Microsoft released updates for all supported versions of Windows -- client and server -- on the August 2019 Patch Day. You can check out our overview of the updates if you have not done so already.
Reports suggest that some administrators and home users face issues with the released updates on machines running Windows 7 or Windows Server 2008 R2.
Attempts to install the updates KB4512506 (monthly rollup update) or KB4512486 (security-only update) fail with the error 0x80092004. The error associated with the error code, CRYPT_E_NOT_FOUND, suggests that Windows Update rejects the updates because cryptographic values that the update packages contain are not found.
Microsoft changed the signing of update packages for Windows 7 and Windows Server 2008 R2 devices on the August 2019 Patch Day for the first time. The company signs packages only with SHA-2 since August 2019; it signed them with SHA-1 and SHA-2 previously but decided to drop SHA-1 because of known weaknesses.
We published an article in 2018 about the change stating that Windows 7 and Server 2008 R2 systems needed certain patches to continue receiving updates.
It appears that affected Windows systems are looking for SHA-1 in the update package and ignore SHA-2. SHA-1 is not included anymore and that appears to be the reason why error 0x80092004 is thrown on those systems.
Tip: it is always good to research Windows updates before installing updates.
Microsoft revealed that certain Symantec and Norton software installed on Windows 7 or Windows Server 2008 R2 systems does not play nice with the change and Microsoft made the decision to block updates on machines running Symantec and Norton software until the issue is resolved. The security solutions may block or delete Windows Updates.
While it is possible that the issue is related, e.g. that other antivirus solutions are causing issues with Windows Updates as well, it is more likely that a required update is missing.
Two updates need to be installed on Windows 7 and Windows Server 2008 R2 systems so that SHA-2 signed updates are installed correctly:
If one of these is not installed, SHA-2 signed updates won't be accepted and the error is thrown instead.
Microsoft confirms that KB4474419 is a prerequisite on the support website. The company lists KB4490628 on the page as well stating that it strongly recommends that it is updated. SSU updates are installed automatically if Windows Updates is used but need to be installed manually if updates are installed manually. It is unclear why Microsoft does not list the SSU as a prerequisite more clearly.
You can verify that these updates are installed by checking the "Installed Updates" listing in the Control Panel or by running third-party software such as Nirsoft's WinUpdatesList.
If at least one of the updates is not installed, install it on the device and run a new check for updates after installation; the August 2019 update should install just fine this time.
Now You: Did you run into any issues installing the August 2019 updates? (via Born)Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.