Microsoft Windows Security Updates December 2019 overview - gHacks Tech News

ADVERTISEMENT

Microsoft Windows Security Updates December 2019 overview

Welcome to the overview of the last Patch Tuesday of 2019. Microsoft released security and non-security updates for all supported products on December 11, 2019.

Our monthly series provides system administrators and interested users with information about the updates that Microsoft released in the month that is covered. It includes statistics, links to security and non-security updates, as well as download links, and links to resources and other official pages.

Click here to access the November 2019 Microsoft Patch Day overview.

Microsoft Windows Security Updates December 2019

microsoft windows security updates december 2019

You may download the following (zipped) Excel spreadsheet that contains a list of released updates in December 2019: microsoft-windows-security-updates-december-2019

Executive Summary

  • This is the last Patch Tuesday of 2019.
  • Microsoft released security updates for all versions of Windows as well as other company products such as Microsoft Office, SQL Server, Visual Studio, and Skype for Business.
  • Windows 10 version 1903 and 1909 share the same security KBs.
  • Microsoft's Windows 7 operating system won't receive updates anymore after the January 2020 Patch Day (Small Businesses and Enterprises may buy extensions) Microsoft plans to display a full-screen notification on January 15, 2020 on Starter, Home Basic, Home Premium, Professional (without ESU) and Ultimate editions of Windows 7.

Operating System Distribution

  • Windows 7: 14 vulnerabilities: 1 rated critical and 13 rated important
    • CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability
  • Windows 8.1: 11 vulnerabilities: 1 rated critical and 10 rated important
    • CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability
  • Windows 10 version 1803: 14 vulnerabilities: 2 critical and 12 important
    • CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability
    • CVE-2019-1471 | Windows Hyper-V Remote Code Execution Vulnerability
  • Windows 10 version 1809: 15 vulnerabilities: 2 critical and 13  important
    • Same as Windows 10 version 1803
  • Windows 10 version 1903: 14 vulnerabilities: 2 critical and 12 important
  • Windows 10 version 1909: same as Windows 10 version 1903

Windows Server products

  • Windows Server 2008 R2: 12 vulnerabilities: 1 critical and 11 important.
    • CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 11 vulnerabilities: 1 critical and 10 important.
    • Same as Windows Server 2008 R2
  • Windows Server 2016: 13 vulnerabilities: 1 critical and 12 important.
    • Same as Windows Server 2008 R2
  • Windows Server 2019: 15 vulnerabilities: 22 critical and 13 are important
    • CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability
    • CVE-2019-1471 | Windows Hyper-V Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 1 vulnerability: 1 important
  • Microsoft Edge: none?
  • Microsoft Edge on Chromium: none?

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

  • Monthly Rollup: KB4530734
  • Security-only Update: KB4530692 -- The security-only update is only available through the Microsoft Update Catalog website and WSUS.

Changes:

  • Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows Server.

Windows 8.1 and Server 2012 R2

Changes:

Security updates to Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows Server.

Windows 10 version 1803

Changes:

  • Fixes an issue that prevented Microsoft Store from opening on Windows on Arm.
  • Security updates to Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows Server

Windows 10 version 1809

Changes:

  • Fixed a diagnostic data processing issue for devices on which the setting was set to Basic.
  • Same as Windows 10 version 1803.

Windows 10 version 1903

Changes:

  • Fixed an issue that could cause error 0x3B in cldflt.sys on some devices.
  • Fixed an issue that could prevent the creation of local user accounts when IME is used.
  • Security updates to Windows Virtualization, Windows Kernel, the Microsoft Scripting Engine, and Windows Server.

Windows 10 version 1909

Changes:

  • Same as Windows 10 version 1903

Other security updates

KB4530677 -- 2019-12 Cumulative Security Update for Internet Explorer

KB4530691 -- 2019-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard, and Windows Server 2012

KB4530695 -- 2019-12 Security Monthly Quality Rollup for Windows Server 2008

KB4530698 -- 2019-12 Security Only Quality Update for Windows Embedded 8 Standard, and Windows Server 2012

KB4530719 -- 2019-12 Security Only Quality Update for Windows Server 2008

KB4530681 -- 2019-12 Cumulative Update for Windows 10 Version 1507

KB4530689 -- 2019-12 Cumulative Update for Windows 10 Version 1607

KB4530711 -- 2019-12 Cumulative Update for Windows 10 Version 1703

KB4530714 -- 2019-12 Cumulative Update for Windows 10 Version 1709

KB4531787 -- 2019-12 Servicing Stack Update for Windows Server 2008

KB4532920 -- 2019-12 Servicing Stack Update for Windows Embedded 8 Standard, and Windows Server 2012

Known Issues

Windows 7 SP1 and Server 2008 R2:

Microsoft does not list any known issues on the KB support article but the release notes state that there is an (unnamed) issue.

Windows 8.1 and Server 2012 R2:

  • Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail

Windows 10 version 1803:

  • Same as Windows 8.1 and Server 2012 R2.
  • Problem creating local user accounts during the Out of Box Experienced when using Input Method Editor (IME).

Windows 10 version 1809:

  • Same as Windows 10 version 1803
  • Devices with "some" Asian language packs may throw error 0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.

Security advisories and updates

ADV990001 | Latest Servicing Stack Updates

ADV190026 | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business

Non-security related updates

KB4532997 -- 2019-12 Cumulative Update for .NET Framework 4.8 Windows 10 Version 1607, and Windows Server 2016

KB4532998 -- 2019-12 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4532999 -- 2019-12 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

KB4533000 --2019-12 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1903,and Windows Server 2016

KB4533001 -- 2019-12 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809, and Windows Server 2019

KB4533002 -- 2019-12 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909 and Windows 10 Version 1909

KB4533013 -- 2019-12 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809, and Windows Server 2019

KB4533094 -- 2019-12 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809, and Windows Server 2019

KB4533003 -- 2019-12 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard, and Windows Server 2012

KB4533004 -- 2019-12 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, and Windows Server 2012 R2

KB4533005 -- 2019-12 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4533010 -- 2019-12 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard, and Windows Server 2012

KB4533011 -- 2019-12 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 , and Windows Server 2012 R2

KB4533012 -- 2019-12 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4533095 -- 2019-12 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4533096 -- 2019-12 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard, and Windows Server 2012

KB4533097 -- 2019-12 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4533098 -- 2019-12 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

KB890830 -- Windows Malicious Software Removal Tool - December 2019

Microsoft Office Updates

You find Office update information here.

How to download and install the December 2019 security updates

Security updates are downloaded and installed automatically on most (Home) Windows systems. Windows runs checks for updates regularly to download and install security updates released by Microsoft.

Windows administrators may run manual checks for updates to speed up the process or download patches from the Microsoft Update Catalog website.

Note: we recommend that backups are created before updates are installed.

Do this to run a manual check for updates:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4530734 -- 2019-12 Security Monthly Quality Rollup for Windows 7
  • KB4530692 -- 2019-12 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4530702 -- 2019-12 Security Monthly Quality Rollup for Windows 8.1
  • KB4530730 -- 2019-12 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

  • KB4530717 -- 2019-12 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1809)

  • KB4530715  -- 2019-12 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4530684 -- 2019-12 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4530684 -- 2019-12 Cumulative Update for Windows 10 Version 1909

Additional resources

Summary
Microsoft Windows Security Updates December 2019 overview
Article Name
Microsoft Windows Security Updates December 2019 overview
Description
Microsoft released security and non-security updates for the Microsoft Windows operating system and other company products on December 11, 2019.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Yuliya said on December 10, 2019 at 9:36 pm
    Reply

    Neat, just manually updated LTSC. All went well.

  2. EP said on December 10, 2019 at 9:54 pm
    Reply

    hi Martin.

    Support for Microsoft Security Essentials [MSE] on Windows 7 will end on January 14, 2020, regardless of the Windows 7 Extended Security Update (ESU) status.

    https://borncity.com/win/2019/12/10/windows-7-soon-end-of-life-for-microsoft-security-essentials/
    https://news.softpedia.com/news/microsoft-to-kill-off-its-windows-7-free-antivirus-next-month-528522.shtml

  3. denbisha said on December 10, 2019 at 10:17 pm
    Reply

    I haven’t updated my Win 7 in 4 years…still doing fine.

    1. PLA Unit 61398 said on December 11, 2019 at 6:22 am
      Reply

      @denbisha

      We know, as we’ve been using your system to do all sorts of fun stuff without your knowledge.

      THANKS!

      1. Anonymous said on December 11, 2019 at 10:07 am
        Reply

        @PLA Unit 61398 : We have been on Your system without You knowing anything about it. Thank You !

      2. denbisha said on December 11, 2019 at 11:37 pm
        Reply

        good luck if you find anything on my PC… Hackers and other bad guys aren’t interested in a single person..they usually go for big business, Banks ect …That’s the only reason to update Windows…for anything else is a No..No..NO

      3. knobbee said on December 12, 2019 at 9:09 pm
        Reply

        @denbisha

        Not true.. It’s true ransomware it getting more targeted and expensive, but there’s still lucrative hackers who target vulnerable individuals every day, by throwing a wide net with their “kits”.

    2. darlingimp said on December 12, 2019 at 2:58 am
      Reply

      Same here … doin’ just fine!

    3. owl said on December 12, 2019 at 11:11 am
      Reply

      @denbisha,
      @darlingimp,

      A “Conceit” like you is creating and breeding “Evil”.
      As a result, it is converted into a “zombie PC” and “command and control server”, hijacked by an external third party, used as a relay point for unauthorized access, a source of spam, and used for “Distributed Denial of Service attacks”.
      This was applied to the cyber attack method of “Iranian nuclear power plant destruction” by Israel.
      The same applies to the cyber attack methods that Russia has trick in Ukraine, the United States etc.

      Neighbors, and people around the world are at risk from “ignorance, indifference, and stupid things” like you.
      In Russia, China, and Turkey, the “people are being watched”, and suddenly they have been “Frame-up (false charge)” and imprisoned and executed.
      You may be “one of them: Sacrificial” someday.

      Please grow as a “human” with good sense and down-to-earth.
      “Man is but a reed, the most feeble thing in nature, but he is a thinking reed.” by Blaise Pascal

      1. Declan said on December 12, 2019 at 2:43 pm
        Reply

        Owl – so glad you mentioned that. People don’t realize that the bad guys are always probing for the uninformed users who leave their computers vulnerable to do exactly what you described. “I’m a little fish so they’re not after me” is a total fallacy. More than ever the little fish are targeted simply because the bad guys know their systems are wide open.

      2. denbisha said on December 12, 2019 at 9:24 pm
        Reply

        nope, I have never had any viruses on my PC…even though I don’t update it I do use Norton as my main antivirus/firewall for security….it’s funny because the kind of people you mentioned getting hacked are the once who are obsessed with windows security…lol nice try though..

      3. owl said on December 13, 2019 at 3:36 am
        Reply

        @denbisha: I have never had any viruses on my PC…even though I don’t update it I do use Norton as my main antivirus/firewall for security….

        Norton (Symantec) ?
        It is famous for being useless.
        The company also recognizes it.
        Symantec Develops New Attack on Cyberhacking | WSJ
        https://www.wsj.com/articles/symantec-develops-new-attack-on-cyberhacking-1399249948?tesla=y
        Declaring Antivirus Software Dead, Firm Turns to Minimizing Damage From Breaches. Symantec Corp. invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.
        Antivirus software is dead, says security expert at Symantec | The Guardian
        https://www.theguardian.com/technology/2014/may/06/antivirus-software-fails-catch-attacks-security-expert-symantec
        Antivirus software only catches 45% of malware attacks and is “dead”, according to a senior manager at Symantec.
        Remarks by Brian Dye, senior vice-president for information security at the company, which invented commercial antivirus software in the 1980s and now develops and sells Norton Antivirus, suggest that such software leaves users vulnerable.

        Stuxnet | Wikipedia
        https://en.wikipedia.org/wiki/Stuxnet
        Stuxnet is a malicious computer worm, first uncovered in 2010, thought to have been in development since at least 2005. Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran’s nuclear program. Although neither country has openly admitted responsibility, the worm is widely understood to be a jointly built American/Israeli cyberweapon.

      4. owl said on December 13, 2019 at 5:28 am
        Reply

        A security hole will sooner or later occur in the “Windows program” for which support has been abandoned.

        The basic principle of Security is to apply security patches and close security holes.
        In other words, the key to vulnerability countermeasures is “updates”.

        By the way, I do not use 3rd party AV.
        Windows Defender is enough.
        Windows 10 (x64) Version 1903 (build 18362.476)
        To compensate for this, countermeasures are taken with the firewalls “simplewall”, “NetLimiter 4 64 bit”, and “AppCheck Anti-Ransomware”, the system is audited with Belarc Advisor, and vulnerability updates are checked with PatchMyPC.

        Cyber Security | Belarc: Solutions
        https://www.belarc.com/en/solutions
        ▶ Cyber Security Myths & Reality
        – Many cyber attacks today, such as the WannaCry ransomware, are not stopped by traditional cyber security tools such as anti-virus, firewalls or intrusion detection and prevention systems. The solution to stopping today’s attacks is to go back to the basics of cyber security and implement standard security controls and monitor them on a continuous basis.
        ● Complete listing of all hardware including desktops, laptops, servers, virtual machines, tablets and phones. Configuration details include make, model, serial number, BIOS or UEFI, operating system, group policies applied, USB storage device usage, encryption status, and more. (CIS Control #1)
        ● Complete listing of all installed software including versions and last time used. Ability to automatically compare installed software with standard images or approved software. Flags unused software as candidates to be removed. (CIS Control #2)
        ● Automatic vulnerability assessment based on published vulnerabilities from Microsoft, Adobe, Oracle Java and Apple. (CIS Control #3)
        ● Detailed information on both local and domain user logins by host and privileges, and the ability to automatically track user account changes such as elevated privileges. (CIS Control #4)
        ● Comparison of configurations to the US Government Configuration Baselines (USGCB). (CIS Control #5)

  4. Craig Stark said on December 10, 2019 at 10:24 pm
    Reply

    A W10-1709 new HP desktop purch’d Feb ’19 … I’m at 1909 and continue issue-free use and Updates of Win 10.— 2016 Hm-Stdnt Office C2R also updated rapidly. — Only show Kb4530684 Dec Cum Update and Kb 4533002 Net Frmwk (I’m 4.8) in both Settings & Con Panel WU History. Macrium images always ready at WU …. W10-64 1909 — 18363.535

  5. Paul(us) said on December 11, 2019 at 12:41 am
    Reply

    Thanks again Martin,
    Like every mount you present a ferry helpful – and informative article.
    I myself updated remarkably smoothly and even faster (How Windows o.s. unlike!) to version 1909 build 18363.535. I am right now keeping main fingers crossed that there will be no backlash!

    1. USA Star said on December 11, 2019 at 6:33 am
      Reply

      Is you work on when now? Helping me no work update yet.

      1. Paul(us) said on December 11, 2019 at 2:07 pm
        Reply

        USA Star,
        I really would like to help you but your giving me remarkable little information to work with.
        Like did you before trying to install your new updates first rebooted your system (so you than where working with a fresh system) and than looked for the updates, and after that tried the install them? Which version and build are you currently working with?
        Did you close all outer applications before your started to update?
        When your have a old version and build do you know or the latest version and build will be supported by your hardware?
        Even more info is better.

      2. USA Star said on December 12, 2019 at 9:51 pm
        Reply

        Is it possible to use that you took in my implementation? It is now I ran method on my own desktop machine, paying particular attention to USB throughput I compared all on the Microsoft Windows 10 operating system and deployed 64 PDP 11s across the Internet network, and tested the fault tolerance accordingly, and ran 18 trials with a simulated workload, and compared results to that running copy, but no luck.

  6. Sebas said on December 11, 2019 at 7:40 am
    Reply

    Windows 1909 Updates failed two times.Third time they were all installed.

    A first for me W10. On windows 7 it was more common.

    Running the computer for quite some time after the net framework and not searching for new updates might have helped, I don’t know.

    Disk usage was quite high for a long time, often peaking at 100%, Also a first on W10 for me.

    Now everything seems normal.

  7. John G. said on December 11, 2019 at 9:40 am
    Reply

    Thanks @Martin. All fine here. :D

  8. kanade said on December 11, 2019 at 10:34 am
    Reply

    Is this the last batch of security updates for Win7?

    If so, RIP.

    I guess it’s time to change to Win10?

    1. Martin Brinkmann said on December 11, 2019 at 10:57 am
      Reply

      Next month will be the last.

  9. Luke said on December 11, 2019 at 11:39 am
    Reply

    Hi,
    there is a problem on my windows7 64bit. After applying the security only update and after rebboting my system is showing the message “Windows Updates are being configured” and it wont go away. Even after 30 minutes it still shows . . . hope you can help me. Thanks

    1. Yuliya said on December 11, 2019 at 11:49 am
      Reply

      Try to boot into safe mode (mash F8 during boot process) and uninstall the very last update. Then try updating again, but before you do that, even while you’re in safe mode, get something like CrystalDiskInfo and check your SMART values, particularily look after replaced bad sectors to be ok.

      1. Anonymous said on December 11, 2019 at 4:08 pm
        Reply

        Thanks for yout tip. I will try that. All other Updates that were offered have been installed without a problem. Did a rebbot and everthing was fine. It is just the security only update KB4530692-x64 that causes a problem. But still I will check the disk . . . hope that works.

      2. Mike said on December 11, 2019 at 8:30 pm
        Reply

        This is what I had to do on ALL of the Windows Server 2012 R2 hypervisors in my office today. They were stuck in a reboot loop, but I was able to get into safe-mode by mashing F8 and then uninstall KB4530691. After uninstalling that, all of said servers can boot now.

      3. Anonymous said on December 12, 2019 at 6:07 pm
        Reply

        But what exactly is causing the problem ?? Why cant I install the “security only update” without getting a boot problem on my x64 machine?

  10. TelV said on December 11, 2019 at 2:16 pm
    Reply

    SSU KB4524445 for Win 8.1 dates from November Martin. This URL loads when you click the link in the portal site: https://support.microsoft.com/en-us/help/4524445/compatibility-update-for-installing-windows-8-1-rt-8-1-server-2012-r2

    I guess the portal contains a link to a different OS which has been updated.

  11. SSA IT said on December 11, 2019 at 5:43 pm
    Reply

    Thanks once again Microsoft for failing to actually test the update on Server 2012. My server was caught in a perpetual reboot cycle last night until I managed to get it into safe mode and uninstall the update. Garbage software development as has been the case for the last few years.

    1. oh no said on December 12, 2019 at 9:22 pm
      Reply

      @SSA IT

      Hmm, that’s odd.. Perhaps you have a virus and it’s not allowing you to update.

  12. Dan said on December 19, 2019 at 5:55 pm
    Reply

    This latest Win 10 update KB4530689 breaks my FTDI serial port USB controller. The USB controller is now “Unknown” with a Port Reset failure. Tried all fixes w/o success.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.