 

The cumulative update lists changes for Windows 10 version 1903 and 1909. It appears that Microsoft included the changes of 1909 in the cumulative update but has not activated them at the time of writing.

• Fixes an issue in the Keyboard Lockdown Subsystem that might not filter key input correctly.
• Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
• Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
• Security updates

Other security updates

• Internet Explorer Cumulative Update: KB4525106
• 2019-11 Security Monthly Quality Rollup for Windows Server 2008 (KB4525234)
• 2019-11 Security Only Quality Update for Windows Server 2008 (KB4525239)
• 2019-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4525246)
• 2019-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4525253)
• 2019-11 Cumulative Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524570)
• 2019-11 Cumulative Update for Windows 10 Version 1507 (KB4525232)
• 2019-11 Cumulative Update for Windows Server 2016, and Windows 10 Version 1607 (KB4525236)
• 2019-11 Cumulative Update for Windows 10 Version 1709 (KB4525241)
• 2019-11 Cumulative Update for Windows 10 Version 1703 (KB4525245)
• 2019-11 Servicing Stack Update for Windows Server 2016, and Windows 10 Version 1607 (KB4520724)
• 2019-11 Servicing Stack Update for Windows 10 Version 1507 (KB4523200)
• 2019-11 Servicing Stack Update for Windows 10 Version 1703 (KB4523201)
• 2019-11 Servicing Stack Update for Windows 10 Version 1709 (KB4523202)
• 2019-11 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016 (KB4523203)
• 2019-11 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019 (KB4523204)
• 2019-11 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4523206)
• 2019-11 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4523208)
• 2019-11 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4524445)
• 2019-11 Servicing Stack Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524569)
• 2019-11 Servicing Stack Update for Windows Server 2008 (KB4526478)

Known Issues

Windows 8.1 and Windows Server 2012 R2

• Certain operations may fail on Cluster Shared Volumes with the error code "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)"

Windows 10 version 1803

• Certain operations may fail on Cluster Shared Volumes with the error code "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)"
• May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) -- Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Windows 10 version 1809

• Same as Windows 10 version 1803 plus
• May receive error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND" with some Asian language packs installed.

Windows 10 version 1903

• May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) -- Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Security advisories and updates

ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Non-security related updates

• 2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
• 2019-11 Dynamic Update for Windows 10 Version 1903 (KB4525043)
• Windows Malicious Software Removal Tool - November 2019 (KB890830)

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2019 security updates

Most home devices running Windows are configured to download and install security updates when they are released. Users who don't want to wait for that to happen or have configured their systems to update manually only may run manual checks for updates or download the cumulative updates from Microsoft's Update Catalog website.

The following needs to be done to check for updates manually:

1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

• KB4525235 -- 2019-11 Security Monthly Quality Rollup for Windows 7
• KB4525233 -- 2019-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB4525243 -- 2019-11 Security Monthly Quality Rollup for Windows 8.1
• KB4525250 -- 2019-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

• KB4525237 -- 2019-11 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

• KB4523205  -- 2019-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

• KB4524570  -- 2019-11 Cumulative Update for Windows 10 Version 1903

Additional resources

• November 2019 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Advertisement