Virtual Administrator’s June 2021 Patch Recommendations

Patch Recommendations

This month Microsoft released patches for 50 vulnerabilities with 5 rated “Critical” and 45 “Important” in severity.

 

All patches have been approved in our patch policy.

 

50 vulnerabilities this month. Microsoft fixed six Zero-Day exploits (CVE-2021-33742,CVE-2021-33739,CVE-2021-31199,CVE-2021-31201,CVE-2021-31955,CVE-2021-31956) one of which is rated critical.  CVE-2021-33742 is a Windows MSHTML bug that can be exploited by simply visiting a website in a vulnerable browser.  A SharePoint Server Remote Code Execution vulnerability was patched (CVE-2021-31963). CVE-2021-31201 and CVE-2021-31199 address Elevation of Privilege vulnerabilities exposed by Adobe’s CVE-2021-28550.  We have a few new SSUs for Windows 10 – although with versions newer than 1909 it is now included in the Cumulative Update

 

Heads Up!

All Windows 10 will have a “News and Interests” widget added to the taskbar in the notifications section.

Personalized content at a glance: Introducing news and interests on the Windows 10 taskbar

https://blogs.windows.com/windowsexperience/2021/04/22/personalized-content-at-a-glance-introducing-news-and-interests-on-the-windows-10-taskbar/

We have written a script to disable this widget along with Windows News Feed: https://clubmsp.com/msp/scripts/windows-10-taskbar-weather-and-news-feeds-disable/

 

FYI – Update on Adobe Flash Player End of Support

https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/

As of July 2021, the KB4577586 “Update for Removal of Adobe Flash Player” will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard.

 

Disclosed: CVE-2021-33742,CVE-2021-33739,CVE-2021-31968

Exploited: CVE-2021-33742,CVE-2021-33739,CVE-2021-31199,CVE-2021-31201,CVE-2021-31955,CVE-2021-31956

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

 

We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.

 

Microsoft Security Advisories

 

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:06/08/2021)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

 

NOTE: The Windows 10 20H2 and Windows 10 2004 Security Stack Update is included in the Update Package as of the March 2021 release. If you have not yet updated to the current release, the previous Security Stack Update for these versions is KB4598481. This version needs to be installed before updating to the March 2021 update.

 

Known Issues

 

There are three broad known issues this month. All are the result of security hardening. SharePoint DataFormWebPart was changed to support only accessing internal URLs – so external URL may be blocked. Application on all Windows machines may have trouble accessing event logs on remote devices. Windows Server 2008/2008R2 connections to SQL Server 2005 might fail.

 

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

 

All Windows Affected

https://support.microsoft.com/en-us/topic/june-8-2021-kb5003637-os-builds-19041-1052-19042-1052-and-19043-1052-fd782405-7736-478e-b8d0-b08f735f7e54

Symptom: After installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain legacy Event Logging APIs. You might receive an error when attempting to connect, for example:

Error 5: access is denied

Error 1764: The requested operation is not supported.

System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand

Windows has not provided an error code.

Note Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.

Workaround: This is expected due to security hardening changes relating to Event Tracing for Windows (ETW) for CVE-2021-31958. This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later.

 

SharePoint Foundation 2013/Enterprise Server 2016/Server 2019

SharePoint Server 2019: June 8, 2021 (KB5001944)

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-june-8-2021-kb5001944-dd508d69-202a-47d6-a86d-e6abb874753e

Symptom: DataFormWebPart may be blocked from accessing an external URL, and it generates “8scdc” event tags in SharePoint Unified Logging System (ULS) logs. For more information, see KB 5004210.

Workaround: DataFormWebPart may be blocked from accessing an external URL (KB5004210)

https://support.microsoft.com/en-us/topic/dataformwebpart-may-be-blocked-from-accessing-an-external-url-kb5004210-94ab0348-fd7e-481c-a374-7c5758b604e5

 

Windows Server 2008/2008R2

Symptom: After installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, “Cannot connect to <Server name>, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) (.Net SqlClient Data Provider)”

Workaround: This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a supported version of SQL Server.

 

 

Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.

Windows message center

https://docs.microsoft.com/en-us/windows/release-health/windows-message-center

 

Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB5003667 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5003671 – Windows 8.1, Windows Server 2012 R2
  • KB5003697 – Windows Server 2012
  • KB5003661 – Windows Server 2008 (ESU)

 

Security Only Update

  • KB5003694 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5003681 – Windows 8.1, Windows Server 2012 R2
  • KB5003696 – Windows Server 2012
  • KB5003695 – Windows Server 2008 (ESU)

 

Cumulative Update for Windows 10

  • KB5003687 – Original release version 1507 (OS Build 10240)
  • None – Version 1511 (OS Build 10586)
  • KB5003638 – Version 1607 “Anniversary Update” (OS Build 14393)
  • None – Version 1703 “Creators Update” (OS Build 15063)
  • None – Version 1709 “Fall Creators Update” (OS Build 16299)
  • None – Version 1803 “Spring Creators Update” (OS Build 17134)
  • KB5003646 – Version 1809 “October 2018 Update” (OS Build 17763)
  • None – Version 1903 “May 2019 Update” (OS Build 18362)
  • KB5003635 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB5003637 – Version 2004 “May 2020 Update” (OS Build 19041)
  • KB5003637 – Version 20H2 “October 2020 Update” (OS Build 19042)
  • KB5003637 – Version 21H1 “May 2021 Update” (OS Build 19043)

Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.

 

5003165 – Cumulative security update for Internet Explorer

 

June 2021 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/june-2021-updates-for-microsoft-office-e1658eea-6800-4399-9d7d-42e23b3ba881

 

Notable CVEs

 

CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199

Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe’s CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.

 

CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201

Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe’s CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to be fully protected from these three vulnerabilities.

 

CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

 

CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.  Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

 

CVE-2021-33739 | Microsoft DWM Core Library Elevation of Privilege Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739

This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.

 

CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup/IE Cumulative)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.