This Windows Security Fix Doesn’t Contain Any Security Fixes, Microsoft Says
Microsoft has warned users of the Windows Server 2019 operating system that the most recent Patch Tuesday security update may fail, exposing them to the vulnerabilities it was meant to mitigate. An out-of-band update has been issued to address the embarrassing and potentially dangerous security issue, but is the strangest of beasts: a security update without any security fixes.
Here’s what you need to know and do next.
In a support posting published on May 23, Microsoft confirmed what numerous Windows Server 2019 users already knew: the latest Patch Tuesday security update, KB5037765, released on May 14, failed to install properly under unknown circumstances. Those specific circumstances have now been revealed and involve the presence, or rather not, of the U.S. English language pack.
New Microsoft Out-Of-Band Security Update Doesn’t Contain Any Security Updates
While warning that the out-of-band update released to accompany the latest Windows Server alert “does not contain more security updates,” Microsoft addresses system administrator fears that their system could be left vulnerable to known exploits. Let’s get the obvious question out of the way first: why is this a security update if it doesn’t contain any security updates?
Simply put, security updates for Windows Server 2019 were included in the most recent Patch Tuesday rollout of vulnerability disclosures and fixes. That’s what Patch Tuesday is for, after all. However, that security update, officially labeled KB5037765, didn’t install for an unknown number of users. This out-of-band update, or emergency fix if you prefer, addresses the issue that was preventing proper installation so it’s a security fix in that it enables a previous security fix to be installed.
What Is Causing Windows Server 2019 Updates To Fail?
Microsoft has warned that the Patch Tuesday security update is failing for those Windows Server 2019 users whose devices do not have the U.S. English language pack installed. “This update addresses a known issue that is related to the English (United States) language pack. If your device does not have it, installing KB5037765 might fail. The error code is 0x800f0982. But this issue might affect devices that do have that language pack. In that case, the error code is 0x80004005,” Microsoft said.
As reported by Bleeping Computer on May 16, German and Spanish-language Windows Server 2019 system administrators had taken to support forums with complaints of the original security update failing. At the time, Microsoft said that the issue was “more likely to affect devices that do not have the English (United States) language pack,” although Bleeping Computer reported that Microsoft also confirmed it “could also affect Windows servers when the English language pack is installed.”
What Impacted Windows Server 2019 Admins Need To Do Now
System admins who have been affected by this strangest of Patch Tuesday bugs should update their Windows Server 2019 installations as soon as possible. This involves using their usual approach to such updates, be that the Windows Update or Windows Server Update Services will update automatically, or the Microsoft Update Catalog which requires the update to be manually downloaded.
Whatever, Microsoft has warned that after installing the out-of-band update system admins must restart their devices before the Patch Tuesday KB5037765 security update can then install correctly.