Virtual Administrator’s April 2021 Patch Recommendations
This month Microsoft released patches for 110 vulnerabilities with 19 rated “Critical” and 88 “Important” in severity.
Lots of patches this month but no major problems associated after installing them. The NSA reported 4 flaws in Exchange Server versions 2013 to 2019 (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483). These are Remote Code Execution (RCE) vulnerabilities and should be addressed immediately by installing KB5001779. Also of concern is a Win32k elevation of privilege vulnerability (CVE-2021-28310) actively being exploited in Windows 10. New SSUs and older versions of Windows 10 are reaching end of service next month – see details below.
Windows 10, version 1909 will reach end of service on May 11, 2021 for devices running the Home, Pro, Pro for Workstation, and Server SAC editions.
Windows 10, version 1809 will reach end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions.
Windows 10, version 1803, all editions, will reach end of service on May 11, 2021.
Security Update Guide
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:04/13/2021)
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10 20H2 and Windows 10 2004 Security Stack Update is included in the Update Package as of the March 2021 release. If you have not yet updated to the current release, the previous Security Stack Update for these versions is KB4598481. This version needs to be installed before updating to the March 2021 update.
Outside of the SharePoint Server problem listed below there are no significant issues reported so far this month.
KB4504716 SharePoint Server 2019 (also KB4504715 SharePoint Server 2019 Language Pack)
Symptom: After you install this update, you can no longer delete list item attachments in the item detail panel.
Status: Microsoft is investigating this issue and will post more information in this article when a fix becomes available.
Workaround: To work around this issue, see KB 5003294.
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows 10 release information
Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5001335 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5001382 – Windows 8.1, Windows Server 2012 R2
- KB5001387 – Windows Server 2012
- KB5001389 – Windows Server 2008 (ESU)
Security Only Update
- KB5001392 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5001393 – Windows 8.1, Windows Server 2012 R2
- KB5001383 – Windows Server 2012
- KB5001332 – Windows Server 2008 (ESU)
Cumulative Update for Windows 10
- KB5001340 – Original release version 1507 (OS Build 10240)
- None – Version 1511 (OS Build 10586)
- KB5001347 – Version 1607 “Anniversary Update” (OS Build 14393)
- None – Version 1703 “Creators Update” (OS Build 15063)
- None – Version 1709 “Fall Creators Update” (OS Build 16299)
- KB5001339 – Version 1803 “Spring Creators Update” (OS Build 17134)
- KB5001342 – Version 1809 “October 2018 Update” (OS Build 17763)
- None – Version 1903 “May 2019 Update” (OS Build 18362)
- KB5001337 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5001330 – Version 2004 “May 2020 Update” (OS Build 19041)
- KB5001330 – Version 20H2 “October 2020 Update” (OS Build 19042)
Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.
April 2021 updates for Microsoft Office
CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability (Cumulative Update)
CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability (KB5001779)
All associated: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483