Virtual Administrator’s February 2021 Patch Recommendations
This month Microsoft released patches for 56 vulnerabilities with 11 rated “Critical”, 43 “Important” and 2 “Moderate” in severity.
All patches have been approved in our patch policy. Make sure to read the “Known Issues” section below.
Most concerning this month is an actively exploited zero-day Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-1732) affecting Windows 10, Server 2016 and later. Microsoft has released fixes for three vulnerabilities in the Windows TCP/IP stack (CVE-2021-24074, CVE-2021-24086, CVE-2021-24094). CVE-2021-24078 is as a remote code execution flaw in the Windows DNS server component affecting Windows Server versions from 2008 to 2019. Also there are publicly disclosed vulnerabilities Microsoft’s .NET Framework (CVE-2021-26701). We have a few new SSUs for Windows 10.
Update 2/19/2021 -Looks like KB4601390 was also pulled. Turns out the Feb KB was missing and replaced with KB5001079.
KB4601318 (Windows 10 v1607, Server 2016) NEW 2/12/21 Important There is a Known Issue that halts the installation progress of the February 9, 2021 security update. To address this issue, we have released a new servicing stack update (SSU), KB5001078. You must install this new SSU before installing the February 9, 2021 security update.
FYI – Microsoft released an out-of-band patch (KB5001028) to fix a bug causing Windows 10 v1909 to crash when connecting to WPA3 Wi-Fi networks.
Heads Up! Microsoft pulled SSU KB4601392 for Windows 10 Version 1607/Server 2016. It was causing installation problems with patch KB4601318 on Server 2016.
Disclosed: CVE-2021-1721,CVE-2021-1727,CVE-2021-1733,CVE-2021-24098,CVE-2021-24106,CVE-2021-26701
Exploited: CVE-2021-1732
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:02/09/2021)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
Known Issues
Currently no significant issues persist. As mentioned above KB5001028 was releases to fix an issues in Windows 10 v1909. SSU KB4601392 was pulled to avoid an issue with KB4601318 on Server 2016. We got numerous .NET updates this month and all share the same known issues detailed below. Four SharePoint patch also share a common known issue. Finally, a patch for Exchange Server 2019 has a known issue.
Windows 10 v1909 (KB4601315 – fixed with KB5001028)
Symptom: You might receive stop error 0x7E in nwifi.sys with a blue screen when you attempt to use a Wi-Fi Protected Access 3 (WPA3) connection.
Workaround: This issue is resolved in KB5001028.
Windows Server 2016 (KB46013180)
Symptom: After installing the SSU KB4601392, installation of the Cumulative Update from Windows Update might not progress past 24%.
Workaround: This issue was resolved in KB5001078.
To mitigate this issue on devices that have already installed KB4601392, restart your device and then follow only steps 1, 2 and 4a from Reset Windows Update components manually. Then restart your device again. KB5001078 should now install from Windows Update when you select “check for updates” or you can wait for it to install automatically. You should then be able to install the latest Cumulative Update from Windows Update.
Note KB4601392 has been removed and will no longer be offered to devices.
SharePoint Server 2013/2016/2019 (KB4493194,KB4493195,KB4493210,KB4493223)
Known issue in this update
If your customized SharePoint pages use the SPWorkflowDataSource or FabricWorkflowInstanceProvider user control, some functions on those pages may not work. To resolve this issue, see KB 5000640.
Some functions on customized SharePoint pages don’t work (KB5000640)
Exchange Server 2019 (KB4571787)
Cumulative Update 7 for Exchange Server 2019
All .NET Cumulative Updates
Known issues in this update
Symptom: After installing this update, WPF apps may crash with a callstack similar to
Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)
at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()
This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps.
Workaround: To work around this problem, set two AppContext switches using one of the methods described in AppContext Class (System) under the heading “AppContext for library consumers”. The switches are named
Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix
and
Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix
and both should be set to “true”. The first switch avoids the crash, but re-introduces the bug fixed in the KBs. The second switch is currently ignored, but will be recognized in a future .NET update that contains a fix for the null-reference crash; it restores the original bug fix.
For example, using the app.config file method to apply the workaround at application scope:
<AppContextSwitchOverrides value=”Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix=true; Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix=true ” />
Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.
Windows 10 release information
https://docs.microsoft.com/en-us/windows/release-information/
Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB4601347 – Windows 7, Windows Server 2008 R2 (ESU)
- KB4601384 – Windows 8.1, Windows Server 2012 R2
- KB4601348 – Windows Server 2012
- KB4601360 – Windows Server 2008 (ESU)
Security Only Update
- KB4601363 – Windows 7, Windows Server 2008 R2 (ESU)
- KB4601349 – Windows 8.1, Windows Server 2012 R2
- KB4601357 – Windows Server 2012
- KB4601366 – Windows Server 2008 (ESU)
Cumulative Update for Windows 10
- KB4601331 – Original release version 1507 (OS Build 10240)
- None – Version 1511 (OS Build 10586)
- KB4601318 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB4601330 – Version 1703 “Creators Update” (OS Build 15063)
- None – Version 1709 “Fall Creators Update” (OS Build 16299)
- KB4601354 – Version 1803 “Spring Creators Update” (OS Build 17134)
- KB4601345 – Version 1809 “October 2018 Update” (OS Build 17763)
- None – Version 1903 “May 2019 Update” (OS Build 18362)
- KB4601315 (OOB KB5001028) – Version 1909 “November 2019 Update” (OS Build 18363)
- KB4601319 – Version 2004 “May 2020 Update” (OS Build 19041)
- KB4601319 – Version 20H2 “October 2020 Update” (OS Build 19042)
Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.
KB4577586 – Update for Removal of Adobe Flash Player
February 2021 updates for Microsoft Office
Notable CVEs
CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
CVE-2021-24074 | Windows TCP/IP Remote Code Execution Vulnerability
https://|msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24074 (Cumulative Update/Monthly Rollup)
CVE-2021-24094 | Windows TCP/IP Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24094 (Cumulative Update/Monthly Rollup)
CVE-2021-24086 | Windows TCP/IP Denial of Service Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24086 (Cumulative Update/Monthly Rollup)
CVE-2021-24078 | Windows DNS Server Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24078
CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability (.NET Cumulative Updates)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26701