Virtual Administrator’s October 2021 Patch Recommendations

Patch Recommendations

This month Microsoft released patches for 71 vulnerabilities with 2 rated “Critical”, 68 “Important” and 1 “Low” in severity.

All patches have been approved in our patch policy.

A modest number of patches for October. CVE-2021-40449 is being exploited. This is a Win32k Elevation of Privilege vulnerability. One critical bug concerns Microsoft Word (CVE-2021-40486), and two others are remote code execution flaws in Windows Hyper-V (CVE-2021-38672, CVE-2021-40461). The Hyper-V vulnerability impacts Windows 10/11 systems, as well as those Server versions. CVE-2021-26427 is another important bug in Microsoft Exchange Server. CVE-2021-36970 is another spoofing vulnerability in Microsoft’s Windows Print Spooler – see known issues below.  Windows 11 is now available.

Head Up! Windows 11 has arrived

What’s new in Windows 11

Windows 11 update history

FYI Silverlight End of Support

“Microsoft Silverlight will reach the end of support on October 12, 2021. Silverlight development framework is currently only supported on Internet Explorer 10 and Internet Explorer 11.”

“Microsoft is not planning to take any specific action to terminate Silverlight applications. After this date, however, Silverlight will be in an unsupported state and will not receive any future quality or security updates.”

Disclosed: CVE-2021-40469, CVE-2021-41335, CVE-2021-41338

Exploited: CVE-2021-40449

Security Update Guide

Morphus Labs patch dashboard here:

We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:10/12/2021)

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

Note: For Windows 10 1809 and above the SSU is included in the monthly cumulative update.  You no longer need to use our “MS Stack Audit AIO – SSU” procedure to update these newer versions. If Microsoft releases a standalone SSU for these versions (as they did last August) we will warn partners and publish an agent procedure to deploy it.

Known Issues

There are no new known issues this month reported by Microsoft.

Ongoing problems causing issues with printers deployed via group policy

Network Printer Problems Again This Month

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.

Windows message center

Monthly Rollups and Cumulative Updates KBs

Links are with the KB number only.

Security and Quality Rollup

  • KB5006743 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5006714 – Windows 8.1, Windows Server 2012 R2
  • KB5006739 – Windows Server 2012
  • KB5006736 – Windows Server 2008 (ESU)

Security Only Update

  • KB5006728 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5006729 – Windows 8.1, Windows Server 2012 R2
  • KB5006732 – Windows Server 2012
  • KB5006715 – Windows Server 2008 (ESU)

Cumulative Updates

Windows 10

  • KB5006675 – Original release version 1507 (OS Build 10240)
  • KB5006669 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5006672 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5006667 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB5006670 – Version 2004 “May 2020 Update” (OS Build 19041)
  • KB5006670 – Version 20H2 “October 2020 Update” (OS Build 19042)
  • KB5006670 – Version 21H1 “May 2021 Update” (OS Build 19043)
  • (Versions 1511,1703,1709,1803,1903 are no longer under support)

Windows 11

  • KB5006674 – Original release (OS Build 22000)

Windows Server

  • KB5006669 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5006672 – Server 2019 (same KB as Windows 10 Version 1809)
  • KB5006699 – Server 2022 (OS Build 20348)

  • KB5006671 – Cumulative security update for Internet Explorer

October 2021 updates for Microsoft Office

Notable CVEs

CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability (KB5007011/KB5007012)

CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability (Cumulative Update)

CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability (Monthly Rollup)

CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability (Cumulative Update)

CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability (Cumulative Update)

CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability (Monthly Rollup)

CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability (various KBs)