March 2021 – Microsoft Patch Tuesday and Other Patches

Update sign and text on a computer keyboard button 3D illustration.

Microsoft has released fixes for 82 vulnerabilities, with 10 updates classified as Critical and 72 as Important. Here’s an updated announcement (2021-02-09) from Microsoft: Deploy Windows SSUs and LCUs together with one cumulative update –

Beginning with the February 2021 LCU, we will now publish all future cumulative updates and SSUs for Windows 10, version 2004 and above together as one cumulative monthly update to the normal release category in WSUS.

LCU = Latest Cummulative Update
SSU – Servicing Stack Update

UPDATE – 2021-03-14:
DYMO Label Printer fix for BSOD issues.

UPDATE – 2021-03-13:
Microsoft shares temporary fix for Windows 10 printing crashes

UPDATE – 2013-03-13:
Updates on Microsoft Exchange Server Vulnerabilities (CISA)

UPDATE – 2021-03-10:
Windows 10 KB5000802 (March) update is crashing PCs with BSOD
Windows 10 BSOD crashes include the both workstation and server versions running March 2021 cumulative updates:

  • KB5000802: Windows 10 2004/20H2 & Windows Server 2004/20H2
  • KB5000808: Windows 10 1909 & Windows Server 1909
  • KB5000822: Windows 10 1809 & Windows Server 2019
  • KB5000809: Windows 10 1803 & Windows Server 1803

Zero-Day Vulnerabilities Fixes:
1. Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)
2. Internet Explorer Remote Code Execution Vulnerability (CVE-2021-27085)
3. Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-27077)
4. Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27078)

Windows 10 Updates for February 2021:

Microsoft Exchange ProxyLogon attacks

Microsoft released out-of-band security updates for the ProxyLogon vulnerability that are actively being used by threat actors worldwide to compromise Microsoft Exchange servers.

These vulnerabilities are being tracked with the following CVEs:

  • CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26857 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26858 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-27065 – Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft has released security updates for currently supported Microsoft Exchange cumulative updates and older unsupported versions.

Microsoft has released a PowerShell script called Test-ProxyLogon.ps1 that will check for indicators of compromise (IOC) in Exchange HttpProxy logs, Exchange log files, and Windows Application event logs.

March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server

Additional March 2021 Patching Resources:

On March 9, 2021 (PT), Microsoft released security updates affecting the following Microsoft products:

Product FamilyMaximum SeverityMaximum ImpactAssociated KB Articles and/or Support Webpages
Windows 10 v20H2, v2004, v1909, v1809, and v1803CriticalRemote Code ExecutionWindows 10 v2004 and Windows 10 v20H2: 5000802 Windows 10 v1909: 5000808 Windows 10 v1809: 5000822 Windows 10 v1803: 5000809
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, v2004, and v1909)CriticalRemote Code ExecutionWindows Server 2019: 5000822 Windows Server 2016: 5000803 Windows Server v2004 and Windows Server v20H2: 5000802 Windows Server v1909: 5000808
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012CriticalRemote Code ExecutionWindows 8.1 and Windows Server 2012 R2 Monthly Rollup: 5000848 Windows 8.1 and Windows Server 2012 R2 Security Only: 5000853 Windows Server 2012 Monthly Rollup: 5000847 Windows Server 2012 Security Only: 5000840
Internet Explorer 11CriticalRemote Code ExecutionInternet Explorer 11 Cumulative Update: 5000800
Microsoft Office-related softwareImportantRemote Code Execution4484376, 4486673, 4493151, 4493200, 4493203, 4493214, 4493224, 4493225, 4493227, 4493228, 4493229, 4493233, 4493234, 4493239, 4504702, 4504703, 4504707
Microsoft SharePoint-related softwareImportantRemote Code Execution3101541, 4493177, 4493199, 4493230, 4493231, 4493232, 4493238
Power BI Report ServerImportantInformation Disclosure5001284, 5001285
Azure-related softwareCriticalRemote Code ExecutionFind details on security updates for Azure-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Microsoft Visual Studio-related softwareCriticalRemote Code ExecutionFind details on security updates for Visual Studio-related software at https://docs.microsoft.com/visualstudio and in the Security Update Guide: https://msrc.microsoft.com/update-guide
Windows Admin CenterImportantSecurity Feature BypassFind details on security updates for Windows Admin Center in the Security Update Guide: https://msrc.microsoft.com/update-guide
HEVC Video ExtensionsCriticalRemote Code ExecutionFind details on security updates for HEVC Video Extensions in the Security Update Guide: https://msrc.microsoft.com/update-guide

Notes:

  • The summary above is an overview of updates for the most recent versions of commonly used software.
  • Updates for older versions, apps, and open source software may not be listed.
  • Updates may have been added or removed from the release after this content was finalized.
  • Find details for all updates in the monthly release in the Security Update Guide: https://msrc.microsoft.com/update-guide
  • For additional details, see the release notes at: https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar  

Security vulnerability overview:

Below is a summary showing the number of vulnerabilities addressed in this release, broken down by product/component and by impact.

Vulnerability DetailsRCEEOPIDSFBDOSSPFTMPPublicly DisclosedKnown ExploitMax CVSS
Windows 10 v20H2 & Windows Server v20H2112931400109.9
Windows 10 v2004 & Windows Server v2004112931400109.9
Windows 10 v1909 & Windows Server v1909112831400109.9
Windows 10 v1809 & Windows Server 2019102631400109.8
Windows 10 v180342131200108.8
Windows Server 201681731400109.8
Windows 8.1 & Server 2012 R281230400109.8
Windows Server 201281230300109.8
Internet Explorer 112000000118.8
Microsoft Office-related software7001000007.8
Microsoft SharePoint-related software1010010008.8
Power BI Report Server0010000007.7
Azure-related software2010000009.3
Microsoft Visual Studio-related software6000000008.8
Windows Admin Center0001000004.3
HEVC Video Extensions10000000007.8
RCE = Remote Code Execution | EOP = Elevation of Privilege | ID = Information Disclosure | SFB = Security Feature Bypass | DOS = Denial of Service | SPF = Spoofing | TMP = Tampering

Notes: 

  • Vulnerabilities that overlap components may be represented more than once in the table.
  • The summary above is an overview of updates for commonly used software. Updates for older versions, apps, and open source software may not be listed.
  • Updates may have been added or removed from the release after this content was finalized.
  • Find details for all updates in the monthly release in the Security Update Guide: https://msrc.microsoft.com/update-guide
  • For additional details, see the release notes at: https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar  

Resources for deploying updates to remote devices

With so many people working remotely, it is a good time to review guidance on deploying security updates to remote devices, such as desktops, laptops, and tablets. Here are some resources to answer questions pertaining to deploying updates to remote devices.

Part 1: Helping businesses rapidly set up to work securely from personal PCs and mobiles

Part 2: Helping IT send and provision business PCs at home to work securely during COVID-19

Part 3: Manage work devices at home during Covid-19 using Configuration Manager

Part 4: Managing remote machines with cloud management gateway (CMG)

Part 5: Managing Patch Tuesday with Configuration Manager in a remote work world

See also:

Mastering​ Configuration Manager Bandwidth limitations for VPN connected Clients

Vulnerability details for the current month

Below are summaries for some of the security vulnerabilities in this release. These specific vulnerabilities were selected from the larger set of vulnerabilities in the release for one or more of the following reasons: 1) We received inquiries regarding the vulnerability; 2) the vulnerability may have received attention in the trade press; or 3) the vulnerability is potentially more impactful than others in the release. Because we do not provide summaries for every vulnerability in the release, you should review the content in the Security Update Guide for information not provided in these summaries.

Notes on details in the vulnerability summaries:

Attack VectorThis metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.
Attack ComplexityThis metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.
Privileges RequiredThis metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User InteractionThis metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.
CVE-2021-24089HEVC Video Extensions Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: NoneConfidentiality: High
Attack Vector: LocalUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:HEVC Video Extensions
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24089
CVE-2021-24090Windows Error Reporting Elevation of Privilege Vulnerability 
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: NoneConfidentiality: High
Attack Vector: LocalUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows Server, version 20H2, Windows Server, version 2004, and Windows Server, version 1909
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24090
CVE-2021-26867Windows Hyper-V Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 9.9Privileges Required: LowConfidentiality: High
Attack Vector: NetworkUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: ChangedAvailability: High
Affected Software:Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows Server, version 20H2, Windows Server, version 2004, and Windows Server, version 1909
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26867
CVE-2021-27077Windows Win32k Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: LowConfidentiality: High
Attack Vector: LocalUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:All supported versions of Windows
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077
CVE-2021-26897Windows DNS Server Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Score MetricsBase CVSS Score: 9.8Privileges Required: NoneConfidentiality: High
Attack Vector: NetworkUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Windows Server, version 20H2, Windows Server, version 2004, Windows Server, version 1909, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897
CVE-2021-26411Internet Explorer Memory Corruption Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?Yes
Known Exploits?Yes
ExploitabilityExploitation detected
CVSS Score MetricsBase CVSS Score: 8.8Privileges Required: NoneConfidentiality: Low
Attack Vector: NetworkUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: ChangedAvailability: Low
Affected Software:Internet Explorer 11 on Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1809, Windows 10 Version 1803, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012 and Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1809, Windows 10 Version 1803, Windows Server 2019, and Windows Server 2016
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411
CVE-2021-27076Microsoft SharePoint Server Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Score MetricsBase CVSS Score: 8.8Privileges Required: LowConfidentiality: High
Attack Vector: NetworkUser Interaction: NoneIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Microsoft SharePoint Foundation 2013, Business Productivity Servers 2010, SharePoint Server 2019, and SharePoint Enterprise Server 2016
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27076     
CVE-2021-27053Microsoft Excel Remote Code Execution Vulnerability 
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Score MetricsBase CVSS Score: 7.8Privileges Required: NoneConfidentiality: High
Attack Vector: LocalUser Interaction: RequiredIntegrity: High
Attack Complexity: LowScope: UnchangedAvailability: High
Affected Software:Microsoft Office 2019, Office Online Server, 365 Apps for Enterprise, Excel 2016, Excel 2013, Excel 2010, and Office Web Apps Server 2013
More Information:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27053

February 2021 – Microsoft Patch Tuesday and Other Patches

Microsoft has released fixes for 56 vulnerabilities, with 11 updates classified as Critical and 43 as Important. Here’s an updated announcement (2021-02-09) from Microsoft: Deploy Windows SSUs and LCUs together with one cumulative update –

Beginning with the February 2021 LCU, we will now publish all future cumulative updates and SSUs for Windows 10, version 2004 and above together as one cumulative monthly update to the normal release category in WSUS.

LCU = Latest Cummulative Update
SSU – Servicing Stack Update

UPDATE – 2021-02-21
KB4301818 > KB5001078

UPDATE – 2021-02-17
KB4577586

Windows 10 Updates for February 2021:

  • KB4601319 (OS Builds 19041.804 and 19042.804) for Windows 10 version 20H2 / 2004
  • KB4601315 (OS Build 18363.1377) for Windows 10, version 1909
  • KB5001028 (OS Build 18363.1379) Out-of-band for Windows 10, version 1909
  • KB4601345 (OS Build 17763.1757) for Windows 10 version 1809
  • KB4601354 (OS Build 17134.2026) for Windows 10 version 1803
  • KB4601330 (OS Build 15063.2642) for Windows 10 version 1703
  • KB4601318 (OS Build 14393.4225) for Windows 10 version 1607
  • KB4601331 (OS Build 10240.18842) for Windows 10, initial release

Additional February 2021 Patching Resources:

Patched publicly disclosed vulnerabilities:

  • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
  • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability

Intel microcode updates for Windows:

Microsoft has also released Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix issues impacting current and previously released Windows 10 versions.

These microcode updates are offered to affected devices via Windows Update but they can also be manually downloaded directly from the Microsoft Catalog using these links:

  • KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
  • KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
  • KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
  • KB4589206: Intel microcode updates for Windows 10, version 1803
  • KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
  • KB4589198: Intel microcode updates for Windows 10, version 1507

On February 9, 2021, Microsoft released security updates affecting the following Microsoft products:

Product FamilyMaximum SeverityMaximum ImpactAssociated KB Articles and/or Support Webpages
Windows 10 v20H2, v2004, v1909, v1809, and v1803CriticalRemote Code ExecutionWindows 10 v2004 and Windows 10 v20H2: 4601319 Windows 10 v1909: 4601315 Windows 10 v1809: 4601345 Windows 10 v1803: 4601354
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, v2004, and v1909)CriticalRemote Code ExecutionWindows Server 2019: 4601345 Windows Server 2016: 4601318 Windows Server v2004 and Windows Server v20H2: 4601319 Windows Server v1909: 4601315
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012CriticalRemote Code ExecutionWindows 8.1 and Windows Server 2012 R2 Monthly Rollup: 4601384 Windows 8.1 and Windows Server 2012 R2 Security Only: 4601349 Windows Server 2012 Monthly Rollup: 4601348 Windows Server 2012 Security Only: 4601357
Microsoft Office-related softwareImportantRemote Code Execution4493211, 4493222, 4493196, 4493192, 4493204
Microsoft SharePoint-related softwareImportantRemote Code Execution4493210, 4493194, 4493195, 4493223
Microsoft Lync/Skype for BusinessImportantDenial of Service5000675, 5000688
Microsoft Exchange ServerImportantSpoofing4602269, 4571787
Microsoft .NET-related softwareCriticalRemote Code Execution4601318, 4601050, 4601887, 4603004, 4602960, 4603005, 4602961, 4601354, 4601056, 4603003, 4602959, 4603002, 4602958, 4601051, 4601054
Microsoft Visual StudioImportantRemote Code ExecutionFind details on security updates for Visual Studio-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Microsoft Dynamics-related softwareImportantInformation Disclosure4602915
Microsoft Azure-related softwareImportantElevation of PrivilegeFind details on security updates for Azure-related software in the Security Update Guide: https://msrc.microsoft.com/update-guide
Developer toolsImportantRemote Code ExecutionFind details on security updates for developer tools in the Security Update Guide: https://msrc.microsoft.com/update-guide

Notes:

Security vulnerability overview:

Below is a summary showing the number of vulnerabilities addressed in this release, broken down by product/component and by impact.

Vulnerability DetailsRCEEOPIDSFBDOSSPFTMPPublicly DisclosedKnown ExploitMax CVSS
Windows 10 v20H2 & Windows Server v20H210752400319.8
Windows 10 v2004 & Windows Server v200410752400319.8
Windows 10 v1909 & Windows Server v190910652300319.8
Windows 10 v1809 & Windows Server 201910752300319.8
Windows 10 v18037642300319.8
Windows Server 201610531200109.8
Windows 8.1 & Server 2012 R27430200109.8
Windows Server 20127430200109.8
Microsoft Office-related software4000000007.8
Microsoft SharePoint-related software2010010008.8
Lync/Skype for Business0000110006.5
Microsoft Exchange Server0000020006.5
Microsoft .NET-related software2000200008.1
Microsoft Visual Studio-related software2000100107.8
Microsoft Dynamics-related software0010010006.5
Microsoft Azure-related software0200000007.0
Developer tools1100000007.8
RCE = Remote Code Execution | EOP = Elevation of Privilege | ID = Information Disclosure | SFB = Security Feature Bypass | DOS = Denial of Service | SPF = Spoofing | TMP = Tampering

Resources for deploying updates to remote devices:

Part 1: Helping businesses rapidly set up to work securely from personal PCs and mobiles
Part 2: Helping IT send and provision business PCs at home to work securely during COVID-19
Part 3: Manage work devices at home during Covid-19 using Configuration Manager
Part 4: Managing remote machines with cloud management gateway (CMG)
Part 5: Managing Patch Tuesday with Configuration Manager in a remote work world

See also:
Mastering​ Configuration Manager Bandwidth limitations for VPN connected Clients

Vulnerability details for the current month:

Below are summaries for some of the security vulnerabilities in this release:

Attack VectorThis metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.
Attack ComplexityThis metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.
Privileges RequiredThis metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User InteractionThis metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.
CVE-2021-1727Windows Installer Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1727
CVE-2021-1732Windows Win32k Elevation of Privilege Vulnerability
ImpactElevation of Privilege
SeverityImportant
Publicly Disclosed?No
Known Exploits?Yes
ExploitabilityExploitation detected
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareWindows 10 v20H2, Windows 10 v2004, Windows 10 v1909, Windows 10 v1809, Windows 10 v1803, Windows Server v20H2, Windows Server v2004, Windows Server v1909, and Windows Server 2019
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
CVE-2021-24074Windows TCP/IP Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074
CVE-2021-24094Windows TCP/IP Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094
CVE-2021- 24077Windows Fax Service Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24077
CVE-2021-24078Windows DNS Server Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score9.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareWindows Server v20H2, Windows Server v2004, Windows Server v1909, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24078
CVE-2021-24088Windows Local Spooler Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityCritical
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareAll supported versions of Windows
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24088
CVE-2021-24098Windows Console Driver Denial of Service Vulnerability
ImpactDenial of Service
SeverityImportant
Publicly Disclosed?Yes
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score5.5
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Affected SoftwareWindows 10 v20H2, Windows 10 v2004, Windows 10 v1909, Windows 10 v1809, Windows 10 v1803, Windows Server v20H2, Windows Server v2004, Windows Server v1909, and Windows Server 2019
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24098
CVE-2021-24066Microsoft SharePoint Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation more likely
CVSS Base Score8.8
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Foundation 2010 Service Pack 2
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24066
CVE-2021-24067Microsoft Excel Remote Code Execution Vulnerability
ImpactRemote Code Execution
SeverityImportant
Publicly Disclosed?No
Known Exploits?No
ExploitabilityExploitation less likely
CVSS Base Score7.8
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Affected SoftwareMicrosoft 365 Apps for Enterprise, Excel 2016, Excel 2013, Excel 2010, Office Online Server, Office 2019, Office 2019 for Mac, and Office Web Apps Server 2013
More Informationhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24067 

February 2021 Microsoft Office security updates

Microsoft Office security updates are delivered through the Microsoft Update platform and via the Download Center.

Patched Office security vulnerabilities – (Source: Bleeping Computer)

This month’s Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi) based editions of Microsoft Office products to remote code execution (RCE), information disclosure, and spoofing attacks.

Microsoft rated the six RCE bugs patched in February 2021 as Important severity issues given that they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

Following successful exploitation, attackers could install malicious programs, view, change, and delete data, as well as make their own admin accounts on exploited Windows devices.

TagCVE IDCVE TitleSeverity
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant

Further information about each of them is available within the knowledge base articles linked below.

Microsoft Office 2016:

ProductKnowledge Base article title and number
Excel 2016Description of the security update for Excel 2016: February 9, 2021 (KB4493196)
Office 2016February 2, 2021, update for Office 2016 (KB4493189)
Outlook 2016February 2, 2021, update for Outlook 2016 (KB4493190)
PowerPoint 2016February 2, 2021, update for PowerPoint 2016 (KB4493164)

Microsoft Office 2013:

ProductKnowledge Base article title and number
Excel 2013Description of the security update for Excel 2013: February 9, 2021 (KB4493211)
Office 2013February 2, 2021, update for Office 2013 (KB4486684)
PowerPoint 2013February 2, 2021, update for PowerPoint 2013 (KB4493169)

Microsoft Office 2010:

ProductKnowledge Base article title and number
Excel 2010Description of the security update for Excel 2010: February 9, 2021 (KB4493222)
Office 2010February 2, 2021, update for Office 2010 (KB4493180)
PowerPoint 2010February 2, 2021, update for PowerPoint 2010 (KB4493179)

Microsoft SharePoint Server 2019:

ProductKnowledge Base article title and number
Office Online ServerDescription of the security update for Office Online Server: February 9, 2021 (KB4493192)
SharePoint Server 2019Description of the security update for SharePoint Server 2019: February 9, 2021 (KB4493194)
SharePoint Server 2019 Language PackFebruary 9, 2021, update for SharePoint Server 2019 Language Pack (KB4493193)

Microsoft SharePoint Server 2016:

ProductKnowledge Base article title and number
SharePoint Enterprise Server 2016Description of the security update for SharePoint Enterprise Server 2016: February 9, 2021 (KB4493195)

Microsoft SharePoint Server 2013:

ProductKnowledge Base article title and number
Office Web Apps Server 2013Description of the security update for Office Web Apps Server 2013: February 9, 2021 (KB4493204)
Project Server 2013February 9, 2021, cumulative update for Project Server 2013 (KB4493207)
SharePoint Enterprise Server 2013February 9, 2021, cumulative update for SharePoint Enterprise Server 2013 (KB4493209)
SharePoint Foundation 2013Description of the security update for SharePoint Foundation 2013: February 9, 2021 (KB4493210)
SharePoint Foundation 2013February 9, 2021, cumulative update for SharePoint Foundation 2013 (KB4493205)

Microsoft SharePoint Server 2010:

ProductKnowledge Base article title and number
Project Server 2010February 9, 2021, update for Project Server 2010 (KB4475537)
Project Server 2010February 9, 2021, cumulative update for Project Server 2010 (KB4493217)
SharePoint Foundation 2010Description of the security update for SharePoint Foundation 2010: February 9, 2021 (KB4493223)
SharePoint Server 2010February 9, 2021, cumulative update for SharePoint Server 2010 (KB4493220)
SharePoint Server 2010February 9, 2021, update for SharePoint Server 2010 (KB4493212)
SharePoint Server 2010 Office Web AppsFebruary 9, 2021, update for SharePoint Server 2010 Office Web Apps (KB4493219)

Windows ADK 2004 For Windows 10 Now Available with Add-On

With the release of Windows 10 version 2004, the following tool to support this latest Windows 10 build, Windows Assessment and Deployment Kit (ADK) version 2004 is now available.
You can download it from: Windows 10 Assessment and Deployment Kit (ADK).

NOTE: There is a change with this ADK which requires an add-on installation to include Windows PE.

Starting with Windows 10, version 1809, Windows Preinstallation Environment (PE) is released separately from the Assessment and Deployment Kit (ADK). To add Windows PE to your ADK installation, download the Windows PE Addon and run the included installer after installing the ADK. This change enables post-RTM updates to tools in the ADK. After running the installer for the WinPE add-on, the WinPE files will be in the same location as they were in previous installs of the ADK.

See Download and install the Windows ADK and ADK tools to get the ADK and WinPE add-on.

The Windows ADK is also available to Windows Insiders. Join the Windows Insider Program to get the Windows ADK Insider Preview.

The latest version of the Windows ADK includes:

Windows Performance Recorder (WPR)

New SkipPDBGen Option – During WPR stop, you can now specify in the command line the ability to skip generation of PDBs (NGen & Embedded) to help reduce trace stop time.

  • wpr -stop <recording filename> <Problem description> [-skipPdbGen]

Learn more about Windows ADK v2004 for Windows 10.

Windows 7 Support is Ending – Upgrade to Windows 10 ASAP

Windows 7 start screen displayed on a laptop at a desk

Starting January 14, 2020, Microsoft will no longer provide security updates, software updates and technical support for computers running Windows 7. Start upgrading the Windows 7 computers in your organizations or in your homes to Windows 10 ASAP.

This website, Windows 7 End of Life provides a nice countdown along with a calculator to determine how many computers you will need to upgrade per month, per week, or per day given the number of Windows 7 computers you have left to upgrade.

Nash Pherson, the creator of the Win 7 End of Life website also provides a nice PowerShell script to find all the Windows 7 computer objects remaining in your Active Directory. Great resource, Thanks Nash!

This is the Windows Lifecycle Fact Sheet for every Windows product available, which provides information for support timelines and more.

How To Disable Blur on Windows 10 Sign-In Screen

Starting with Windows 10 “19H1” or build 18237, you have likely encountered a blurred background on the login screen. Some users like this feature and some don’t. If you’d like to change the blurred effect to a clear image, then you can do it in two ways:
1. Group Policy or Local Policy
2. Registry setting

Change using Group Policy or Local Policy:

  • Launch the Group Policy Editor > gpedit.msc
  • In Group Policy Editor, go to: Computer Configuration\Administrative Templates\System\Logon
  • Enable the policy option: Show clear logon background
  • Restart the computer for good measure

Change using Registry setting:

  • Launch the Registry editor (make sure you backup the registry prior to making any changes) > regedit.exe
  • Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
  • Create a new DWORD (32-bit) value: DisableAcrylicBackgroundOnLogon
  • Set the Value data to 1 to disable the blur effect on the login screen
  • Restart the computer

Now, you should have a clear login screen background.

Microsoft Insider Programs

Microsoft provides several Insider programs which you can participate to get a preview of the latest features and updates, as well as provide feedback to Microsoft for bugs, issues, and request features.

In case you are trying to figure out what Insider programs are available and how you can sign up to participate, see below for the individual programs.

Windows Insider
Bing Insider
Microsoft Edge Insider
Microsoft Office Insider
MSIX Insider
Visual Studio Code Insider
Visual Studio Preview
Skype Insider
Xbox Insider

Source: https://insider.microsoft.com/en-us

Windows PXE Boot Issues – KB4493467 (April 9, 2019)

Microsoft has acknowledged an issue with PXE boot affecting Windows 8.1 and Windows Server 2012 R2 systems caused by a Security-Only update (KB4493467) released on April 9, 2019.

The Issue:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

The Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:
Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:
Use the Windows Deployment Services UI.

  1. Open Windows Deployment Services from Windows Administrative Tools.
  2. Expand Servers and right-click a WDS server.
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:
Set the following registry value to 0:

HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Windows 10 Automatically Uninstalls Problematic Software Updates

Patch Management is an important role of a Sysadmin in the Enterprise, because securing endpoints with security updates to keep systems secure and functional, receive fixes that resolve issues, and patch security holes is highly important. However, with the frequency of security updates which are released these days, patch management tasks feels like a full-time job!

For the most part, monthly patches are straight forward, however in recent months, they have been problematic where they have caused system crashes, blue screens, application functionality issues, and introduced other bugs. Some faulty patches are quickly reversed or rectified by Microsoft, while others go unfixed for a longer duration causing further duress and downtime in many organizations. This has been a major pain point for Sysadmins in the field.

Well, we may have some reprieve from these buggy patches. Microsoft has announced that it will start uninstalling problematic patches automatically from Windows 10 systems when it detects a startup issue due to incompatibility or issues stemming from a recently installed patch. The following notification will be presented:
“We removed some recently installed updates to recover your device from a startup failure.”

According to this KB4492307 posted by Microsoft, the problematic patch will not be reinstalled for 30 days to allow Microsoft and it’s partners to investigate and fix the issues. This process seems like a good proactive approach by Microsoft to get a handle of buggy patches, however more information is needed in terms of how this will work with detection, deployments, and compliance of these patches using ConfigMgr and WSUS as mechanisms for patch management in the enterprise. Time will tell, we hope!

Enable Windows 10 Administrator Account

This post is not to emphasize or promote the use of the local administrator account or provide such level of access to your users. IT Professionals and security experts will tell you that providing local administrator account privileges for end users is risky as it can introduce lots of issues such as ransomware attacks, malware infections, risk of compromised systems, and Pass-the-Hash attacks to name a few.

The local administrator account on a Windows 10 system is disabled by default. If you need to enable it for troubleshooting purposes or for some management tasks, you can do so in 3 ways.

Option 1: Computer Management

  • Click Start > search for Computer Management
  • Expand Local Users and Groups
  • Expand Users
  • Right-click on Administrator account
  • Uncheck Account is disabled box > click Apply and OK
  • Right-click Administrator account
  • Click on Set Password
  • Click on Proceed
  • Enter new password as desired
  • Confirm password > click OK

Option 2: Command Prompt

  • Click on Start > search for Command Prompt
  • Right-click and Run as Administrator
  • Type the following command and press enter:

net user “Administrator” /active:yes

Option 3: PowerShell

  • Click on Start > search for PowerShell
  • Right-click and Run as Administrator
  • Type the following command and press enter:

Get-LocalUser -Name “Administrator” | Enable-LocalUser

To disable the local Administrator account:

Get-LocalUser -Name “Administrator” | Disable-LocalUser

Microsoft Deployment Toolkit (MDT 8456) Released

The Microsoft Deployment Toolkit (MDT) has been released and the most current build (8456) which can be downloaded from the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10 version 1809 (10.1.17763.1) which is available for download on the Microsoft Hardware Dev Center.

The official MDT release note are available here:
https://docs.microsoft.com/en-us/sccm/mdt/release-notes

Some of the significant changes in this update include:

  • Supported configuration updates
    • Windows ADK for Windows 10, version 1809
    • Windows 10, version 1809
    • Configuration Manager, version 1810
  • Major changes
    • Nested task sequence support for LTI scenario
    • Modern language pack supportNote 1
    • Support for Configuration Manager version 1810Note 2
    • IsVM evaluates to False on Parallels VMs
    • IsVM = False when VMware VM is configured with EFI boot firmware
    • Gather doesn’t recognize All-in-One chassis type
    • MDT doesn’t automatically install BitLocker on Windows Server 2016
    • BDEDisablePreProvisioning typo in ZTIGather.xml

Check out Johan Arwidmark’s “A Geeks Guide for upgrading to MDT 8456” blog post for steps to upgrade MDT as a standalone and in ConfigMgr.

The following post provides some information on How to get help with MDT, in case you need it.