Here's what's new in this month's Patch Tuesday for Windows 7 and 8.1

It's the second Tuesday of the month, and that means every supported version of Windows is getting a slew of cumulative updates, mostly focused on security. Naturally, that includes recent versions of Windows 10, but also Windows 8.1 and, if you're paying for it, WIndows 7. As usual, there are two updates for each operating system, a montly rollup and a security-only update.

For Windows 8.1, the monthly rollup is KB4550961, and you can download it manually here. Here's what's new in this update:

Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Kernel, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.

There are also some known issues with this release:

Symptom	Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.	Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
Devices on a domain might be unable to install apps published using a Group Policy Object (GPO). This issue only affects app installations that use .msi files. It does not affect any other installation methods, such as from the Microsoft Store.	To mitigate this issue, manually install the app on the device. We are working on a resolution and will provide an update in an upcoming release.

Symptom

Workaround

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following:

Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Devices on a domain might be unable to install apps published using a Group Policy Object (GPO). This issue only affects app installations that use .msi files. It does not affect any other installation methods, such as from the Microsoft Store.

To mitigate this issue, manually install the app on the device.

We are working on a resolution and will provide an update in an upcoming release.

The security-only update for Windows 8.1 is KB4550970, and it can be downloaded manually from here. Unlike the monthly rollup, this one won't be available through Windows Update, so you have to download it manually if you want it. The changes are nearly identical, except the security updates to Internet Explorer and Microsoft Scripting Engine aren't included.

The only known issue is the same as the first issues in the aforementioned update.

As for Windows 7, it's worth remembering that Microsoft ended support for the operating system back in January. However, if you're paying for Extended Security Updates (ESU), you can still get updates for three more years. The monthly rollup update for Windows 7 is KB4550964, and you can download it manually here. Here's what's new:

Addresses an issue that might cause certain operations, such as rename, to fail when you perform those operations on files or folders that are on a Cluster Shared Volume (CSV). The error is, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This issue occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Kernel, Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.

There are a couple of known issues with this update, too:

Symptom	Workaround
After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.	This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
Devices on a domain might be unable to install apps published using a Group Policy Object (GPO). This issue only affects app installations that use .msi files. It does not affect any other installation methods, such as from the Microsoft Store.	To mitigate this issue, manually install the app on the device. We are working on a resolution and will provide an update in an upcoming release.

Symptom

Workaround

After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.

This is expected in the following circumstances:

If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.

If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.

To mitigate this issue, manually install the app on the device.

We are working on a resolution and will provide an update in an upcoming release.

As for the security-only update, the identifier is KB4550965, and you'll have to download it manually here if you'd rather get that instead of the monthly rollup. The changelog is actually the same, except the security updates in the second point don't include Internet Explorer or the Microsoft Scripting Engine. As for known issues, it only has the first one in the table above.