First Patch Tuesday in 2021

Microsoft today released its first set of patches for Windows versions supported through 2021. Here are the updates for Windows 10.

Published patches:

  • KB4598242 (OS builds 19041,746 and 19042,746) for Windows 10 version 20H2/2004
  • KB4598229 (OS Build 18363.1316) for Windows 10, version 1909
  • KB4598230 (OS Build 17763.1697) for Windows 10, version 1809.
  • KB4598245 (OS Build 17134.1967) for Windows 10 Version 1803
  • KB4599208 (OS Build 15063.2614) for Windows 10 version 1703
  • KB4598243 (OS Build 14393.4169) for Windows 10 version 1607
  • KB4598231 (OS Build 10240.18818) for Windows 10, first release

Here are some of the changes made to these versions.

Amendments

KB4598242 (OS build 19041,746 and 19042,746), KB4598229 (OS build 18363,1316), and KB4598229 (OS build 18363,1316) have the following switch dog in common.

  • Fixes security holes in intranet servers based on the HTTPS protocol. After installing this update, intranet servers based on the HTTPS protocol cannot use a custom proxy to detect updates by default. Scanning with these servers will fail if you do not have a system proxy configured on the clients. If you must use a custom proxy, you must configure the behavior with the policy Allow the use of a custom proxy as a fallback if detection fails with the system proxy. To ensure the highest level of security, you must also use a Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate associated with all devices. This change does not affect customers using WSUS HTTP servers. For more information, see Validating Changes, Advanced Security for Windows Devices.
  • Fixes a security bypass vulnerability that exists in the way the Remote Print Procedure Call (RPC), which controls authentication for the remote Winspool interface, is linked. For more information, see KB4599464.
  • Security updates for Windows App, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services platforms and frameworks.

KB4598230 (OS build 17763.1697) comes with the following changes.

  • Fixed a sync issue on print servers that could send print jobs to the wrong queue.
  • Fixes security holes in intranet servers based on the HTTPS protocol. After installing this update, HTTPS-based intranet servers cannot use a custom proxy by default to detect updates. Scanning with these servers will fail if you do not have a system proxy configured on the clients. If you must use a custom proxy, you must configure the behavior with the policy Allow the use of a custom proxy as a fallback if detection fails with the system proxy. To ensure the highest level of security, you must also use a Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate associated with all devices. This change does not affect customers using WSUS HTTP servers. For more information, see Validating Changes, Advanced Security for Windows Devices.
  • Fixes a security bypass vulnerability that exists in the way the Remote Print Procedure Call (RPC), which controls authentication for the remote Winspool interface, is linked. For more information, see KB4599464.
  • Fixes a problem that can corrupt the file system of some devices and prevents them from booting after running chkdsk /f.
  • Security updates for Windows App Platform, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

KB4598245 (OS Build 17134.1967) contains the following improvements.

  • Improves Microsoft Defender to support endpoints in new regions.
  • Fixes security holes in intranet servers based on the HTTPS protocol. After installing this update, HTTPS-based intranet servers cannot use a custom proxy by default to detect updates. Scanning with these servers will fail if you do not have a system proxy configured on the clients. If you must use a custom proxy, you must configure the behavior with the policy Allow the use of a custom proxy as a fallback if detection fails with the system proxy. To ensure the highest level of security, you must also use a Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate associated with all devices. This change does not affect customers using WSUS HTTP servers. For more information, see Validating Changes, Advanced Security for Windows Devices.
  • Fixes a security bypass vulnerability that exists in the way the Remote Print Procedure Call (RPC), which controls authentication for the remote Winspool interface, is linked. For more information, see KB4599464.
  • Security updates for Windows App Platform, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

Finally, KB4598231 (OS Build 10240.18818) comes with this changelog:

  • Fixes security holes in intranet servers based on the HTTPS protocol. After installing this update, HTTPS-based intranet servers cannot use a custom proxy by default to detect updates. Scanning with these servers will fail if you do not have a system proxy configured on the clients. If you must use a custom proxy, you must configure the behavior with the policy Allow the use of a custom proxy as a fallback if detection fails with the system proxy. To ensure the highest level of security, you must also use a Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate associated with all devices. This change does not affect customers using WSUS HTTP servers. For more information, see Validating Changes, Advanced Security for Windows Devices.
  • Fixes a security bypass vulnerability that exists in the way the Remote Print Procedure Call (RPC), which controls authentication for the remote Winspool interface, is linked. For more information, see KB4599464.
  • Security updates for Windows App Platform, Microsoft Graphics Component, Windows Media, Windows Management, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

Visit the Windows Patch History website for package requirements and known issues (if any).

To install updates

To download these updates, open Settings – > Updates and Recovery and click on Check for updates on the right.

You can also get it from the Windows Update online catalog.

Useful links

Support us.

Vinero is counting a lot on your support. You can help the site continue to provide you with interesting and useful content and software by using these options:

Sergei Tkachenko 13. January 2021 on Windows 10.

About Sergei Tkachenko

Sergey Tkachenko is a Russian software developer who founded Winaero in 2011. In this blog Sergey writes about everything related to Microsoft, Windows and popular software. Follow him on Telegram, Twitter and YouTube.

 

You May Also Like