Microsoft Technical Takeoff 2022

Join Microsoft for four days of demos, deep dives, and live Ask Microsoft Anything (AMA) sessions from October 24-27, 2022, led by Microsoft engineering and designed to get you up to speed on the latest features, capabilities, and scenarios for Windows11 and Microsoft Intune, including Windows 365 and much more. There will be experts from the engineering and product teams ready to answer your questions during each session.

How do you participate?
Go to https://aka.ms/TechnicalTakeoff and select the sessions you want to attend, and then click on RSVP to save your spot, receive event reminders, and have the ability to post your questions in advance and also during the event. (Note: You must be signed in to the Tech Community to RSVP and participate in the live Q&A, but sessions can be viewed without signing in). See the video below for a quick tutorial on how to sign up.

The tweet below has been liked, shared, and retweeted by IT pros with lots of excitement for this awesome event. Follow me on Twitter and help amplify this message. Thanks.

See below for a listing of the deep dive sessions, demos, AMAs, and the Office Hours.

All times below listed for Pacific Daylight Time (PDT)

Monday, October 24

7:00 AMLet’s talk Windows and Intune
7:30 AMDefault hardening in Windows 11, version 22H2
8:00 AMZero in on Zero Trust with unified endpoint security management from Microsoft
8:30 AMWindows 365 security best practices
9:00 AMAMA: Cloud attach vs. cloud only: the debate
10:00 AMWhen is my device going to update?
10:30 AMIntroducing advanced endpoint management solutions for Microsoft Intune
11:00 AMWhat’s new and how to deploy Windows 365 Business
11:30 AMProviding access to on-premises resources for mobile devices using Microsoft Tunnel

Tuesday, October 25

7:00 AMWindows Autopilot: notes from the field
7:30 AMPolicy management with Microsoft Intune
8:00 AMManage and secure Cloud PCs and your workforce with Microsoft Intune
8:30 AMYour guide to going cloud-native
9:00 AMWindows Update for Business deployment service + Intune: the latest and greatest
9:30 AMWindows 365: Enhance the end user experience with cloud-optimized PC management
10:00 AMMeet the new Windows Update for Business reporting experience
10:30 AMSecuring corporate credentials with Enhanced Phishing Protection
11:00 AMThe Store of the future
11:30 AMWindows 365 end-user experiences: what’s new and what’s next

Wednesday, October 26

7:00 AMJump into modern managed devices with Azure AD Join
7:30 AMGrouping, targeting, and filters: recommendations in Microsoft Intune
8:00 AMManaging local admin account passwords in AD and Azure AD
8:30 AMBalancing security and flexibility when implementing Windows Defender Application Control (WDAC)
9:00 AMUnderstanding Azure Virtual Desktop and Windows 365 for hybrid work
9:30 AMBuilding a tamper resilient endpoint with Microsoft Intune and Microsoft Defender
10:00 AMFeedback wanted! Making the admin experience great in Microsoft Intune
11:00 AMCitrix HDX Plus for Windows 365 deep dive
11:30 AMAdvanced management of Universal Print

Thursday, October 27

7:00 AMConfiguration as Code in Microsoft Intune
7:30 AMWhat is a policy? And why shouldn’t I set registry keys?
8:00 AMWindows 365 Government: setup and configuration
8:30 AMAMA: Windows Autopatch
9:30 AMWindows 365 provisioning and Azure Network Connection (ANC) internals
10:00 AMAMA: Delivery Optimization & Connected Cache
10:30 AMIncrease productivity for shift and part-time workers with Windows 365
11:00 AMAMA: Device Health Attestation – security benefits and integrations
11:30 AMHow to build app confidence with Test Base

As of Sunday, October 23, 2022, we have added a Microsoft Edge AMA on Wednesday, October 26th at 12PM PT. Check it out: https://aka.ms/TTAMA/MicrosoftEdge.

I’m excited for this event which a handful of us at Microsoft helped organize, planned and produced this amazing technical event for IT pros. Looking forward to seeing you at Microsoft Technical event, for you learning, and engagements.

Harjit Joins Microsoft!

The time has come to let the ?‍? out of the bag and make the formal announcement. On May 21, 2021, I wrote a blog post where I mentioned that I left my 18 year career in Higher-Ed as a Senior Systems Administrator at the University of Vermont.

I am excited to announce that as of today, June 7, 2021, I have joined Microsoft as a Customer Engineer for Microsoft 365. My role covers a variety of solutions under the Microsoft 365 umbrella including Modern Management which I’m very passionate and super excited about. I can finally say that I’m now a “Blue Badge” and my dream of joining Microsoft has come true!

There is so much that I want to mention and perhaps, I’ll start with my family. My wife Jenny and my daughters Sabrina and Hannah have been my rock, strength, motivation, strong supporters for what I do, and they highly encouraged me to pursue my dreams and passion. Thank you!

I’ve been privileged and honored to be a Microsoft MVP since January 2017, and I have grown and learned so much since then, as well as had many amazing opportunities, from guest blogging, consulting work, product reviews, NDA opportunities with Microsoft, Subject Matter Expert (SME) on various webinars and technical user groups, speaking engagements with several conferences including Microsoft Ignite in Orlando, Microsoft Ignite The Tours in Milan, Johannesburg, and Dubai (unfortunately COVID-19 cancelled my speaking gigs in Zurich, Mumbai, Bangalore, Tel-Aviv, and Chicago), TechMentor, IT/Dev Connections, and the one close to my heart and my favorite MMS aka MMSMOA, to name a few. During this journey, I developed strong bonds, positive reputation, respect, and trust among Microsoft product groups, MVP Program leadership, fellow Microsoft MVPs, vendors, event organizers, IT Professional community, mentees, my wonderful followers, and close friends. Thank you to all of you for your support, guidance, encouragement, and friendships.

Today also marks the end of the road for my Microsoft MVP award, which is something one has to give up upon joining Microsoft as an employee. I will continue to be a valuable resource not only to the MVP Program, the leadership, but to the IT Pro community as well, and will continue to empower everyone and help improve what I can. Thank you Betsy Weber, Rochelle Sonnenberg, and Christian Talavera for allowing me to do what I do, and most importantly for all the amazing opportunities as well as for my inclusivity as one of the trusted leaders within the MVP program. Also, Thank you Cathy Moya for the same and so much more. It’s amazing that we are all colleagues now. ??‍???

There are a few people who I would like to mention and recognize, who have been instrumental for my next career phase with Microsoft. The offline chats, references, internal recommendations, referring to open positions, keeping me in check, pushing me harder, motivations, encouraging me to stay positive, mentorship, discreet conversations, trust, friendships, and so much more, meant a lot to me and I’m forever appreciative and grateful. I know I am going to miss mentioning someone or another, and for that I apologize in advance and please forgive me. In no particular order, Thank you very much Noel Fairclough, Rod Trent, John Deardurff, Art Hogarth, Cathy Moya, Heather Poulsen, Kerim Hanif, Kris Loranger, Joe Lurie, and last but not least Julie Andreacola.

Thank you to Prayer Solanky who I consider my brother, and has been there for me in good times, during challenging moments of my life, provides tons of valuable advice, keeps me grounded and humble always, and who I trusted with my journey to Microsoft.
Also, Thank you to my wonderful friends Mick Pletcher, Anoop Nair, Richard Hay, John Yoakum, Jen Sheerin, Ben Dumke, Mary Jo Foley, Scott Ladewig, Ben Whitmore, James Petty, Jitesh Kumar, Octavio Rodriguez, Damien Van Robaeys, Nick Pilon, Benoit Lecours, Brian Mason, Greg Ramsey, Mirko Colemberg, Johan Arwidmark, Anne Baker, Peter De Tender, Adnan Hendricks, Team MMS, The Krewe, Team Devops Collective, Team SCDudes, and so many more. Last but not least, my close “Ignitable” friends (Pat, Dean, Brandon, Kenji, Stu, Henrik, Stuart, Joe, Travis, and Jin.

As I celebrate this happy occasion, I’m also reminded of my brother Amarjit who passed away on this very day (June 7th) in 2015. I miss him very much, but I know he is proud of me and is watching over me from heaven. ???

With all that said, it’s time to kick start my new adventures with the company and people I love, embrace the unique opportunities, advocate and evangelize modern technologies, support the IT Pro community, and I’m ready to “empower every person and every organization to achieve more”! ?‍??‍??‍??‍???✔

End of An Era

Today, Friday May 21, 2021 was my last working day as a Senior Systems Administrator at The University of Vermont in Burlington, Vermont. I hung my hat after almost 18 years of my dedication as an IT Professional at this institution of higher learning.

I have a lot to be Thankful, for the last 18 years here, including the experiences I have gained, the relationships I had built and cherish, the beautiful friendships, the wonderful opportunities for my professional development, the highly technical work I did, the ability to advocate and implement enterprise level technical solutions, the numerous kudos for the assistance I provided to other IT colleagues as well as the people who used the technologies, solving challenging problems, and much more. I have seen medical students become doctors and surgeons, students become engineers, teachers, lawmakers, and technologist to name a few. It’s thrilling to know that somehow big or small, I had some part in their positive education experiences leading to their successful careers.

I won’t deny that while I liked and enjoyed working at the university, there are several things that I wasn’t fond of and I definitely will not miss. However, working this long at one given place, it becomes part of who you are, it’s the identity that forms you, it’s the livelihood that provided for your family and so on. Therefore, it is bitter sweet to leave what I have known and accustomed to, the people who I worked with and also those who I supported, the higher education culture, and the beautiful campus which is the icon of the city of Burlington, Vermont. However, I have an amazing and wonderful opportunity to work at an amazing huge firm where I will be able to take my career to the next phase, be empowered to do amazing things, advocate for the top of the line technical solutions, have lots of growth and learning opportunities, and much much more. I’m super excited.

Where is Harjit headed to next? What’s he going to do? Well, I will officially announce the news of my next adventure in the next 2 weeks, so please be patient. 🙂 If you are one of a few people who has been privy to this knowledge, I kindly request for your trust and confidentiality, and allow me do the honors when I feel it’s the right time to do so. Thank you!

Stay tuned and more to come soon! Cheers!

Harjit has left the building………

March 2021 – Microsoft Patch Tuesday and Other Patches

Update sign and text on a computer keyboard button 3D illustration.

Microsoft has released fixes for 82 vulnerabilities, with 10 updates classified as Critical and 72 as Important. Here’s an updated announcement (2021-02-09) from Microsoft: Deploy Windows SSUs and LCUs together with one cumulative update –

Beginning with the February 2021 LCU, we will now publish all future cumulative updates and SSUs for Windows 10, version 2004 and above together as one cumulative monthly update to the normal release category in WSUS.

LCU = Latest Cummulative Update
SSU – Servicing Stack Update

UPDATE – 2021-03-14:
DYMO Label Printer fix for BSOD issues.

UPDATE – 2021-03-13:
Microsoft shares temporary fix for Windows 10 printing crashes

UPDATE – 2013-03-13:
Updates on Microsoft Exchange Server Vulnerabilities (CISA)

UPDATE – 2021-03-10:
Windows 10 KB5000802 (March) update is crashing PCs with BSOD
Windows 10 BSOD crashes include the both workstation and server versions running March 2021 cumulative updates:

  • KB5000802: Windows 10 2004/20H2 & Windows Server 2004/20H2
  • KB5000808: Windows 10 1909 & Windows Server 1909
  • KB5000822: Windows 10 1809 & Windows Server 2019
  • KB5000809: Windows 10 1803 & Windows Server 1803

Zero-Day Vulnerabilities Fixes:
1. Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)
2. Internet Explorer Remote Code Execution Vulnerability (CVE-2021-27085)
3. Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-27077)
4. Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27078)

Windows 10 Updates for February 2021:

Microsoft Exchange ProxyLogon attacks

Microsoft released out-of-band security updates for the ProxyLogon vulnerability that are actively being used by threat actors worldwide to compromise Microsoft Exchange servers.

These vulnerabilities are being tracked with the following CVEs:

  • CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26857 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26858 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-27065 – Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft has released security updates for currently supported Microsoft Exchange cumulative updates and older unsupported versions.

Microsoft has released a PowerShell script called Test-ProxyLogon.ps1 that will check for indicators of compromise (IOC) in Exchange HttpProxy logs, Exchange log files, and Windows Application event logs.

March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server

Additional March 2021 Patching Resources:

On March 9, 2021 (PT), Microsoft released security updates affecting the following Microsoft products:

Product FamilyMaximum SeverityMaximum ImpactAssociated KB Articles and/or Support Webpages
Windows 10 v20H2, v2004, v1909, v1809, and v1803CriticalRemote Code ExecutionWindows 10 v2004 and Windows 10 v20H2: 5000802 Windows 10 v1909: 5000808 Windows 10 v1809: 5000822 Windows 10 v1803: 5000809
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, v2004, and v1909)CriticalRemote Code ExecutionWindows Server 2019: 5000822 Windows Server 2016: 5000803 Windows Server v2004 and Windows Server v20H2: 5000802 Windows Server v1909: 5000808
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012CriticalRemote Code ExecutionWindows 8.1 and Windows Server 2012 R2 Monthly Rollup: 5000848 Windows 8.1 and Windows Server 2012 R2 Security Only: 5000853 Windows Server 2012 Monthly Rollup: 5000847 Windows Server 2012 Security Only: 5000840
Internet Explorer 11CriticalRemote Code ExecutionInternet Explorer 11 Cumulative Update: 5000800
Microsoft Office-related softwareImportantRemote Code Execution4484376, 4486673, 4493151, 4493200, 4493203, 4493214, 4493224, 4493225, 4493227, 4493228, 4493229, 4493233, 4493234, 4493239, 4504702, 4504703, 4504707
Microsoft SharePoint-related softwareImportantRemote Code Execution3101541, 4493177, 4493199, 4493230, 4493231, 4493232, 4493238
Power BI Report ServerImportantInformation Disclosure5001284, 5001285
Azure-related softwareCriticalRemote Code ExecutionFind details on security updates for Azure-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Microsoft Visual Studio-related softwareCriticalRemote Code ExecutionFind details on security updates for Visual Studio-related software at https://docs.microsoft.com/visualstudio and in the Security Update Guide: https://msrc.microsoft.com/update-guide
Windows Admin CenterImportantSecurity Feature BypassFind details on security updates for Windows Admin Center in the Security Update Guide: https://msrc.microsoft.com/update-guide
HEVC Video ExtensionsCriticalRemote Code ExecutionFind details on security updates for HEVC Video Extensions in the Security Update Guide: https://msrc.microsoft.com/update-guide

Notes:

  • The summary above is an overview of updates for the most recent versions of commonly used software.
  • Updates for older versions, apps, and open source software may not be listed.
  • Updates may have been added or removed from the release after this content was finalized.
  • Find details for all updates in the monthly release in the Security Update Guide: https://msrc.microsoft.com/update-guide
  • For additional details, see the release notes at: https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar  

Security vulnerability overview:

Below is a summary showing the number of vulnerabilities addressed in this release, broken down by product/component and by impact.

Vulnerability DetailsRCEEOPIDSFBDOSSPFTMPPublicly DisclosedKnown ExploitMax CVSS
Windows 10 v20H2 & Windows Server v20H2112931400109.9
Windows 10 v2004 & Windows Server v2004112931400109.9
Windows 10 v1909 & Windows Server v1909112831400109.9
Windows 10 v1809 & Windows Server 2019102631400109.8
Windows 10 v180342131200108.8
Windows Server 201681731400109.8
Windows 8.1 & Server 2012 R281230400109.8
Windows Server 201281230300109.8
Internet Explorer 112000000118.8
Microsoft Office-related software7001000007.8
Microsoft SharePoint-related software1010010008.8
Power BI Report Server0010000007.7
Azure-related software2010000009.3
Microsoft Visual Studio-related software6000000008.8
Windows Admin Center0001000004.3
HEVC Video Extensions10000000007.8
RCE = Remote Code Execution | EOP = Elevation of Privilege | ID = Information Disclosure | SFB = Security Feature Bypass | DOS = Denial of Service | SPF = Spoofing | TMP = Tampering

Notes: 

  • Vulnerabilities that overlap components may be represented more than once in the table.
  • The summary above is an overview of updates for commonly used software. Updates for older versions, apps, and open source software may not be listed.
  • Updates may have been added or removed from the release after this content was finalized.
  • Find details for all updates in the monthly release in the Security Update Guide: https://msrc.microsoft.com/update-guide
  • For additional details, see the release notes at: https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar  

Resources for deploying updates to remote devices

With so many people working remotely, it is a good time to review guidance on deploying security updates to remote devices, such as desktops, laptops, and tablets. Here are some resources to answer questions pertaining to deploying updates to remote devices.

Part 1: Helping businesses rapidly set up to work securely from personal PCs and mobiles

Part 2: Helping IT send and provision business PCs at home to work securely during COVID-19

Part 3: Manage work devices at home during Covid-19 using Configuration Manager

Part 4: Managing remote machines with cloud management gateway (CMG)

Part 5: Managing Patch Tuesday with Configuration Manager in a remote work world

See also:

Mastering​ Configuration Manager Bandwidth limitations for VPN connected Clients

Vulnerability details for the current month

Below are summaries for some of the security vulnerabilities in this release. These specific vulnerabilities were selected from the larger set of vulnerabilities in the release for one or more of the following reasons: 1) We received inquiries regarding the vulnerability; 2) the vulnerability may have received attention in the trade press; or 3) the vulnerability is potentially more impactful than others in the release. Because we do not provide summaries for every vulnerability in the release, you should review the content in the Security Update Guide for information not provided in these summaries.

Notes on details in the vulnerability summaries:

Attack VectorThis metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.
Attack ComplexityThis metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.
Privileges RequiredThis metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User InteractionThis metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.
CVE-2021-24089HEVC Video Extensions Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: NoneConfidentiality: High
Attack Vector: LocalUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:HEVC Video Extensions
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24089
CVE-2021-24090Windows Error Reporting Elevation of Privilege Vulnerability 
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: NoneConfidentiality: High
Attack Vector: LocalUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows Server, version 20H2, Windows Server, version 2004, and Windows Server, version 1909
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24090
CVE-2021-26867Windows Hyper-V Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 9.9Privileges Required: LowConfidentiality: High
Attack Vector: NetworkUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: ChangedAvailability: High
Affected Software:Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows Server, version 20H2, Windows Server, version 2004, and Windows Server, version 1909
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26867
CVE-2021-27077Windows Win32k Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: LowConfidentiality: High
Attack Vector: LocalUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:All supported versions of Windows
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077
CVE-2021-26897Windows DNS Server Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Score MetricsBase CVSS Score: 9.8Privileges Required: NoneConfidentiality: High
Attack Vector: NetworkUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Windows Server, version 20H2, Windows Server, version 2004, Windows Server, version 1909, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897
CVE-2021-26411Internet Explorer Memory Corruption Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?Yes
Known Exploits?Yes
ExploitabilityExploitation detected
CVSS Score MetricsBase CVSS Score: 8.8Privileges Required: NoneConfidentiality: Low
Attack Vector: NetworkUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: ChangedAvailability: Low
Affected Software:Internet Explorer 11 on Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1809, Windows 10 Version 1803, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012 and Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1809, Windows 10 Version 1803, Windows Server 2019, and Windows Server 2016
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411
CVE-2021-27076Microsoft SharePoint Server Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Score MetricsBase CVSS Score: 8.8Privileges Required: LowConfidentiality: High
Attack Vector: NetworkUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Microsoft SharePoint Foundation 2013, Business Productivity Servers 2010, SharePoint Server 2019, and SharePoint Enterprise Server 2016
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27076     
CVE-2021-27053Microsoft Excel Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: NoneConfidentiality: High
Attack Vector: LocalUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Microsoft Office 2019, Office Online Server, 365 Apps for Enterprise, Excel 2016, Excel 2013, Excel 2010, and Office Web Apps Server 2013
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27053

February 2021 – Microsoft Patch Tuesday and Other Patches

Microsoft has released fixes for 56 vulnerabilities, with 11 updates classified as Critical and 43 as Important. Here’s an updated announcement (2021-02-09) from Microsoft: Deploy Windows SSUs and LCUs together with one cumulative update –

Beginning with the February 2021 LCU, we will now publish all future cumulative updates and SSUs for Windows 10, version 2004 and above together as one cumulative monthly update to the normal release category in WSUS.

LCU = Latest Cummulative Update
SSU – Servicing Stack Update

UPDATE – 2021-02-21
KB4301818 > KB5001078

UPDATE – 2021-02-17
KB4577586

Windows 10 Updates for February 2021:

  • KB4601319 (OS Builds 19041.804 and 19042.804) for Windows 10 version 20H2 / 2004
  • KB4601315 (OS Build 18363.1377) for Windows 10, version 1909
  • KB5001028 (OS Build 18363.1379) Out-of-band for Windows 10, version 1909
  • KB4601345 (OS Build 17763.1757) for Windows 10 version 1809
  • KB4601354 (OS Build 17134.2026) for Windows 10 version 1803
  • KB4601330 (OS Build 15063.2642) for Windows 10 version 1703
  • KB4601318 (OS Build 14393.4225) for Windows 10 version 1607
  • KB4601331 (OS Build 10240.18842) for Windows 10, initial release

Additional February 2021 Patching Resources:

Patched publicly disclosed vulnerabilities:

  • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
  • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability

Intel microcode updates for Windows:

Microsoft has also released Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix issues impacting current and previously released Windows 10 versions.

These microcode updates are offered to affected devices via Windows Update but they can also be manually downloaded directly from the Microsoft Catalog using these links:

  • KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
  • KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
  • KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
  • KB4589206: Intel microcode updates for Windows 10, version 1803
  • KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
  • KB4589198: Intel microcode updates for Windows 10, version 1507

On February 9, 2021, Microsoft released security updates affecting the following Microsoft products:

Product FamilyMaximum SeverityMaximum ImpactAssociated KB Articles and/or Support Webpages
Windows 10 v20H2, v2004, v1909, v1809, and v1803CriticalRemote Code ExecutionWindows 10 v2004 and Windows 10 v20H2: 4601319 Windows 10 v1909: 4601315 Windows 10 v1809: 4601345 Windows 10 v1803: 4601354
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, v2004, and v1909)CriticalRemote Code ExecutionWindows Server 2019: 4601345 Windows Server 2016: 4601318 Windows Server v2004 and Windows Server v20H2: 4601319 Windows Server v1909: 4601315
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012CriticalRemote Code ExecutionWindows 8.1 and Windows Server 2012 R2 Monthly Rollup: 4601384 Windows 8.1 and Windows Server 2012 R2 Security Only: 4601349 Windows Server 2012 Monthly Rollup: 4601348 Windows Server 2012 Security Only: 4601357
Microsoft Office-related softwareImportantRemote Code Execution4493211, 4493222, 4493196, 4493192, 4493204
Microsoft SharePoint-related softwareImportantRemote Code Execution4493210, 4493194, 4493195, 4493223
Microsoft Lync/Skype for BusinessImportantDenial of Service5000675, 5000688
Microsoft Exchange ServerImportantSpoofing4602269, 4571787
Microsoft .NET-related softwareCriticalRemote Code Execution4601318, 4601050, 4601887, 4603004, 4602960, 4603005, 4602961, 4601354, 4601056, 4603003, 4602959, 4603002, 4602958, 4601051, 4601054
Microsoft Visual StudioImportantRemote Code ExecutionFind details on security updates for Visual Studio-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Microsoft Dynamics-related softwareImportantInformation Disclosure4602915
Microsoft Azure-related softwareImportantElevation of PrivilegeFind details on security updates for Azure-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Developer toolsImportantRemote Code ExecutionFind details on security updates for developer tools in the Security Update Guide: https://msrc.microsoft.com/update-guide

Notes:

Security vulnerability overview:

Below is a summary showing the number of vulnerabilities addressed in this release, broken down by product/component and by impact.

Vulnerability DetailsRCEEOPIDSFBDOSSPFTMPPublicly DisclosedKnown ExploitMax CVSS
Windows 10 v20H2 & Windows Server v20H210752400319.8
Windows 10 v2004 & Windows Server v200410752400319.8
Windows 10 v1909 & Windows Server v190910652300319.8
Windows 10 v1809 & Windows Server 201910752300319.8
Windows 10 v18037642300319.8
Windows Server 201610531200109.8
Windows 8.1 & Server 2012 R27430200109.8
Windows Server 20127430200109.8
Microsoft Office-related software4000000007.8
Microsoft SharePoint-related software2010010008.8
Lync/Skype for Business0000110006.5
Microsoft Exchange Server0000020006.5
Microsoft .NET-related software2000200008.1
Microsoft Visual Studio-related software2000100107.8
Microsoft Dynamics-related software0010010006.5
Microsoft Azure-related software0200000007.0
Developer tools1100000007.8
RCE = Remote Code Execution | EOP = Elevation of Privilege | ID = Information Disclosure | SFB = Security Feature Bypass | DOS = Denial of Service | SPF = Spoofing | TMP = Tampering

Resources for deploying updates to remote devices:

Part 1: Helping businesses rapidly set up to work securely from personal PCs and mobiles
Part 2: Helping IT send and provision business PCs at home to work securely during COVID-19
Part 3: Manage work devices at home during Covid-19 using Configuration Manager
Part 4: Managing remote machines with cloud management gateway (CMG)
Part 5: Managing Patch Tuesday with Configuration Manager in a remote work world

See also:
Mastering​ Configuration Manager Bandwidth limitations for VPN connected Clients

Vulnerability details for the current month:

Below are summaries for some of the security vulnerabilities in this release:

Attack VectorThis metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.
Attack ComplexityThis metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.
Privileges RequiredThis metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User InteractionThis metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.
CVE-2021-1727Windows Installer Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1727
CVE-2021-1732Windows Win32k Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?No
Known Exploits?Yes
ExploitabilityExploitation detected
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareWindows 10 v20H2, Windows 10 v2004, Windows 10 v1909, Windows 10 v1809, Windows 10 v1803, Windows Server v20H2, Windows Server v2004, Windows Server v1909, and Windows Server 2019
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
CVE-2021-24074Windows TCP/IP Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074
CVE-2021-24094Windows TCP/IP Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094
CVE-2021- 24077Windows Fax Service Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24077
CVE-2021-24078Windows DNS Server Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareWindows Server v20H2, Windows Server v2004, Windows Server v1909, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24078
CVE-2021-24088Windows Local Spooler Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24088
CVE-2021-24098Windows Console Driver Denial of Service Vulnerability
ImpactDenial of Service
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score5.5
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Affected SoftwareWindows 10 v20H2, Windows 10 v2004, Windows 10 v1909, Windows 10 v1809, Windows 10 v1803, Windows Server v20H2, Windows Server v2004, Windows Server v1909, and Windows Server 2019
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24098
CVE-2021-24066Microsoft SharePoint Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Foundation 2010 Service Pack 2
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24066
CVE-2021-24067Microsoft Excel Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft 365 Apps for Enterprise, Excel 2016, Excel 2013, Excel 2010, Office Online Server, Office 2019, Office 2019 for Mac, and Office Web Apps Server 2013
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24067 

February 2021 Microsoft Office security updates

Microsoft Office security updates are delivered through the Microsoft Update platform and via the Download Center.

Patched Office security vulnerabilities – (Source: Bleeping Computer)

This month’s Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi) based editions of Microsoft Office products to remote code execution (RCE), information disclosure, and spoofing attacks.

Microsoft rated the six RCE bugs patched in February 2021 as Important severity issues given that they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

Following successful exploitation, attackers could install malicious programs, view, change, and delete data, as well as make their own admin accounts on exploited Windows devices.

TagCVE IDCVE TitleSeverity
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant

Further information about each of them is available within the knowledge base articles linked below.

Microsoft Office 2016:

ProductKnowledge Base article title and number
Excel 2016Description of the security update for Excel 2016: February 9, 2021 (KB4493196)
Office 2016February 2, 2021, update for Office 2016 (KB4493189)
Outlook 2016February 2, 2021, update for Outlook 2016 (KB4493190)
PowerPoint 2016February 2, 2021, update for PowerPoint 2016 (KB4493164)

Microsoft Office 2013:

ProductKnowledge Base article title and number
Excel 2013Description of the security update for Excel 2013: February 9, 2021 (KB4493211)
Office 2013February 2, 2021, update for Office 2013 (KB4486684)
PowerPoint 2013February 2, 2021, update for PowerPoint 2013 (KB4493169)

Microsoft Office 2010:

ProductKnowledge Base article title and number
Excel 2010Description of the security update for Excel 2010: February 9, 2021 (KB4493222)
Office 2010February 2, 2021, update for Office 2010 (KB4493180)
PowerPoint 2010February 2, 2021, update for PowerPoint 2010 (KB4493179)

Microsoft SharePoint Server 2019:

ProductKnowledge Base article title and number
Office Online ServerDescription of the security update for Office Online Server: February 9, 2021 (KB4493192)
SharePoint Server 2019Description of the security update for SharePoint Server 2019: February 9, 2021 (KB4493194)
SharePoint Server 2019 Language PackFebruary 9, 2021, update for SharePoint Server 2019 Language Pack (KB4493193)

Microsoft SharePoint Server 2016:

ProductKnowledge Base article title and number
SharePoint Enterprise Server 2016Description of the security update for SharePoint Enterprise Server 2016: February 9, 2021 (KB4493195)

Microsoft SharePoint Server 2013:

ProductKnowledge Base article title and number
Office Web Apps Server 2013Description of the security update for Office Web Apps Server 2013: February 9, 2021 (KB4493204)
Project Server 2013February 9, 2021, cumulative update for Project Server 2013 (KB4493207)
SharePoint Enterprise Server 2013February 9, 2021, cumulative update for SharePoint Enterprise Server 2013 (KB4493209)
SharePoint Foundation 2013Description of the security update for SharePoint Foundation 2013: February 9, 2021 (KB4493210)
SharePoint Foundation 2013February 9, 2021, cumulative update for SharePoint Foundation 2013 (KB4493205)

Microsoft SharePoint Server 2010:

ProductKnowledge Base article title and number
Project Server 2010February 9, 2021, update for Project Server 2010 (KB4475537)
Project Server 2010February 9, 2021, cumulative update for Project Server 2010 (KB4493217)
SharePoint Foundation 2010Description of the security update for SharePoint Foundation 2010: February 9, 2021 (KB4493223)
SharePoint Server 2010February 9, 2021, cumulative update for SharePoint Server 2010 (KB4493220)
SharePoint Server 2010February 9, 2021, update for SharePoint Server 2010 (KB4493212)
SharePoint Server 2010 Office Web AppsFebruary 9, 2021, update for SharePoint Server 2010 Office Web Apps (KB4493219)

Unboxing – PatchMyPC Swag

Patch My PC (PMPC) has become a household name in the Information Technology industry, particularly for those of us involved with managing 3rd party application patching with System Center Configuration Manager (ConfigMgr/SCCM) and Microsoft Intune. I’ll share my reviews on PMPC in later blog posts but in so many words, it’s an amazing product. In the meantime, if you have any questions, let me know.

This post is to share my excitement for the swag I received from PMPC in appreciation for my strong recommendations and advocacy, not only for the rock solid solution but for the high quality customer service, technical support, and seriousness of listening to their customers for feedback and product improvements. Check out the unboxing video of the thoughtful gifts I received which I will definitely use.

Thank you Justin Chalfant and Patch My PC. I love my gifts.

Adobe Flash End-of-Life and How To Uninstall

Adobe Flash Player went out of support as of December 31, 2020. For more information, see the Adobe Flash Player EOL General Information Page.

Microsoft has released update KB4577586, which is named “Update for the removal of Adobe Flash Player: October 27, 2020“. This update removes Adobe Flash from all Windows 10 and Windows Server systems. Please note: Once this update has been installed, it cannot be removed. Also, this update will only uninstall the ActiveX version of Adobe Flash, and not those installed via other mechanisms.

This update is currently not available in Windows Server Update Service (WSUS), and therefore is only available via the Microsoft Update Catalog. Microsoft states that it will be made available in early 2021.

Manual Installation:
You can install this update manually on systems running Windows 10 or server OS such as Windows Server 2012, 2012 R2, 2016, and 2019 by downloading the update using the Microsoft Update Catalog portal, and selecting the appropriate OS for your system.

Deployment Using WSUS/ConfigMgr:
To deploy this update to multiple systems, you will need to use WSUS to import the update.
1. Launch the WSUS console, expand your server name, then click on Updates in the left-hand pane.
2. In the right-hand Actions pane, click on Import Updates. This will launch the Microsoft Update Catalog in your default browser.

3. In the Microsoft Update Catalog portal, click in the Search box on the top right hand side, and type KB4577586, and click Search.

4. Select the update for the desired OS types, and click on the Add button. This will add the updates to the basket.

5. Click on view basket on the top right-hand side of the page, which is located right below the search box. You will find all the updates you have added to be imported. Make sure that the checkbox for “Import directly into Windows Server Update Services” is selected, and then click the Import button. A window will open to show the import progress and when completed, the updates will be in WSUS.

In case you run into the following failed import state, you will need to add a fix in the registry.

By clicking on the red button labeled “Failed“, you will see it mentions the error number 80131509 with a description as seen in the image below.

To fix the error, launch the registry console by running regedit on the server.
Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319.

Create a new DWORD (32-bit) key, and specify the name as SchUseStrongCrypto and apply the value as 1. Then, restart the server.

Update With ConfigMgr:
If you use ConfigMgr to manage and deploy your Windows Updates, you will need to run a Software Update sync from the ConfigMgr console to pull in the recently imported updates from WSUS.

In the ConfigMgr console, under the Software Library node, go to Software Updates > All Software Updates. To synchronize updates, you can either click the Synchronize Software Updates button on the top left-hand of the console or right-click on “All Software Updates, and select “Synchronize Software Updates” from the pop-out menu.

On successful completion of the software update sync, you will find the update for KB4577586 under “All Software Updates”. At this point, you will need to download the updates into a deployment package, and then deploy the updates to the device collections.

I will add the steps and screen captures to show how to download and deploy the updates using ConfigMgr in my next update or revision of this blog post. Stay tuned.

The resources below are other options available to uninstall using PowerShell scripts. These were written by my friend Ben Whitmore aka ByteBen. He uses the application method instead of the software updates method to uninstall Adobe Flash from systems using the scripts he wrote. Check it out:

1. How to Uninstall Adobe Flash Player from Windows 10 with ConfigMgr
2. Deploy the Update for Removal of Adobe Flash Player (KB4577586) using Intune

Here’s a YouTube episode on Namaste Techies covering all about Adobe Flash removal, including demos and useful tips. Please like and subscribe to the channel. Thanks.


January 2021 – Microsoft Patch Tuesday and Other Patches

Microsoft has released fixes for 83 vulnerabilities, with ten updates classified as Critical and 73 as Important.

Windows 10 Updates for January 2021:

  • KB4598242 (OS Builds 19041.746 and 19042.746) for Windows 10 version 20H2/2004
  • KB4598229 (OS Build 18363.1316) for Windows 10, version 1909
  • KB4598230 (OS Build 17763.1697) for Windows 10 version 1809
  • KB4598245 (OS Build 17134.1967) for Windows 10 version 1803
  • KB4599208 (OS Build 15063.2614) for Windows 10 version 1703
  • KB4598243 (OS Build 14393.4169) for Windows 10 version 1607
  • KB4598231 (OS Build 10240.18818) for Windows 10, initial release

Additional January 2021 Patching Resources:

On January 12, 2021 (Pacific Time), Microsoft released security updates affecting the following Microsoft products:

Product FamilyMaximum SeverityMaximum ImpactAssociated KB Articles and/or Support Webpages
Windows 10 v20H2, v2004, v1909, v1809, and v1803CriticalRemote Code ExecutionWindows 10 v2004 and Windows 10 v20H2: 4598242 Windows 10 v1909: 4598229 Windows 10 v1809: 4598230 Windows 10 v1803: 4598245
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, v2004, v1909)CriticalRemote Code ExecutionWindows Server 2019: 4598230 Windows Server 2016: 4598243 Windows Server v2004 and Windows Server v20H2: 4598242 Windows Server v1909: 4598229
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012CriticalRemote Code ExecutionWindows 8.1 and Windows Server 2012 R2 Monthly Rollup: 4598285 Windows 8.1 and Windows Server 2012 R2 Security Only: 4598275 Windows Server 2012 Monthly Rollup: 4598278 Windows Server 2012 Security Only: 4598297
Microsoft Office-related softwareImportantRemote Code ExecutionKB Articles associated with Microsoft Office-related software: 4493156, 4486736, 4486755, 4486759, 4486762, 4486764, 4493142, 4493143, 4493145, 4493160, 4493165, 4493168, 4493171, 4493176, 4493181, 4493183, and 4493186
Microsoft SharePoint-related softwareImportantRemote Code ExecutionKB Articles associated with Microsoft SharePoint-related software: 4486683, 4486724, 4493161, 4493162, 4493163, 4493167, 4493175, 4493178, and 4493187
Microsoft .NET-related softwareImportantDenial of ServiceFind details on security updates for .NET Framework-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Microsoft SQL Server-related softwareImportantElevation of PrivilegeKB Articles associated with Microsoft SQL Server-related software: 4583456, 4583457, 4583458, 4583459, 4583460, 4583461, 4583462, 4583463, and 4583465
Microsoft Visual Studio-related softwareImportantRemote Code ExecutionKB Articles associated with Microsoft Visual Studio-related software: 4584787
Microsoft Malware Protection EngineCriticalRemote Code ExecutionFind details for security updates for the Microsoft Malware Protection Engine in the Security Update Guide: https://msrc.microsoft.com/update-guide

Notes:

  • The summary above is an overview of updates for the most recent versions of commonly used software.
  • Updates for older versions, apps, and open source software may not be listed.
  • Updates may have been added or removed from the release after this content was finalized.
  • Find details for all updates in the monthly release in the Security Update Guide: https://msrc.microsoft.com/update-guide
  • For additional details, see the release notes at: https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan  

Security vulnerability overview:

Below is a summary showing the number of vulnerabilities addressed in this release, broken down by product/component and by impact.

Vulnerability DetailsRCEEOPIDSFBDOSSPFTMPPublicly DisclosedKnown ExploitMax CVSS
Windows 10 v20H2 & Windows Server v20H21331106200108.8
Windows 10 v2004 & Windows Server v20041331106200108.8
Windows 10 v1909 & Windows Server v1909133086200108.8
Windows 10 v1809 & Windows Server 2019133086100108.8
Windows 10 v1803133076100108.8
Windows Server 2016132775200108.8
Windows 8.1 & Server 2012 R2131764200108.8
Windows Server 2012131752100108.8
Microsoft Office-related software5000000007.8
Microsoft SharePoint-related software4200021008.8
Microsoft SQL Server-related software0100000008.8
Microsoft Visual Studio-related software1200100007.8
Microsoft .NET-related software0000100007.5
Microsoft Malware Protection Engine1000000017.8
RCE = Remote Code Execution | EOP = Elevation of Privilege | ID = Information Disclosure | SFB = Security Feature Bypass | DOS = Denial of Service | SPF = Spoofing | TMP = Tampering

Notes: 

  • Vulnerabilities that overlap components may be represented more than once in the table.
  • The summary above is an overview of updates for commonly used software. Updates for older versions, apps, and open source software may not be listed.
  • Updates may have been added or removed from the release after this content was finalized.
  • Find details for all updates in the monthly release in the Security Update Guide: https://msrc.microsoft.com/update-guide
  • For additional details, see the release notes at: https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan  

Resources for deploying updates to remote devices:

With so many people working remotely, it is a good time to review guidance on deploying security updates to remote devices, such as desktops, laptops, and tablets. Here are some resources to answer questions pertaining to deploying updates to remote devices.

Part 1: Helping businesses rapidly set up to work securely from personal PCs and mobiles
Part 2: Helping IT send and provision business PCs at home to work securely during COVID-19
Part 3: Manage work devices at home during Covid-19 using Configuration Manager
Part 4: Managing remote machines with cloud management gateway (CMG)
Part 5: Managing Patch Tuesday with Configuration Manager in a remote work world

See also:
Mastering​ Configuration Manager Bandwidth limitations for VPN connected Clients

Vulnerability details for the current month:

Below are summaries for some of the security vulnerabilities in this release. These specific vulnerabilities were selected from the larger set of vulnerabilities in the release for one or more of the following reasons: 1) We received inquiries regarding the vulnerability; 2) the vulnerability may have received attention in the trade press; or 3) the vulnerability is potentially more impactful than others in the release. Because we do not provide summaries for every vulnerability in the release, you should review the content in the Security Update Guide for information not provided in these summaries.

Notes on details in the vulnerability summaries:

Attack VectorThis metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.
Attack ComplexityThis metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.
Privileges RequiredThis metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User InteractionThis metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.
CVE-2021-1674Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
ImpactSecurity Feature Bypass
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1674
CVE-2021-1673Remote Procedure Call Runtime Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673
CVE-2021-1643HEVC Video Extensions Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareHEVC Video Extensions
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1643
CVE-2021-1648Microsoft splwow64 Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648
CVE-2021-1665GDI+ Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1665
CVE-2021-1705Microsoft Edge (HTML-based) Memory Corruption Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score4.2
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Affected SoftwareMicrosoft Edge (EdgeHTML-based)
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1705
CVE-2021-1707Microsoft SharePoint Server Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft SharePoint Foundation 2013, SharePoint Foundation 2010, SharePoint Server 2019, and SharePoint Enterprise Server 2016
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707
CVE-2021-1714Microsoft Excel Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft Excel 365 Apps for Enterprise, Excel Services, Excel 2010, Excel 2013, Excel 2016, Office 2010, Office 2013, Office 2016, Office 2019, Office 2019 for Mac, Office Online Server, Office Web Apps Server 2013, and Office SharePoint Enterprise Server 2013.
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1714
CVE-2021-1715Microsoft Word Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft Excel 365 Apps for Enterprise, Word 2010, Word 2013, Word 2016, Office 2010, Office 2019, Office 2019 for Mac, Office Online Server, Office Web Apps 2010, Office Web Apps Server 2013, Office SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, SharePoint Server 2010, and SharePoint Server 2019 
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715
CVE-2021-1636Microsoft SQL Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft SQL Server 2012, SQL Server 2014, SQL Server 2016, SQL Server 2017, and SQL Server 2019
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636
CVE-2021-1647Microsoft Defender Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?Yes
ExploitabilityExploitation detected
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft Security Essentials, System Center 2012 R2, System Center Endpoint Protection, Windows Defender
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 

Disclosure: Source for the info below:

List of patched Office security vulnerabilities

Office security updates published as part of the January 2021 Patch Tuesday address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE) attacks.

Microsoft rated the six RCE bugs patched this month as Important severity issues since they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

TagCVE IDCVE TitleSeverity
Microsoft OfficeCVE-2021-1713Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1714Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1711Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1715Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1716Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1712Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1707Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1718Microsoft SharePoint Server Tampering VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1717Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1719Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1641Microsoft SharePoint Spoofing VulnerabilityImportant

January 2021 Microsoft Office security updates

Microsoft Office security updates are delivered through the Microsoft Update platform and via the Download Center.

Further information about each of them is available within the knowledge base articles linked below.

To download the January 2021 Microsoft Office security updates, you have to click on the corresponding knowledge base article below and then scroll down to the ‘How to download and install the update‘ section.

Microsoft Office 2016

ProductKnowledge Base article title and number
Excel 2016Security update for Excel 2016 (KB4493165)
Office 2016Security update for Office 2016 (KB4493168)
Office 2016Security update for Office 2016 (KB4486755)
Word 2016Security update for Word 2016 (KB4493156)


Microsoft Office 2013

ProductKnowledge Base article title and number
Excel 2013Security update for Excel 2013 (KB4493176)
Office 2013Security update for Office 2013 (KB4486762)
Office 2013Security update for Office 2013 (KB4486759)
Word 2013Security update for Word 2013 (KB4486764)


Microsoft Office 2010

ProductKnowledge Base article title and number
Excel 2010Security update for Excel 2010 (KB4493186)
Office 2010Security update for Office 2010 (KB4493143)
Office 2010Security update for Office 2010 (KB4493142)
Office 2010Security update for Office 2010 (KB4493181)
Word 2010Security update for Word 2010 (KB4493145)


Microsoft SharePoint Server 2019

ProductKnowledge Base article title and number
Office Online ServerSecurity update for Office Online Server (KB4493160)
SharePoint Server 2019Security update for SharePoint Server 2019 (KB4493162)
SharePoint Server 2019 Language PackSecurity update for SharePoint Server 2019 Language Pack (KB4493161)


Microsoft SharePoint Server 2016

ProductKnowledge Base article title and number
SharePoint Enterprise Server 2016Security update for SharePoint Enterprise Server 2016 (KB4493163)
SharePoint Enterprise Server 2016Security update for SharePoint Enterprise Server 2016 (KB4493167)


Microsoft SharePoint Server 2013

ProductKnowledge Base article title and number
Office Web Apps Server 2013Security update for Office Web Apps Server 2013 (KB4493171)
Project Server 2013Cumulative update for Project Server 2013 (KB4493173)
SharePoint Enterprise Server 2013Security update for SharePoint Enterprise Server 2013 (KB4486724)
SharePoint Enterprise Server 2013Security update for SharePoint Enterprise Server 2013 (KB4486683)
SharePoint Enterprise Server 2013Cumulative update for SharePoint Enterprise Server 2013 (KB4493150)
SharePoint Foundation 2013Security update for SharePoint Foundation 2013 (KB4493175)
SharePoint Foundation 2013Cumulative update for SharePoint Foundation 2013 (KB4493172)


Microsoft SharePoint Server 2010

ProductKnowledge Base article title and number
Project Server 2010Cumulative update for Project Server 2010 (KB4493182)
SharePoint Foundation 2010Security update for SharePoint Foundation 2010 (KB4493187)
SharePoint Server 2010Security update for SharePoint Server 2010 (KB4493178)
SharePoint Server 2010Security update for SharePoint Server 2010 (KB4486736)
SharePoint Server 2010Cumulative update for SharePoint Server 2010 (KB4493184)
SharePoint Server 2010 Office Web AppsSecurity update for SharePoint Server 2010 Office Web Apps (KB4493183)

How to Use and Configure Outlook Shared Mailbox

Generally, admins setup a shared mailbox to improve collaboration between teammates and simplify email organization. This blog post explains how to use and configure Outlook shared mailbox with step-by-step instructions, as well as what to do when you face issues with the shared mailbox.

Outlook shared mailbox is a mailbox that can be accessed by multiple users in an organization. It allows teammates to coordinate and manage activities, and all the members can read and send emails from the mailbox, update shared calendars, etc.

The following are a few benefits of using Outlook shared mailboxes:

  • Multiple employees in an organization can share the responsibility of handling and replying to the emails of a single mailbox.
  • Outlook calendar and contacts information can be shared between multiple employees.
  • Admin can assign specific permissions to the members of shared mailbox for security and transparency.

How to Use Outlook Shared Mailboxes?

A shared mailbox automatically shows up in your Outlook profile once the Exchange admin adds you as a member of the mailbox. If you don’t see the shared mailbox, you can restart Outlook and check again.

Note: It may take a while for the shared mailbox to display in your Outlook profile.

If you don’t see the shared mailbox in your Outlook profile even after restarting Outlook, you can add it manually by following these steps:

  • Launch Outlook and go to File > Account Settings > Account Settings.
  • Open the Email tab, select your account, and then click Change.
  • Select More Settings > Advanced > Add.
  • Enter the email ID of the shared mailbox and click OK > OK.
  • Click Next > Finish and then close the window.

How to Send an Email from the Shared Mailbox?

Once you have successfully setup a shared mailbox, you can send emails by following these steps:

  • Launch Outlook and click New Email.
  • Click the From field at the top and select the shared mailbox email address. If you don’t see the shared email address, select Other email address and manually enter the email address. Then click OK.
  • Enter your message and click Send. Now, whenever you will create a new message, you will see the shared email address in the drop-down list in the From field.

How to Use Shared Calendar and Contacts?

Once admin has allowed you to use Outlook Shared Mailboxes, the shared calendar and contacts are automatically added to the appropriate lists in your Outlook profile.

To use calendar associated with the shared mailbox:

  • Go to Outlook and open the calendar view.
  • Then select the shared mailbox.

You need to know the following things about shared calendars:

  • When you create appointments in a shared calendar, whoever has access to the shared mailbox can see these appointments.
  • Members of shared mailbox can create, view, and edit appointments in the calendar.

Like in the case of shared calendar, the shared contacts are added to your My Contacts list automatically, once the admin allows you to use Outlook shared mailboxes. To access the shared contacts, follow these steps:

  • Launch Outlook and select People.
  • Under My Contacts, select the shared contacts folder.

How to Use Shared Mailbox in Outlook Web Access (OWA)?

If you want to open a shared mailbox in a web browser via OWA, you need to know how to setup a shared mailbox in your account manually. Following are the steps to setup a shared mailbox:

  • Sign in to your OWA account. If you are using Office 365, sign in to your account and launch Outlook.
  • Right-click on a folder or your mailbox in the navigation pane, and click Add shared folder
  • Enter the email ID of your shared mailbox in the dialog box and click Add.

Troubleshooting Shared Mailbox Issues

Outlook stores shared mailboxes data, like other mailbox items, locally in Outlook data file (OST). Sometimes, this OST file gets damaged or becomes inaccessible due to various reasons that include network connection issues, storage device failure, virus infection, etc. The problems with OST file may make your shared folder inaccessible or lead to syncing issues with the shared folder.

In such cases, you can delete and recreate the OST file to resolve the issues. However, if you’re not able to recreate the OST file or there are locally saved items in the file, you can recover the OST file data and save it in Outlook importable PST file by using a specialized OST to PST converter software such as Stellar Converter for OST. The software can easily convert an inaccessible or orphaned OST file into PST, in a few clicks.

Conclusion

Shared mailboxes in Outlook make it easy for small teams to manage and send emails from a common email address. These mailboxes also allow you to share contacts and calendars with the members. It’s easy to use and configure Outlook shared mailbox. You can access the shared mailbox almost instantly after the admin has made you a member.

Sometimes, you face some issues with your shared mailbox. This may usually happened due to problems with the OST file. In such a case, you can recreate the OST file to resolve the issue. If this doesn’t work, you can use an OST converter tool such as Stellar Converter for OST to save your OST file data in Outlook importable PST file.