Patch Tuesday: Here's what's new for Windows 8.1 and 7

It is the second Tuesday of the month, which means that it is time for Patch Tuesday, the day that all supported versions of Windows receive cumulative updates, which include Windows 10 version, Windows 8.1, and Windows 7 devices enrolled for Extended Security Updates (ESUs).

First up are the updates for Windows 8.1 and Windows Server 2012 R2. As usual, there are two sets of updates, the monthly rollup and the security-only update, with the latter only available for download manually. The monthly rollup is identified as KB4592484 and can be downloaded manually from the Update Catalog here. Here are the fixes in this update:

Corrects the DST start date for the Fiji Islands to December 20, 2020.

Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, “The request is not supported.” in event ID 372 in the PrintService\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.

Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.

And there is one known issue in the update:

Symptom	Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.	Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.

Symptom

Workaround

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following:

Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

The security-only update is KB4592495 and can be manually downloaded from here. The fixes in this update are identical to the second and third points from the monthly rollup. It also shares the single known issue with the monthly rollup.

Next up are updates for Windows 7 SP1 and Windows Server 2008 R2 SP1. It must be noted that these updates will be served only to users that have opted to pay for extended updates. The monthly rollup is KB4592471 and can be downloaded manually from here. Here is the list of fixes made in this update, which is almost identical to the one for Windows 8.1:

Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. To address this issue in the future, make sure your applications or services run as a specific user or service account.

Security updates to Windows Graphics, Windows Peripherals, Windows Storage and Filesystems, and Windows File Server and Clustering.

As for the known issues, the patch contains the rename operation bug for Cluster Shared Volume (CSV) files listed above, along with another issue specific to this version:

Symptom	Workaround
After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.	This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.

Symptom

Workaround

After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.

This is expected in the following circumstances:

If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.

If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.

The security-only update for these Windows versions is labeled KB4592503 and can be downloaded from the Update Catalog here. The list of fixes and known issues for this package is identical to that of the monthly rollup.

A quick note for Windows 10 users this week is that this month’s updates will be the last to roll out for Windows 10 May 2019 Update (version 1903) as it is reaching its end-of-support today. Support ends for all SKUs, including for Enterprise and Education users. While the Redmond firm has already begun moving users on this version to Windows 10 version 1909, if you are still running version 1903, it’s best to check for updates and move to a newer version.