Virtual Administrator’s February 2021 Patch Recommendations

This month Microsoft released patches for 56 vulnerabilities with 11 rated “Critical”, 43 “Important” and 2 “Moderate” in severity.

All patches have been approved in our patch policy. Make sure to read the “Known Issues” section below.

Most concerning this month is an actively exploited zero-day Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-1732) affecting Windows 10, Server 2016 and later. Microsoft has released fixes for three vulnerabilities in the Windows TCP/IP stack (CVE-2021-24074, CVE-2021-24086, CVE-2021-24094). CVE-2021-24078 is as a remote code execution flaw in the Windows DNS server component affecting Windows Server versions from 2008 to 2019. Also there are publicly disclosed vulnerabilities Microsoft’s .NET Framework (CVE-2021-26701). We have a few new SSUs for Windows 10.

Update

Update 2/19/2021 -Looks like KB4601390 was also pulled. Turns out the Feb KB was missing and replaced with KB5001079.

KB4601318 (Windows 10 v1607, Server 2016) NEW 2/12/21 Important There is a Known Issue that halts the installation progress of the February 9, 2021 security update. To address this issue, we have released a new servicing stack update (SSU), KB5001078. You must install this new SSU before installing the February 9, 2021 security update.

FYI – Microsoft released an out-of-band patch (KB5001028) to fix a bug causing Windows 10 v1909 to crash when connecting to WPA3 Wi-Fi networks.

Heads Up! Microsoft pulled SSU KB4601392 for Windows 10 Version 1607/Server 2016. It was causing installation problems with patch KB4601318 on Server 2016.

Disclosed: CVE-2021-1721,CVE-2021-1727,CVE-2021-1733,CVE-2021-24098,CVE-2021-24106,CVE-2021-26701

Exploited: CVE-2021-1732

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:02/09/2021)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

Known Issues

Currently no significant issues persist. As mentioned above KB5001028 was releases to fix an issues in Windows 10 v1909. SSU KB4601392 was pulled to avoid an issue with KB4601318 on Server 2016. We got numerous .NET updates this month and all share the same known issues detailed below. Four SharePoint patch also share a common known issue. Finally, a patch for Exchange Server 2019 has a known issue.

Windows 10 v1909 (KB4601315 – fixed with KB5001028)

Symptom: You might receive stop error 0x7E in nwifi.sys with a blue screen when you attempt to use a Wi-Fi Protected Access 3 (WPA3) connection.

Workaround: This issue is resolved in KB5001028.

Windows Server 2016 (KB46013180)

Symptom: After installing the SSU KB4601392, installation of the Cumulative Update from Windows Update might not progress past 24%.

Workaround: This issue was resolved in KB5001078.

To mitigate this issue on devices that have already installed KB4601392, restart your device and then follow only steps 1, 2 and 4a from Reset Windows Update components manually. Then restart your device again. KB5001078 should now install from Windows Update when you select “check for updates” or you can wait for it to install automatically. You should then be able to install the latest Cumulative Update from Windows Update.

Note KB4601392 has been removed and will no longer be offered to devices.

SharePoint Server 2013/2016/2019 (KB4493194,KB4493195,KB4493210,KB4493223)

Known issue in this update

If your customized SharePoint pages use the SPWorkflowDataSource or FabricWorkflowInstanceProvider user control, some functions on those pages may not work. To resolve this issue, see KB 5000640.

Some functions on customized SharePoint pages don’t work (KB5000640)

https://support.microsoft.com/en-us/topic/some-functions-on-customized-sharepoint-pages-don-t-work-kb5000640-50a8d31b-9008-42b9-94b4-de29b5cf21b3

Exchange Server 2019 (KB4571787)

Cumulative Update 7 for Exchange Server 2019

https://support.microsoft.com/en-us/topic/cumulative-update-7-for-exchange-server-2019-b763863a-8a2f-9eb9-f3cc-4c4098e0e413

All .NET Cumulative Updates

(reference: https://support.microsoft.com/en-us/topic/february-9-2021-kb4601050-cumulative-update-for-net-framework-3-5-and-4-8-for-windows-10-version-2004-windows-server-version-2004-windows-10-version-20h2-and-windows-server-version-20h2-7d61f856-72ce-7f4c-7e43-76f8aadf2aca)

Known issues in this update

Symptom: After installing this update, WPF apps may crash with a callstack similar to

Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)

at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)

at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)

at System.Windows.Interop.HwndMouseInputProvider.Dispose()

This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps.

Workaround: To work around this problem, set two AppContext switches using one of the methods described in AppContext Class (System) under the heading “AppContext for library consumers”. The switches are named

Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix

and

Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix

and both should be set to “true”. The first switch avoids the crash, but re-introduces the bug fixed in the KBs. The second switch is currently ignored, but will be recognized in a future .NET update that contains a fix for the null-reference crash; it restores the original bug fix.

For example, using the app.config file method to apply the workaround at application scope:

<AppContextSwitchOverrides value=”Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix=true; Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix=true ” />

Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.

Windows 10 release information

https://docs.microsoft.com/en-us/windows/release-information/

Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

Security and Quality Rollup

KB4601347 – Windows 7, Windows Server 2008 R2 (ESU)
KB4601384 – Windows 8.1, Windows Server 2012 R2
KB4601348 – Windows Server 2012
KB4601360 – Windows Server 2008 (ESU)

Security Only Update

KB4601363 – Windows 7, Windows Server 2008 R2 (ESU)
KB4601349 – Windows 8.1, Windows Server 2012 R2
KB4601357 – Windows Server 2012
KB4601366 – Windows Server 2008 (ESU)

Cumulative Update for Windows 10

KB4601331 – Original release version 1507 (OS Build 10240)
None – Version 1511 (OS Build 10586)
KB4601318 – Version 1607 “Anniversary Update” (OS Build 14393)
KB4601330 – Version 1703 “Creators Update” (OS Build 15063)
None – Version 1709 “Fall Creators Update” (OS Build 16299)
KB4601354 – Version 1803 “Spring Creators Update” (OS Build 17134)
KB4601345 – Version 1809 “October 2018 Update” (OS Build 17763)
None – Version 1903 “May 2019 Update” (OS Build 18362)
KB4601315 (OOB KB5001028) – Version 1909 “November 2019 Update” (OS Build 18363)
KB4601319 – Version 2004 “May 2020 Update” (OS Build 19041)
KB4601319 – Version 20H2 “October 2020 Update” (OS Build 19042)