Virtual Administrator’s May 2021 Patch Recommendations

patch-recommedation

This month Microsoft released patches for 55 vulnerabilities with 4 rated “Critical” and 5 “Important” in severity.

 

All patches have been approved in our patch policy. Make sure to read the “Known Issues” section below.

 

Only 55 vulnerabilities this month. Microsoft fixed 3 zero day bugs (CVE-2021-31200,CVE-2021-31204,CVE-2021-31207) but none are rated critical.  CVE-2021-31166 patches a critical Remote Code Execution (RCE) vulnerability in Windows. CVE-2021-28476 addressing a critical RCE in Windows Server that impacts Hyper-V. A scripting engine memory corruption vulnerability (CVE-2021-26419) affects Internet Explorer 11. Also there are a number of known issues with the recent Exchange Server updates – see “Known Issues” below.

 

Disclosed: CVE-2021-31200,CVE-2021-31204,CVE-2021-31207

Exploited: None

Zero-Day Adobe Acrobat Exploit

Users who have Adobe Reader installed need to ensure it is at the latest version. Adobe is warning users that there are active exploits in the wild that are specifically targeting Windows users with Adobe Reader installed. While this has been targeted towards Windows the bug is present on both Mac and PC. The exploit is being tracked as CVE-2021-28550. You can use our Adobe Reader DC Update script to push the latest version to all Adobe Reader versions.

Heads Up! Known Issue Rollback (KIR)

Known Issue Rollback: Helping you keep Windows devices protected and productive

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831

Last month’s cumulative update for Windows 10 Version 2004/20H2 (KB5001330) caused some problems. “Some users have reported lower game performance in full screen or borderless windowed mode when using multiple monitors.” The issue was resolved by Microsoft using KIR. I found this both troubling and encouraging.  “Known Issue Rollback is an important Windows servicing improvement to support non-security bug fixes, enabling us to quickly revert a single, targeted fix to a previously released behavior if a critical regression is discovered.”

 

FYI Windows 10 EOL

The following versions and editions of Windows 10 have reached end of servicing.

  • Windows 10, version 1909: Home, Pro, Pro for Workstations and Pro for Education; and Windows Server, version 1909, all editions
  • Windows 10, version 1809: all editions except Windows 10 Enterprise LTSC 2019 and Windows 10 IoT Core/Enterprise 2019 LTSC
  • Windows 10, version 1803 and Windows Server, version 1803: all editions

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.

 

Microsoft Security Advisories

 

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:05/12/2021)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

 

NOTE: The Windows 10 20H2 and Windows 10 2004 Security Stack Update is included in the Update Package as of the March 2021 release. If you have not yet updated to the current release, the previous Security Stack Update for these versions is KB4598481. This version needs to be installed before updating to the March 2021 update.

 

Known Issues

Outside of the Exchange Server problems listed below there are no significant issues reported so far this month.

 

Exchange Server Updates

Released: May 2021 Exchange Server Security Updates

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-may-2021-exchange-server-security-updates/ba-p/2335209

 

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: May 11, 2021 (KB5003435)

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-may-11-2021-kb5003435-028bd051-b2f1-4310-8f35-c41c9ce5a2f1

Issue 1: When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.

Issue 2: Exchange services might remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly.

Issue 3: When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it.

Issue 4: When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a “(400) Bad Request” error message.

 

Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.

Windows message center

https://docs.microsoft.com/en-us/windows/release-health/windows-message-center

 

Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB5003233 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5003209 – Windows 8.1, Windows Server 2012 R2
  • KB5003208 – Windows Server 2012
  • KB5003210 – Windows Server 2008 (ESU)

 

Security Only Update

  • KB5003228 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5003220 – Windows 8.1, Windows Server 2012 R2
  • KB5003203 – Windows Server 2012
  • KB5003225 – Windows Server 2008 (ESU)

 

Cumulative Update for Windows 10

  • KB5003172 – Original release version 1507 (OS Build 10240)
  • None – Version 1511 (OS Build 10586)
  • KB5003197 – Version 1607 “Anniversary Update” (OS Build 14393)
  • None – Version 1703 “Creators Update” (OS Build 15063)
  • None – Version 1709 “Fall Creators Update” (OS Build 16299)
  • KB5003174 – Version 1803 “Spring Creators Update” (OS Build 17134)
  • KB5003171 – Version 1809 “October 2018 Update” (OS Build 17763)
  • None – Version 1903 “May 2019 Update” (OS Build 18362)
  • KB5003169 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB5003173 – Version 2004 “May 2020 Update” (OS Build 19041)
  • KB5003173 – Version 20H2 “October 2020 Update” (OS Build 19042)

Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.

 

KB5003165 – Cumulative security update for Internet Explorer

 

May 2021 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/may-2021-updates-for-microsoft-office-e89b2f2b-29f0-4692-b7c1-e05d55e18b33

 

 

Notable CVEs

 

CVE-2020-24587 | Windows Wireless Networking Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-24587

 

CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability (Cumulative Update/Monthly Rollup/IE Cumulative)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26419

 

CVE-2021-28476 | Hyper-V Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476

 

CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability (Cumulative Update/KB5003173)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166

 

CVE-2021-31194 | OLE Automation Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31194

 

CVE-2021-31200 | Common Utilities Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31200

 

CVE-2021-31204 | .NET and Visual Studio Elevation of Privilege Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204

 

CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability (KB5003435)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207