Security monthly quality rollup for windows что это
Как установить Windows 10
Идём в « Центр обновления Windows » и жмём на кнопку «Настройка параметров»
Выбираем «Устанавливать обновления автоматически (рекомендуется)»
для 64-битной системы скачиваем здесь (у меня установлена Windows 7 64-бит, поэтому я выберу его)
для 32-битной системы скачиваем здесь
Запускаем установку обновления.
Выполняется установка обновлений.
Обновление KB3020369 установлено.
Скачиваем по ссылке и устанавливаем обновление KB3172605
Обновление скачивается нам на компьютер.
Обновление KB3172605 устанавливается.
Обновление установлено. Жмём на кнопку «Перезагрузить сейчас»
Происходит настройка обновлений.
Загружается Windows 7.
Вот теперь скачиваем накопительный пакет обновлений «Rollup Update» (KB3125574) по ссылке
Щёлкаем левой мышью на сообщении и разрешаем браузеру установить надстройку.
Установить надстройку для всех пользователей данного компьютера.
Я выбираю обновление KB3125574 для Windows 64-бит и жму «Добавить»
Видим в корзине наш накопительный пакет размером 476,9 Мб и жмём «Загрузить»
Выбираю для загрузки «Рабочий стол» и жму
Накопительный пакет обновлений «Rollup Update» скачивается мне на рабочий стол.
Идём на рабочий стол и заходим в папку Update for Windows 7 for x64-based Systems (KB3125574).
Запускаем установку накопительного обновления.
Установить следующее обновление программного обеспечения Windows?
Выполняется установка обновлений
Обновление установлено. Жмём на кнопку «Перезагрузить»
После перезагрузка происходит настройка обновлений.
После перезагрузки идём в Центр обновлений Windows 7 и смотрим журнал обновлений.
Видим установленные нами обновления: KB3020369, KB3172605 и KB3125574.
В Центре обновлений Windows 7 идёт поиск обновлений.
Через пару минут обновления найдены и система предлагает их скачать и установить.
Жмём на кнопку « Установить обновления»
Принимаем условия лицензионного соглашения и жмём «Готово »
Начинается загрузка обновлений.
Выполняется установка обновлений.
Обновления успешно установлены. Для завершения установки обновлений перезагружаем компьютер.
После загрузки Windows 7, видим, что все обновления успешно установлены.
Смотрим Журнал обновлений
и видим, что все существующие на сегодняшний день обновления установлены в нашу операционную систему.
Новая накопительная модель обновления Windows 7 и 8.1
С октября 2016 года Microsoft переходит на новую модель выпуска накопительных обновлений для Windows, которая отныне будет применяться не только в Windows 10/ Server 2016, но и в Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 и Windows Server 2012/2012 R2. Таким образом, обновления, выпущенные в прошлый вторник 11 октября в рамках Patch Tuesday уже распространяются по новой модели обновления, используемой в Windows 10.
Смысл изменения – теперь вместо нескольких обновлений, пользователь будет получать один раз месяц один большой апдейт со всеми нужными обновлениями. Так планируется решить проблему фрагментации обновлений, когда на разных компьютерах стоят разные наборы обновлений. Пример типичной фрагментации установленных обновлений на компьютере показан ниже.
Начиная с октября 2016 года Microsoft для всех поддерживаемых версий Windows будет выпускать единый ежемесячный накопительный пакет обновлений (Monthly Rollup). Данный пакет включает в себя обновления безопасности, а также обновления, касающиеся стабильности и надежности работы системы. Теперь вместо множества фрагментированных обновлений, будет выходить один пакет. Причем накопительный пакет текущего месяца является кумулятивным, т.е. заменяет накопительный пакет предыдущего месяца и включает в себя все предыдущие обновления обновления текущего месяца.
Отдельно выпускается ежемесячный пакет с обновлениями безопасности (Security-only Updates), однако он не является накопительным, т.е. включает в себя только обновления безопасности текущего месяца.
Такие пакеты обновления будут доступны для скачивания в Центре обновления Windows (Windows Update), WSUS, SCCM и каталоге Microsoft Update.
Как и ранее, каждый пакет обновлений безопасности или rollup, имеет свой уникальный номер KB.
Вот как, к примеру, выглядит список обновлений у установке на ПК с Windows 7 SP, полученных 12 октября.
Новая модель обновлений, единая для всех поддерживаемых версий Windows, призвана упростить и улучшить процедуру обслуживания Windows 7 SP1, Windows 8.1 и Windows Server.
С учётом того, что нередко свежеустановленные обновления MS могут нарушить нормальное функционирование системы, нужно понимать, что точечно удалить проблемное обновление теперь будет нельзя. Пакет удаляется только целиком. Как это будет на практике будем посмотреть.
April 13, 2021—KB5001335 (Monthly Rollup)
Important: Verify that you have installed the required updates listed in the How to get this update section before installing this update.
For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history home page.
Improvements and fixes
This security update includes improvements and fixes that were a part of update KB5000841 (released March 9, 2021) and addresses the following issues:
Addresses a time zone change for Volgograd, Russia from UTC+4 to UTC+3 Moscow Standard Time (MSK).
Addresses a time zone change for The Republic of South Sudan from UTC+3 to UTC+2 Juba. For more information about this change, see KB 4601275.
Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.
Addresses an issue if you monitor for these events, Windows Backup will not report a successful Event ID 14 or backup finished Event ID 4 after you apply update KB4561643 or KB4556843.
Security updates to Windows Apps, Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.
For more information about the resolved security vulnerabilities, please refer to the new Security Update Guide website.
Known issues in this update
After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.
This is expected in the following circumstances:
If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the «How to get this update» section of this article.
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Microsoft is working on a resolution and will provide an update in an upcoming release.
How to get this update
Before installing this update
IMPORTANT Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in KB4522133 to continue receiving security updates after extended support ends. Extended support ends as follows:
For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.
For Windows Embedded Standard 7, extended support ends on October 13, 2020.
For more information about ESU and which editions are supported, see KB4497181.
Note For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.
You must install the updates listed below and restart your device before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.
The March 12, 2019 servicing stack update (SSU) (KB4490628). To get the standalone package for this SSU, search for it in the Microsoft Update Catalog. This update is required to install updates that are only SHA-2 signed.
The latest SHA-2 update (KB4474419) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
For Windows Thin PC, you must have the August 11, 2020 SSU (KB4570673) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.
To get this security update, you must reinstall the «Extended Security Updates (ESU) Licensing Preparation Package» (KB4538483) or the «Update for the Extended Security Updates (ESU) Licensing Preparation Package» (KB4575903) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the Microsoft Update Catalog.
After you install the items above, we strongly recommend that you install the latest SSU (KB4592510). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Install this update
Windows Update and Microsoft Update
None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer.
Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC
Classification: Security Updates
File information
For a list of the files that are provided in this update, download the file information for cumulative update 5001335.
October 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2
The October 2016 Preview of Monthly Quality Rollup includes some new improvements and fixes for the Windows 8.1 and Windows Server 2012 R2 platforms. We recommend that you apply this quality rollup as part of your regular maintenance routines. Before you install this update, see the Prerequisites and the Restart requirement sections.
Improvements and fixes
To learn more about the nonsecurity improvements and fixes in this update, see the «October 18, 2016 – KB3192404» section in Windows 8.1 and Windows Server 2012 R2 update history.
Known issues that are resolved by this update
This update resolves known issues that are caused by security update 3170005. For more information about the known issues, see the
Oct 2016 Update: Mitigation for known issues section in KB 3170005.
How to get this update
Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Method 1: Windows Update
This update is provided as an Optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Note You must be running Microsoft Internet Explorer 6 or later versions.
Method 3: Microsoft Download Center
The following files are available for download from the Microsoft Download Center:
All supported x86-based versions of Windows 8.1
Download the package now.
All supported x64-based versions of Windows 8.1
Download the package now.
All supported x64-based versions of Windows Server 2012 R2
Download the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Update detail information
Prerequisites
To apply this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed on Windows 8.1 or Windows Server 2012 R2.
Restart requirement
You must restart the computer after you apply this update.
Registry information
To apply this update, you don’t have to make any changes to the registry.
Update replacement information
This update doesn’t replace any previously released update.
File Information
File informationFor a list of the files that are provided in this update, download the file information for update rollup 3192404.
This package updates the Diagnostic and Telemetry service to provide benefit for enterprises using Upgrade Analytics to plan and manage the Windows upgrade process. This update includes:
Support to enable upload of telemetry and download of settings in an authenticated proxy environment by impersonating the logged on user
Support to configure a specific proxy to upload telemetry and download settings
The Diagnostic and Telemetry service collects usage and diagnostics information from Windows. You can learn more about the Customer Experience Improvement Program (CEIP) here.
This update uses SSL (TCP Port 443) to download manifests and upload telemetry to Microsoft that uses the following DNS endpoints:
This update contains the following two manifests that are used by the service.
Registry informationImportant
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
By default on Windows 8.1, support for sending usage and diagnostics information through an authenticated proxy is disabled. When the setting isn’t disabled (0x0) through the following registry key, the Diagnostic and Telemetry service will impersonate a logged on user to authenticate with the proxy to send the information. If you are using Upgrade Analytics in a network environment that uses an authenticated proxy, we recommends configuring this setting to 0x0.
Locate and then select the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
On the Edit menu, point to New, and then click DWORD Value.
Type DisableEnterpriseAuthProxy, and then press the Enter key.
In the Details pane, right-click DisableEnterpriseAuthProxy, and then click Modify.
In the Value data box, type 0 (not disabled) or 1 (disabled), and then click OK.
You can also configure the Diagnostic and Telemetry service to forward usage and diagnostics information to a specific proxy server using the following registry path. You can specify the FQDN or IP address of the proxy server and optionally a port number.
Locate and then select the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
On the Edit menu, point to New, and then click String Value.
Type TelemetryProxy, and then press the Enter key.
In the Details pane, right-click TelemetryProxy, and then click Modify.
In the Value data box, type server:port, and then click OK.
For more information about Windows Update, go to the following Microsoft websites:
Learn about the terminology that Microsoft uses to describe software updates.
July 14, 2020—KB4565524 (Monthly Rollup)
NEW
IMPORTANT Starting in July 2020, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability. For more information about the vulnerability, seeCVE-2020-1036 and KB4570006. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:
If you re-enable RemoteFX vGPU, a message similar to the following will appear:
“The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”
“The virtual machine cannot be started because the server has insufficient GPU resources.”
«We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)”
IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update.
IMPORTANT Some customers who use Windows Server 2008 R2 SP1 and have activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on the affected devices should only be required once. For information on activation, see this blog post.
IMPORTANT WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets.
IMPORTANT Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in KB4522133 to continue receiving security updates after extended support ends on January 14, 2020. For more information on ESU and which editions are supported, see KB4497181.
IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:
Note The notification will not appear on domain-joined machines or machines in kiosk mode.
Professional. If you have purchased the Extended Security Update (ESU), the notification will not appear. For more information, see How to get Extended Security Updates for eligible Windows devices and Lifecycle FAQ-Extended Security Updates.
Improvements and fixes
This security update includes improvements and fixes that were a part of update KB4561643 (released June 9, 2020) and addresses the following issues:
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Graphics, Windows Input and Composition, Windows Fundamentals, Windows Kernel, Windows Remote Desktop, Internet Explorer, the Microsoft Scripting Engine, and Windows SQL components.
For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.
Known issues in this update
After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.
This is expected in the following circumstances:
If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the «How to get this update» section of this article.
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Microsoft is working on a resolution and will provide an update in an upcoming release.
How to get this update
Before installing this update
You must install the updates listed below and restart your device before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.
The March 12, 2019 servicing stack update (SSU) (KB4490628). To get the standalone package for this SSU, search for it in the Microsoft Update Catalog. This update is required to install updates that are only SHA-2 signed.
The latest SHA-2 update (KB4474419) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
The June 9, 2020 SSU (KB4562030) or later. To get the standalone package for this SSU, search for it in the Microsoft Update Catalog.
The Extended Security Updates (ESU) Licensing Preparation Package (KB4538483) released February 11, 2020. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the Microsoft Update Catalog.
After you install the items above, we strongly recommend that you install the latest SSU (KB4565354). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Install this update
Windows Update and Microsoft Update
None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer.
Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC
Classification: Security Updates
For a list of the files that are provided in this update, download the file information for update 4565524.