Windows 10: Microsoft Windows Security Updates October 2021 overview

Microsoft released security patches for all supported versions of its Windows operating system today on the October 2021 Patch Tuesday. The company released the first patch for Windows 11, the new version of Windows, which it releases last week, as well as for other client and server versions of the operating system.

Microsoft released updates for other company products as well, including .NET Core and Visual Studio, Active Directory Federation Services, and Microsoft Office.

Our overview of the October 2021 Patch Day provides you with essential information. It lists all released security updates and non-security updates, lists downloads and links to support patches, all known issues as reported by Microsoft, and other information that is relevant to making fast educated decisions when it comes to patching.

Click here to open the September 2021 Windows Patch Day overview here.

The Microsoft Windows Security Updates: September 2021


Click here to download an Excel spreadsheet that lists all released security updates: microsoft-windows-security-updates-october-2021

Executive Summary

• All Windows 10 and 11 systems have patches for critical vulnerabilities.
• Windows 11 has received its first update, KB5006674. It resolves a known issue with Intel networking software and the operating system.
• Windows versions with known issues: Windows 7, Windows 8.1, Windows 10 version 1809, Windows 10 version 20H2, Windows Server 2019, Windows Server 2008 R2, Windows Server 2012

Operating System Distribution

• Windows 7 (extended support only): 19 vulnerabilities: 0 critical and 19 important
• Windows 8.1: 27 vulnerabilities: 0 critical and 27 important
• Windows 10 version 1909: 37 vulnerabilities: 1 critical and 36 important
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
• Windows 10 version 2004, 20H2 and 21H1 : 39 vulnerabilities, 1 critical and 38 important
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
• Windows 11: 39 vulnerabilities, 2 critical and 38 important
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-38672

Windows Server products

• Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 0 critical and 20 important
• Windows Server 2012 R2: 28 vulnerabilities: 0 critical and 28 important
• Windows Server 2016: 33 vulnerabilities: 0 critical and 33 important
• Windows Server 2019: 40 vulnerabilities: 1 critical and 39 important
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
• Windows Server 2022: 43 vulnerabilities: 2 critical and 41 important
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-38672

Windows Security Updates


Windows 7 SP1 and Windows Server 2008 R2

• Monthly Rollup: KB5006743
• Security-Only: KB5006728

Updates and improvements:

• Addresses an issue in which an Internet print server cannot package the driver to send to the client.
• Addresses an issue in which Security Account Manager (SAM) events are not displayed properly in the Event Viewer.
• Adds a new Policy setting to ensure that only admins can install printer drivers on a print server. More information is available on this support page.
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
  • RestrictDriverInstallationToAdministrators
  • Value: 1
• Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:
  • Package Point and Print - Approved Servers
  • Point and Print Restrictions

It is unclear which of these are also included in the Security-Only update. Microsoft simply states:

• This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.

Windows 8.1 and Windows Server 2012 R2

• Monthly Rollup: KB5006714
• Security-only: KB5006729

Updates and improvements:

• Addresses an issue in which a user does not have a way to track DCOM activation failures on a server that is running Windows Server 2012 R2.
• Addresses an issue in which an Internet print server cannot package the driver to send to the client.
• Addresses an issue in which Security Account Manager (SAM) events are not displayed properly in the Event Viewer.
• In Internet Explorer 11 for Windows 8.1 and Windows Server 2012 R2, certain circumstances might cause Enterprise Mode Site List redirection from Internet Explorer 11 to Microsoft Edge to open the site in multiple tabs in Microsoft Edge.
• Adds a new Policy setting to ensure that only admins can install printer drivers on a print server. More information is available on this support page.
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
  • RestrictDriverInstallationToAdministrators
  • Value: 1
• Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:
  • Package Point and Print - Approved Servers
  • Point and Print Restrictions

It is unclear which of these are also included in the Security-Only update. Microsoft simply states:

• This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.

Windows 10 version 1909

• Support Page: KB5006667

Updates and improvements:

• Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protection for Export Address Filtering (EAF).

Windows 10 version 2004, 20H2 and 21H1

• Support Page: KB5006670

Updates and improvements:

• Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protectionfor Export Address Filtering (EAF).

Windows 11

• Support Page: KB5006674

Updates and improvements:

• Addresses known compatibility issues between some Intel “Killer” and “SmartByte” networking software and Windows 11 (original release). Devices with the affected software might drop User Datagram Protocol (UDP) packets under certain conditions. This creates performance and other issues for protocols based on UDP. For example, some websites might load slower than others on the affected devices, which might cause videos to stream slower in certain resolutions. VPN solutions based on UDP might also be slower.

Other security updates

2021-10 Cumulative Update for Windows 10 Version 1607 (KB5006669)

2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699)

2021-10 Cumulative Security Update for Internet Explorer (KB5006671)

2021-10 Security Only Quality Update for Windows Server 2008 (KB5006715)

2021-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5006736)

2021-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5006732)

2021-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5006739)

Servicing Stack Updates

2021-10 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006749)

2021-10 Servicing Stack Update for Windows Server 2008 (KB5006750)

Known Issues


Windows 7 and Server 2008 R2

• Updates may fail to install if the system is not an ESU system. Expected behavior.
• Certain file operations may fail on cluster shared volumes.
  • Perform the operation from a process with elevated rights.
  • Perform the operation from a node that does not have CSV ownership.

Windows 8.1 and Server 2012 R2

• Certain file operations may fail on cluster shared volumes.
  • Perform the operation from a process with elevated rights.
  • Perform the operation from a node that does not have CSV ownership.

Security advisories and updates


ADV 990001 -- Latest Servicing Stack Updates

Non-security updates


2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 (KB5006064)

2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006066)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for (KB5005537)

2021-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006761)

2021-10 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006762)

2021-10 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5006763)

2021-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5006764)

2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5006067)

2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006060)

2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5006061)

2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006063)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 (KB5005538)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5005539)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5005540)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5005541)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5005543)

2021-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5006065)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5006765)

Microsoft Office Updates

You find Office update information here.

How to download and install the October 2021 security updates




All released security updates for Windows are available via Windows Update, other update management systems, and as direct downloads. Windows 11 systems that don't meet the minimal system requirements may install the update via Windows Update as well.

To run a check for updates, do the following on Windows devices:

1. Select Start, type Windows Update and load the Windows Update item that is displayed.
2. Select check for updates to run a manual check for updates.

Direct update downloads


Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

• KB5006743 -- 2021-10 Security Monthly Quality Rollup for Windows 7
• KB5006728 -- 2021-10 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB5006714 -- 2021-10 Security Monthly Quality Rollup for Windows 8.1
• KB5006729 -- 2021-10 Security Only Quality Update for Windows 8.1

Windows 10 (version 1909)

• KB5006667 -- 2021-10 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

• KB5006670 -- 2021-10 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

• KB5006670 -- 2021-10 Cumulative Update for Windows 10 Version 20H2

Windows 10 (version 21H1)

• KB5006670 -- 2021-10 Cumulative Update for Windows 10 Version 21H1

Windows 11

• KB5006674 -- 2021-10 Cumulative Update for Windows 11

Additional resources

• October 2021 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates October 2021 overview appeared first on gHacks Technology News.

read more...

 

Microsoft Security Bulletin for October 2007

Microsoft's October security bulletin brings six security updates and re-released one. Click here to read the Microsoft Security Bulletin Summary, and eventually download the updates.

Source: Microsoft

 

Microsoft January 2021 Security Updates

January 2021 Security Updates




The January 2021 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft Windows Codecs Library
• Visual Studio
• SQL Server
• Microsoft Malware Protection Engine
• .NET Core
• .NET Repository
• ASP .NET
• Azure

Please note the following information regarding the security updates:

• CVE-2020-0689 has been re-released. For further information see Security update for Secure Boot DBX: January 12, 2021.
• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-26870
• CVE-2021-1636
• CVE-2021-1637
• CVE-2021-1643
• CVE-2021-1644
• CVE-2021-1645
• CVE-2021-1647
• CVE-2021-1648
• CVE-2021-1656
• CVE-2021-1663
• CVE-2021-1669
• CVE-2021-1670
• CVE-2021-1672
• CVE-2021-1676
• CVE-2021-1677
• CVE-2021-1694
• CVE-2021-1696
• CVE-2021-1699
• CVE-2021-1707
• CVE-2021-1708
• CVE-2021-1711
• CVE-2021-1713
• CVE-2021-1714
• CVE-2021-1715
• CVE-2021-1716
• CVE-2021-1725

Known Issues


The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20210112. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).


KB Article Applies To
4598229 Windows 10, Version 1903, Windows Server, Version 1903, Windows 10, Version 1909, Windows Server, Version 1909
4598230 Windows 10, Version 1809, Windows Server 2019
4598242 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2
4598275 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4598278 Windows Server 2012 (Monthly Rollup)
4598279 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4598285 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4598287 Windows Server 2008 (Security-only update)
4598288 Windows Server 2008 (Monthly Rollup)
4598289 Windows 7, Windows Server 2008 R2 (Security-only update)
4598297 Windows Server 2012 (Security-only update)


January 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft March 2021 Security Updates

March 2021 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• Application Virtualization
• Azure
• Azure DevOps
• Azure Sphere
• Internet Explorer
• Microsoft ActiveX
• Microsoft Exchange Server
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows Codecs Library
• Power BI
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Windows Admin Center
• Windows Container Execution Agent
• Windows DirectX
• Windows Error Reporting
• Windows Event Tracing
• Windows Extensible Firmware Interface
• Windows Folder Redirection
• Windows Installer
• Windows Media
• Windows Overlay Filter
• Windows Print Spooler Components
• Windows Projected File System Filter Driver
• Windows Registry
• Windows Remote Access API
• Windows Storage Spaces Controller
• Windows Update Assistant
• Windows Update Stack
• Windows UPnP Device Host
• Windows User Profile Service
• Windows WalletService
• Windows Win32K

Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Please see the following for more information on the Microsoft Exchange Server Vulnerabilities:

• MSRC Blog
• Hafnium Targeting Exchange
• Microsoft on the Issues
• Exchange Team Blog
• March 8 Exchange Team Blog
• Microsoft Exchange Server Vulnerabilities Mitigations

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-1640
• CVE-2021-24089
• CVE-2021-24104
• CVE-2021-24107
• CVE-2021-24108
• CVE-2021-24110
• CVE-2021-26411
• CVE-2021-26855
• CVE-2021-26857
• CVE-2021-26858
• CVE-2021-26859
• CVE-2021-26867
• CVE-2021-26869
• CVE-2021-26877
• CVE-2021-26884
• CVE-2021-26887
• CVE-2021-26893
• CVE-2021-26894
• CVE-2021-26895
• CVE-2021-26896
• CVE-2021-26897
• CVE-2021-26902
• CVE-2021-27047
• CVE-2021-27048
• CVE-2021-27049
• CVE-2021-27050
• CVE-2021-27051
• CVE-2021-27052
• CVE-2021-27054
• CVE-2021-27055
• CVE-2021-27056
• CVE-2021-27057
• CVE-2021-27058
• CVE-2021-27059
• CVE-2021-27061
• CVE-2021-27062
• CVE-2021-27063
• CVE-2021-27065
• CVE-2021-27067
• CVE-2021-27074
• CVE-2021-27075
• CVE-2021-27076
• CVE-2021-27080
• CVE-2021-27082

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
[table][tr]KB Article Applies To [/tr] [tr][td]5000802[/td] [td]Windows 10, Version 2004, Windows Server, Version 2004[/td] [/tr] [tr][td]5000803[/td] [td]Windows 10, Version 1607, Windows Server 2016[/td] [/tr] [tr][td]5000808[/td] [td]Windows 10, Version 1909, Windows Server, Version 1909[/td] [/tr] [tr][td]5000822[/td] [td]Windows 10, Version 1809, Windows Server 2019[/td] [/tr] [tr][td]5000840[/td] [td]Windows Server 2012 (Security-only update)[/td] [/tr] [tr][td]5000841[/td] [td]Windows 7, Windows Server 2008 R2 (Monthly Rollup)[/td] [/tr] [tr][td]5000844[/td] [td]Windows Server 2008 (Monthly Rollup)[/td] [/tr] [tr][td]5000847[/td] [td]Windows Server 2012 (Monthly Rollup)[/td] [/tr] [tr][td]5000848[/td] [td]Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)[/td] [/tr] [tr][td]5000851[/td] [td]Windows 7, Windows Server 2008 R2 (Security-only update)[/td] [/tr] [tr][td]5000853[/td] [td]Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)[/td] [/tr] [tr][td]5000856[/td] [td]Windows Server 2008 (Security-only update)[/td] [/tr] [tr][td]5000871[/td] [td]Microsoft Exchange Server 2019, 2016 and 2013[/td] [/tr] [tr][td]5000978[/td] [td]Microsoft Exchange Server 2010[/td] [/tr] [/table]

Released: Mar 9, 2021


March 2021 Security Updates - Release Notes - Security Update Guide - Microsoft