Virtual Administrator’s March 2021 Patch Recommendations
This month Microsoft released patches for 89 vulnerabilities with 14 rated “Critical” and 75 “Important” in severity.
Delayed Release of Windows 10 Cumulative Updates (see below). All other patches have been approved in our patch policy.
More patches and more problems this month. On March 2nd Microsoft released out-of-band security update for Exchange Servers. We released them in all patch policies the next morning. A new Zero-Day corrects a bug in Internet Explorer (IE) and Edge (EdgeHTML-based). Both are being exploited. 5 CVEs are listed as DNS Server Remote Code Execution Vulnerabilities. There is a Hyper-V Remote Code Execution Vulnerability affecting only those using the Plan-9 file system. New SSUs for Windows 10.
Heads Up! Delayed Release of Windows 10 Cumulative Updates
These updates are causing BSOD in some machine when the user tries to print. Removing the update is the only workaround at this time. It’s unclear exactly which machines are affected but Kyocera, Ricoh, Zebra and Dymo printer brands have been implicated. A similar problem occurred last June and Microsoft release a fix the follow week. We will monitor developments and update this post next Friday.
- KB5000802: Windows 10 2004/20H2 & Windows Server 2004/20H2
- KB5000808: Windows 10 1909 & Windows Server 1909
- KB5000822: Windows 10 1809 & Windows Server 2019
- KB5000809: Windows 10 1803 & Windows Server 1803
FYI – HAFNIUM targeting Exchange Servers with 0-day exploits
“This vulnerability is part of an attack chain. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access. Using this mitigation will only protect against the initial portion of the attack. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file.
We recommend prioritizing installing updates on Exchange Servers that are externally facing.”
Security Update Guide
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:03/11/2021)
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB (Published: 07/29/2020 | Last Updated:03/04/2021)
Reason for Revision: A new set of similar vulnerabilities has been discovered, documented under: CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-3418, CVE-2021-20225, CVE-2021-20233.
Please note that the currently available mitigation option does NOT address this new set of vulnerabilites. A new mitigation option will become available soon. When this option does become available, customers will be notified via revision to this advisory. We recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
The Windows 10 printing problem is the only known issue with this month’s patches.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Windows 10 version 20H2/2004/1909/1809/1803
Symptom: After installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.
Status: We are presently investigating and will provide an update when more information is available.
The current workaround is to uninstall – View Update History> Uninstall updates
You can also uninstall the updates with the Command Prompt by entering the following command:
wusa /uninstall /kb:50008??
(Close all applications first. Replace the KB ID to match the cumulative update installed)
Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.
Windows 10 release information
Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5000841 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5000848 – Windows 8.1, Windows Server 2012 R2
- KB5000847 – Windows Server 2012
- KB5000844 – Windows Server 2008 (ESU)
Security Only Update
- KB5000851 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5000853 – Windows 8.1, Windows Server 2012 R2
- KB5000840 – Windows Server 2012
- KB5000856 – Windows Server 2008 (ESU)
Cumulative Update for Windows 10
- KB5000807 – Original release version 1507 (OS Build 10240)
- None – Version 1511 (OS Build 10586)
- KB5000803 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5000812 – Version 1703 “Creators Update” (OS Build 15063)
- None – Version 1709 “Fall Creators Update” (OS Build 16299)
- KB5000809 – Version 1803 “Spring Creators Update” (OS Build 17134)
- KB5000822 – Version 1809 “October 2018 Update” (OS Build 17763)
- None – Version 1903 “May 2019 Update” (OS Build 18362)
- KB5000808 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5000802 – Version 2004 “May 2020 Update” (OS Build 19041)
- KB5000802 – Version 20H2 “October 2020 Update” (OS Build 19042)
Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.
- KB5000800 – Cumulative security update for Internet Explorer
- KB4577586 – Update for Removal of Adobe Flash Player
March 2021 updates for Microsoft Office
CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability (Cumulative Update/Monthly Rollup and KB5000800)
CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability (KB5000871/KB5000978)
All associated: CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078
CVE-2021-26867 | Windows Hyper-V Remote Code Execution Vulnerability (Cumulative Update – KB5000802/KB5000808)
CVE-2021-26897 | Windows DNS Server Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
All associated: CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895 and CVE-2021-26897