Windows 7 and Windows Server 2008 R2 SP1

Find information on known issues for Windows 7 and Windows Server 2008 R2 SP1. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).


Known issues

This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

SummaryOriginating updateStatusLast updated
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >

Mitigated
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >
October 08, 2019
KB4519976
Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >
August 13, 2019
KB4512506
Mitigated
August 17, 2019
12:59 PM PT

Issue details

November 2019

DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\Download\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, "Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here.

Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top

Mitigated
Last updated:
November 15, 2019
05:59 PM PT

Opened:
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • "The request was aborted: Could not create SSL/TLS secure Channel"
  • SCHANNEL event 36887 is logged in the System event log with the description, "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top
October 08, 2019
KB4519976
Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT

August 2019

DetailsOriginating updateStatusHistory
IA64 and x64 devices may fail to start after installing updates
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
"File: \Windows\system32\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file."

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Back to top
August 13, 2019
KB4512506
Mitigated
Last updated:
August 17, 2019
12:59 PM PT

Opened:
August 13, 2019
08:34 AM PT