Virtual Administrator’s May 2021 Patch Recommendations
This month Microsoft released patches for 55 vulnerabilities with 4 rated “Critical” and 5 “Important” in severity.
All patches have been approved in our patch policy. Make sure to read the “Known Issues” section below.
Only 55 vulnerabilities this month. Microsoft fixed 3 zero day bugs (CVE-2021-31200,CVE-2021-31204,CVE-2021-31207) but none are rated critical. CVE-2021-31166 patches a critical Remote Code Execution (RCE) vulnerability in Windows. CVE-2021-28476 addressing a critical RCE in Windows Server that impacts Hyper-V. A scripting engine memory corruption vulnerability (CVE-2021-26419) affects Internet Explorer 11. Also there are a number of known issues with the recent Exchange Server updates – see “Known Issues” below.
Disclosed: CVE-2021-31200,CVE-2021-31204,CVE-2021-31207
Exploited: None
Zero-Day Adobe Acrobat Exploit
Users who have Adobe Reader installed need to ensure it is at the latest version. Adobe is warning users that there are active exploits in the wild that are specifically targeting Windows users with Adobe Reader installed. While this has been targeted towards Windows the bug is present on both Mac and PC. The exploit is being tracked as CVE-2021-28550. You can use our Adobe Reader DC Update script to push the latest version to all Adobe Reader versions.
Heads Up! Known Issue Rollback (KIR)
Known Issue Rollback: Helping you keep Windows devices protected and productive
Last month’s cumulative update for Windows 10 Version 2004/20H2 (KB5001330) caused some problems. “Some users have reported lower game performance in full screen or borderless windowed mode when using multiple monitors.” The issue was resolved by Microsoft using KIR. I found this both troubling and encouraging. “Known Issue Rollback is an important Windows servicing improvement to support non-security bug fixes, enabling us to quickly revert a single, targeted fix to a previously released behavior if a critical regression is discovered.”
FYI Windows 10 EOL
The following versions and editions of Windows 10 have reached end of servicing.
- Windows 10, version 1909: Home, Pro, Pro for Workstations and Pro for Education; and Windows Server, version 1909, all editions
- Windows 10, version 1809: all editions except Windows 10 Enterprise LTSC 2019 and Windows 10 IoT Core/Enterprise 2019 LTSC
- Windows 10, version 1803 and Windows Server, version 1803: all editions
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:05/12/2021)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10 20H2 and Windows 10 2004 Security Stack Update is included in the Update Package as of the March 2021 release. If you have not yet updated to the current release, the previous Security Stack Update for these versions is KB4598481. This version needs to be installed before updating to the March 2021 update.
Known Issues
Outside of the Exchange Server problems listed below there are no significant issues reported so far this month.
Exchange Server Updates
Released: May 2021 Exchange Server Security Updates
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: May 11, 2021 (KB5003435)
Issue 1: When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.
Issue 2: Exchange services might remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly.
Issue 3: When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it.
Issue 4: When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a “(400) Bad Request” error message.
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows message center
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center
Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5003233 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5003209 – Windows 8.1, Windows Server 2012 R2
- KB5003208 – Windows Server 2012
- KB5003210 – Windows Server 2008 (ESU)
Security Only Update
- KB5003228 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5003220 – Windows 8.1, Windows Server 2012 R2
- KB5003203 – Windows Server 2012
- KB5003225 – Windows Server 2008 (ESU)
Cumulative Update for Windows 10
- KB5003172 – Original release version 1507 (OS Build 10240)
- None – Version 1511 (OS Build 10586)
- KB5003197 – Version 1607 “Anniversary Update” (OS Build 14393)
- None – Version 1703 “Creators Update” (OS Build 15063)
- None – Version 1709 “Fall Creators Update” (OS Build 16299)
- KB5003174 – Version 1803 “Spring Creators Update” (OS Build 17134)
- KB5003171 – Version 1809 “October 2018 Update” (OS Build 17763)
- None – Version 1903 “May 2019 Update” (OS Build 18362)
- KB5003169 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5003173 – Version 2004 “May 2020 Update” (OS Build 19041)
- KB5003173 – Version 20H2 “October 2020 Update” (OS Build 19042)
Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.
KB5003165 – Cumulative security update for Internet Explorer
May 2021 updates for Microsoft Office
Notable CVEs
CVE-2020-24587 | Windows Wireless Networking Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-24587
CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability (Cumulative Update/Monthly Rollup/IE Cumulative)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26419
CVE-2021-28476 | Hyper-V Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476
CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability (Cumulative Update/KB5003173)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166
CVE-2021-31194 | OLE Automation Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31194
CVE-2021-31200 | Common Utilities Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31200
CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204
CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability (KB5003435)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
