Follow

Windows Update 4 for Windows 7 Embedded Standard Products

This is the third follow-up to the original January 2018 Update release discussed in this Zendesk article (click link)Of note in this original update were the first patches for the Spectre and Meltdown viruses. The second update covering all Microsoft Security Patches between January 17 and August 20, 2018 was released in this Zendesk article (clink link). Of note in the second update was protection for Spectre Variant 2. The third Windows update covered all Microsoft Security Patches between August 21, 2018 and May 31, 2019, and was released in this Zendesk article (click link). Of particular note in this update was the patch for the Intel ZombieLoad vulnerability.

This update  4 is another incremental update covering security updates from June 1, 2019 through February 6, 2020. Since it is incremental, this means the earlier updates MUST be applied before applying this update. These patches include the following:

  • KB4507004 - A remote code execution vulnerability fix in .NET software 3.5.1, WCF and WIF.
  • KB4507456 - Provides protections against a variant (CVE-2019-1125) of the Spectre Variant 1 speculative execution side channel vulnerability.
  • KB4474419 - This update introduces SHA-2 code sign support.
  • KB4534251 - This security update resolves vulnerabilities in Internet Explorer.
  • KB4536952 - This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
  • KB4516033 - Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling.
  • KB4520003 - Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization.
  • KB4512486 - Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, and Windows Server.
  • KB4525233 - Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207).
  • KB4530692 - Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, and Windows Server.
  • KB4534310 - Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Windows Storage and Filesystems, and Windows Server.
  • KB4534314 - Security updates to Windows Input and Composition, Windows Storage and Filesystems, and Windows Server.
  • KB4532945 - A remote code execution vulnerability exists when the Microsoft .NET Framework 3.5.1.
  • KB4536952 - This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
  • KB4490628 (x86 only) - Addresses an issue in the servicing stack when you install an update that has been signed by using only the SHA-2 hash algorithm.
  • KB4532932 (x64 only) - A remote code execution vulnerability exists when the Microsoft .NET Framework 4.6 fails to validate input properly.

In case one is unsure whether earlier updates have been applied yet or not and to verify that this  update is fully applied, AtlasIED has written a small Updater Searcher utility, which may be downloaded here (click link).  This tool has been updated to detect up through this Update.

It has also been learned that in certain instances, the Internet Explorer update to version 11 that is part of Update 1 does not get properly installed.  So, the Update Searcher specifically checks for IE 11 to be present on the system.  If not, present, one should run the IE 11 standalone installer included in a separate folder in the Windows Update 2 package.

The current Windows Update 4 package may be downloaded here (click link). (Note, this is a 4.5 GB file, so may take some time to download.) One should unZIP a package to local folders and go into the x86 (32-bit Windows) or x64 (64-bit Windows) folder for the proper updates. There is a !ReadMe.txt file in each folder with instructions.

Special Note Regarding Line Inputs on IP100-series

In testing the security updates, it was discovered that one of the Microsoft updates reverts the audio device that GCK uses for Line Level Inputs on the rear of the IP100-series products to default settings, rendering them unusable by the GCK software. Until an automatically solution/patch can be found, users who are making use of the Line Inputs are advised to review this Zendesk article at attached document and take the steps necessary to manually re-configure the audio recording device back to the way it should be. The article is located in the Tips & Tricks section of support here (click link).

Insuring Sufficient Hard Drive Space for Updates

If the installation process makes an error right at the beginning (e.g., 0x80070070), then most likely the updater does not have sufficient free space to unpack and apply the Windows updates. One should insure there is at least 4 GB of free space on the C: drive (after update files are copied to the system). Older systems with both C: and D: partitions, and systems that have had several GLOBALCOM/GCK software updates applied, could find this to not be the case. Steps one can take to alleviate this problem are:

  • Do not copy the update files to the C: drive (or desktop). Copy it to the D: drive (if present) or leave on a USB drive with sufficient free space. It may unpack a little slower from the USB drive, but at least it will not take up precious space.
  • Delete old copies of GLOBALCOM/GCK files. The procedure is in the attached document, GC Disk Clean-up.pdf.
  • Run the Windows Disk Cleanup app and free up any temporary files still on the C: drive
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk