Welcome to the overview of the last Patch Tuesday of 2019. Microsoft released security and non-security updates for all supported products on December 11, 2019.
ADVERTISEMENT
Our monthly series provides system administrators and interested users with information about the updates that Microsoft released in the month that is covered. It includes statistics, links to security and non-security updates, as well as download links, and links to resources and other official pages.
Microsoft released security updates for all versions of Windows as well as other company products such as Microsoft Office, SQL Server, Visual Studio, and Skype for Business.
Windows 10 version 1903 and 1909 share the same security KBs.
Microsoft's Windows 7 operating system won't receive updates anymore after the January 2020 Patch Day (Small Businesses and Enterprises may buy extensions) Microsoft plans to display a full-screen notification on January 15, 2020 on Starter, Home Basic, Home Premium, Professional (without ESU) and Ultimate editions of Windows 7.
Operating System Distribution
Windows 7: 14 vulnerabilities: 1 rated critical and 13 rated important
Security-only Update: KB4530692 -- The security-only update is only available through the Microsoft Update Catalog website and WSUS.
Changes:
Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows Server.
ADV190026 | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business
Non-security related updates
KB4532997 -- 2019-12 Cumulative Update for .NET Framework 4.8 Windows 10 Version 1607, and Windows Server 2016
KB4532998 -- 2019-12 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
KB4532999 -- 2019-12 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
KB4533000 --2019-12 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1903,and Windows Server 2016
KB4533001 -- 2019-12 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809, and Windows Server 2019
KB4533002 -- 2019-12 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909 and Windows 10 Version 1909
KB4533013 -- 2019-12 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809, and Windows Server 2019
KB4533094 -- 2019-12 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809, and Windows Server 2019
KB4533003 -- 2019-12 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard, and Windows Server 2012
KB4533004 -- 2019-12 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, and Windows Server 2012 R2
KB4533005 -- 2019-12 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4533010 -- 2019-12 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard, and Windows Server 2012
KB4533011 -- 2019-12 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 , and Windows Server 2012 R2
KB4533012 -- 2019-12 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4533095 -- 2019-12 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4533096 -- 2019-12 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard, and Windows Server 2012
KB4533097 -- 2019-12 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4533098 -- 2019-12 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008
KB890830 -- Windows Malicious Software Removal Tool - December 2019
How to download and install the December 2019 security updates
Security updates are downloaded and installed automatically on most (Home) Windows systems. Windows runs checks for updates regularly to download and install security updates released by Microsoft.
Windows administrators may run manual checks for updates to speed up the process or download patches from the Microsoft Update Catalog website.
Open the Start Menu of the Windows operating system, type Windows Update and select the result.
Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.
Direct update downloads
Windows 7 SP1 and Windows Server 2008 R2 SP
KB4530734 -- 2019-12 Security Monthly Quality Rollup for Windows 7
KB4530692 -- 2019-12 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
KB4530702 -- 2019-12 Security Monthly Quality Rollup for Windows 8.1
KB4530730 -- 2019-12 Security Only Quality Update for Windows 8.1
Windows 10 (version 1803)
KB4530717Â -- 2019-12 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1809)
KB4530715 Â -- 2019-12 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1903)
KB4530684Â -- 2019-12 Cumulative Update for Windows 10 Version 1903
Windows 10 (version 1909)
KB4530684 -- 2019-12 Cumulative Update for Windows 10 Version 1909
This latest Win 10 update KB4530689 breaks my FTDI serial port USB controller. The USB controller is now “Unknown” with a Port Reset failure. Tried all fixes w/o success.
Thanks once again Microsoft for failing to actually test the update on Server 2012. My server was caught in a perpetual reboot cycle last night until I managed to get it into safe mode and uninstall the update. Garbage software development as has been the case for the last few years.
Hi,
there is a problem on my windows7 64bit. After applying the security only update and after rebboting my system is showing the message “Windows Updates are being configured” and it wont go away. Even after 30 minutes it still shows . . . hope you can help me. Thanks
Try to boot into safe mode (mash F8 during boot process) and uninstall the very last update. Then try updating again, but before you do that, even while you’re in safe mode, get something like CrystalDiskInfo and check your SMART values, particularily look after replaced bad sectors to be ok.
This is what I had to do on ALL of the Windows Server 2012 R2 hypervisors in my office today. They were stuck in a reboot loop, but I was able to get into safe-mode by mashing F8 and then uninstall KB4530691. After uninstalling that, all of said servers can boot now.
Thanks for yout tip. I will try that. All other Updates that were offered have been installed without a problem. Did a rebbot and everthing was fine. It is just the security only update KB4530692-x64 that causes a problem. But still I will check the disk . . . hope that works.
Thanks again Martin,
Like every mount you present a ferry helpful – and informative article.
I myself updated remarkably smoothly and even faster (How Windows o.s. unlike!) to version 1909 build 18363.535. I am right now keeping main fingers crossed that there will be no backlash!
USA Star,
I really would like to help you but your giving me remarkable little information to work with.
Like did you before trying to install your new updates first rebooted your system (so you than where working with a fresh system) and than looked for the updates, and after that tried the install them? Which version and build are you currently working with?
Did you close all outer applications before your started to update?
When your have a old version and build do you know or the latest version and build will be supported by your hardware?
Even more info is better.
Is it possible to use that you took in my implementation? It is now I ran method on my own desktop machine, paying particular attention to USB throughput I compared all on the Microsoft Windows 10 operating system and deployed 64 PDP 11s across the Internet network, and tested the fault tolerance accordingly, and ran 18 trials with a simulated workload, and compared results to that running copy, but no luck.
A W10-1709 new HP desktop purch’d Feb ’19 … I’m at 1909 and continue issue-free use and Updates of Win 10.— 2016 Hm-Stdnt Office C2R also updated rapidly. — Only show Kb4530684 Dec Cum Update and Kb 4533002 Net Frmwk (I’m 4.8) in both Settings & Con Panel WU History. Macrium images always ready at WU …. W10-64 1909 — 18363.535
A “Conceit†like you is creating and breeding “Evilâ€.
As a result, it is converted into a “zombie PC” and “command and control server”, hijacked by an external third party, used as a relay point for unauthorized access, a source of spam, and used for “Distributed Denial of Service attacks”.
This was applied to the cyber attack method of “Iranian nuclear power plant destruction†by Israel.
The same applies to the cyber attack methods that Russia has trick in Ukraine, the United States etc.
Neighbors, and people around the world are at risk from “ignorance, indifference, and stupid things” like you.
In Russia, China, and Turkey, the “people are being watchedâ€, and suddenly they have been “Frame-up (false charge)†and imprisoned and executed.
You may be “one of them: Sacrificial” someday.
Please grow as a “human” with good sense and down-to-earth.
“Man is but a reed, the most feeble thing in nature, but he is a thinking reed.” by Blaise Pascal
nope, I have never had any viruses on my PC…even though I don’t update it I do use Norton as my main antivirus/firewall for security….it’s funny because the kind of people you mentioned getting hacked are the once who are obsessed with windows security…lol nice try though..
@denbisha: I have never had any viruses on my PC…even though I don’t update it I do use Norton as my main antivirus/firewall for security….
Norton (Symantec) ?
It is famous for being useless.
The company also recognizes it.
Symantec Develops New Attack on Cyberhacking | WSJ https://www.wsj.com/articles/symantec-develops-new-attack-on-cyberhacking-1399249948?tesla=y
Declaring Antivirus Software Dead, Firm Turns to Minimizing Damage From Breaches. Symantec Corp. invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.
Antivirus software is dead, says security expert at Symantec | The Guardian https://www.theguardian.com/technology/2014/may/06/antivirus-software-fails-catch-attacks-security-expert-symantec
Antivirus software only catches 45% of malware attacks and is “dead”, according to a senior manager at Symantec.
Remarks by Brian Dye, senior vice-president for information security at the company, which invented commercial antivirus software in the 1980s and now develops and sells Norton Antivirus, suggest that such software leaves users vulnerable.
Stuxnet | Wikipedia https://en.wikipedia.org/wiki/Stuxnet
Stuxnet is a malicious computer worm, first uncovered in 2010, thought to have been in development since at least 2005. Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran’s nuclear program. Although neither country has openly admitted responsibility, the worm is widely understood to be a jointly built American/Israeli cyberweapon.
A security hole will sooner or later occur in the “Windows program†for which support has been abandoned.
The basic principle of Security is to apply security patches and close security holes.
In other words, the key to vulnerability countermeasures is “updatesâ€.
By the way, I do not use 3rd party AV.
Windows Defender is enough.
Windows 10 (x64) Version 1903 (build 18362.476)
To compensate for this, countermeasures are taken with the firewalls “simplewallâ€, “NetLimiter 4 64 bitâ€, and “AppCheck Anti-Ransomwareâ€, the system is audited with Belarc Advisor, and vulnerability updates are checked with PatchMyPC.
Cyber Security | Belarc: Solutions https://www.belarc.com/en/solutions
â–¶ Cyber Security Myths & Reality
– Many cyber attacks today, such as the WannaCry ransomware, are not stopped by traditional cyber security tools such as anti-virus, firewalls or intrusion detection and prevention systems. The solution to stopping today’s attacks is to go back to the basics of cyber security and implement standard security controls and monitor them on a continuous basis.
â— Complete listing of all hardware including desktops, laptops, servers, virtual machines, tablets and phones. Configuration details include make, model, serial number, BIOS or UEFI, operating system, group policies applied, USB storage device usage, encryption status, and more. (CIS Control #1)
â— Complete listing of all installed software including versions and last time used. Ability to automatically compare installed software with standard images or approved software. Flags unused software as candidates to be removed. (CIS Control #2)
â— Automatic vulnerability assessment based on published vulnerabilities from Microsoft, Adobe, Oracle Java and Apple. (CIS Control #3)
â— Detailed information on both local and domain user logins by host and privileges, and the ability to automatically track user account changes such as elevated privileges. (CIS Control #4)
â— Comparison of configurations to the US Government Configuration Baselines (USGCB). (CIS Control #5)
Owl – so glad you mentioned that. People don’t realize that the bad guys are always probing for the uninformed users who leave their computers vulnerable to do exactly what you described. “I’m a little fish so they’re not after me” is a total fallacy. More than ever the little fish are targeted simply because the bad guys know their systems are wide open.
good luck if you find anything on my PC… Hackers and other bad guys aren’t interested in a single person..they usually go for big business, Banks ect …That’s the only reason to update Windows…for anything else is a No..No..NO
Not true.. It’s true ransomware it getting more targeted and expensive, but there’s still lucrative hackers who target vulnerable individuals every day, by throwing a wide net with their “kits”.
Support for Microsoft Security Essentials [MSE] on Windows 7 will end on January 14, 2020, regardless of the Windows 7 Extended Security Update (ESU) status.
This latest Win 10 update KB4530689 breaks my FTDI serial port USB controller. The USB controller is now “Unknown” with a Port Reset failure. Tried all fixes w/o success.
Thanks once again Microsoft for failing to actually test the update on Server 2012. My server was caught in a perpetual reboot cycle last night until I managed to get it into safe mode and uninstall the update. Garbage software development as has been the case for the last few years.
@SSA IT
Hmm, that’s odd.. Perhaps you have a virus and it’s not allowing you to update.
SSU KB4524445 for Win 8.1 dates from November Martin. This URL loads when you click the link in the portal site: https://support.microsoft.com/en-us/help/4524445/compatibility-update-for-installing-windows-8-1-rt-8-1-server-2012-r2
I guess the portal contains a link to a different OS which has been updated.
Hi,
there is a problem on my windows7 64bit. After applying the security only update and after rebboting my system is showing the message “Windows Updates are being configured” and it wont go away. Even after 30 minutes it still shows . . . hope you can help me. Thanks
Try to boot into safe mode (mash F8 during boot process) and uninstall the very last update. Then try updating again, but before you do that, even while you’re in safe mode, get something like CrystalDiskInfo and check your SMART values, particularily look after replaced bad sectors to be ok.
This is what I had to do on ALL of the Windows Server 2012 R2 hypervisors in my office today. They were stuck in a reboot loop, but I was able to get into safe-mode by mashing F8 and then uninstall KB4530691. After uninstalling that, all of said servers can boot now.
But what exactly is causing the problem ?? Why cant I install the “security only update” without getting a boot problem on my x64 machine?
Thanks for yout tip. I will try that. All other Updates that were offered have been installed without a problem. Did a rebbot and everthing was fine. It is just the security only update KB4530692-x64 that causes a problem. But still I will check the disk . . . hope that works.
Is this the last batch of security updates for Win7?
If so, RIP.
I guess it’s time to change to Win10?
Next month will be the last.
Thanks @Martin. All fine here. :D
Windows 1909 Updates failed two times.Third time they were all installed.
A first for me W10. On windows 7 it was more common.
Running the computer for quite some time after the net framework and not searching for new updates might have helped, I don’t know.
Disk usage was quite high for a long time, often peaking at 100%, Also a first on W10 for me.
Now everything seems normal.
Thanks again Martin,
Like every mount you present a ferry helpful – and informative article.
I myself updated remarkably smoothly and even faster (How Windows o.s. unlike!) to version 1909 build 18363.535. I am right now keeping main fingers crossed that there will be no backlash!
Is you work on when now? Helping me no work update yet.
USA Star,
I really would like to help you but your giving me remarkable little information to work with.
Like did you before trying to install your new updates first rebooted your system (so you than where working with a fresh system) and than looked for the updates, and after that tried the install them? Which version and build are you currently working with?
Did you close all outer applications before your started to update?
When your have a old version and build do you know or the latest version and build will be supported by your hardware?
Even more info is better.
Is it possible to use that you took in my implementation? It is now I ran method on my own desktop machine, paying particular attention to USB throughput I compared all on the Microsoft Windows 10 operating system and deployed 64 PDP 11s across the Internet network, and tested the fault tolerance accordingly, and ran 18 trials with a simulated workload, and compared results to that running copy, but no luck.
A W10-1709 new HP desktop purch’d Feb ’19 … I’m at 1909 and continue issue-free use and Updates of Win 10.— 2016 Hm-Stdnt Office C2R also updated rapidly. — Only show Kb4530684 Dec Cum Update and Kb 4533002 Net Frmwk (I’m 4.8) in both Settings & Con Panel WU History. Macrium images always ready at WU …. W10-64 1909 — 18363.535
I haven’t updated my Win 7 in 4 years…still doing fine.
@denbisha,
@darlingimp,
A “Conceit†like you is creating and breeding “Evilâ€.
As a result, it is converted into a “zombie PC” and “command and control server”, hijacked by an external third party, used as a relay point for unauthorized access, a source of spam, and used for “Distributed Denial of Service attacks”.
This was applied to the cyber attack method of “Iranian nuclear power plant destruction†by Israel.
The same applies to the cyber attack methods that Russia has trick in Ukraine, the United States etc.
Neighbors, and people around the world are at risk from “ignorance, indifference, and stupid things” like you.
In Russia, China, and Turkey, the “people are being watchedâ€, and suddenly they have been “Frame-up (false charge)†and imprisoned and executed.
You may be “one of them: Sacrificial” someday.
Please grow as a “human” with good sense and down-to-earth.
“Man is but a reed, the most feeble thing in nature, but he is a thinking reed.” by Blaise Pascal
nope, I have never had any viruses on my PC…even though I don’t update it I do use Norton as my main antivirus/firewall for security….it’s funny because the kind of people you mentioned getting hacked are the once who are obsessed with windows security…lol nice try though..
@denbisha: I have never had any viruses on my PC…even though I don’t update it I do use Norton as my main antivirus/firewall for security….
Norton (Symantec) ?
It is famous for being useless.
The company also recognizes it.
Symantec Develops New Attack on Cyberhacking | WSJ
https://www.wsj.com/articles/symantec-develops-new-attack-on-cyberhacking-1399249948?tesla=y
Declaring Antivirus Software Dead, Firm Turns to Minimizing Damage From Breaches. Symantec Corp. invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.
Antivirus software is dead, says security expert at Symantec | The Guardian
https://www.theguardian.com/technology/2014/may/06/antivirus-software-fails-catch-attacks-security-expert-symantec
Antivirus software only catches 45% of malware attacks and is “dead”, according to a senior manager at Symantec.
Remarks by Brian Dye, senior vice-president for information security at the company, which invented commercial antivirus software in the 1980s and now develops and sells Norton Antivirus, suggest that such software leaves users vulnerable.
Stuxnet | Wikipedia
https://en.wikipedia.org/wiki/Stuxnet
Stuxnet is a malicious computer worm, first uncovered in 2010, thought to have been in development since at least 2005. Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran’s nuclear program. Although neither country has openly admitted responsibility, the worm is widely understood to be a jointly built American/Israeli cyberweapon.
A security hole will sooner or later occur in the “Windows program†for which support has been abandoned.
The basic principle of Security is to apply security patches and close security holes.
In other words, the key to vulnerability countermeasures is “updatesâ€.
By the way, I do not use 3rd party AV.
Windows Defender is enough.
Windows 10 (x64) Version 1903 (build 18362.476)
To compensate for this, countermeasures are taken with the firewalls “simplewallâ€, “NetLimiter 4 64 bitâ€, and “AppCheck Anti-Ransomwareâ€, the system is audited with Belarc Advisor, and vulnerability updates are checked with PatchMyPC.
Cyber Security | Belarc: Solutions
https://www.belarc.com/en/solutions
â–¶ Cyber Security Myths & Reality
– Many cyber attacks today, such as the WannaCry ransomware, are not stopped by traditional cyber security tools such as anti-virus, firewalls or intrusion detection and prevention systems. The solution to stopping today’s attacks is to go back to the basics of cyber security and implement standard security controls and monitor them on a continuous basis.
â— Complete listing of all hardware including desktops, laptops, servers, virtual machines, tablets and phones. Configuration details include make, model, serial number, BIOS or UEFI, operating system, group policies applied, USB storage device usage, encryption status, and more. (CIS Control #1)
â— Complete listing of all installed software including versions and last time used. Ability to automatically compare installed software with standard images or approved software. Flags unused software as candidates to be removed. (CIS Control #2)
â— Automatic vulnerability assessment based on published vulnerabilities from Microsoft, Adobe, Oracle Java and Apple. (CIS Control #3)
â— Detailed information on both local and domain user logins by host and privileges, and the ability to automatically track user account changes such as elevated privileges. (CIS Control #4)
â— Comparison of configurations to the US Government Configuration Baselines (USGCB). (CIS Control #5)
Owl – so glad you mentioned that. People don’t realize that the bad guys are always probing for the uninformed users who leave their computers vulnerable to do exactly what you described. “I’m a little fish so they’re not after me” is a total fallacy. More than ever the little fish are targeted simply because the bad guys know their systems are wide open.
Same here … doin’ just fine!
@denbisha
We know, as we’ve been using your system to do all sorts of fun stuff without your knowledge.
THANKS!
good luck if you find anything on my PC… Hackers and other bad guys aren’t interested in a single person..they usually go for big business, Banks ect …That’s the only reason to update Windows…for anything else is a No..No..NO
@denbisha
Not true.. It’s true ransomware it getting more targeted and expensive, but there’s still lucrative hackers who target vulnerable individuals every day, by throwing a wide net with their “kits”.
@PLA Unit 61398 : We have been on Your system without You knowing anything about it. Thank You !
hi Martin.
Support for Microsoft Security Essentials [MSE] on Windows 7 will end on January 14, 2020, regardless of the Windows 7 Extended Security Update (ESU) status.
https://borncity.com/win/2019/12/10/windows-7-soon-end-of-life-for-microsoft-security-essentials/
https://news.softpedia.com/news/microsoft-to-kill-off-its-windows-7-free-antivirus-next-month-528522.shtml
Neat, just manually updated LTSC. All went well.