Executive Summary
Microsoft has released fixes for 117 vulnerabilities, with 13 classified as Critical, 1 Moderate, and 103 as Important.
Microsoft has released security updates for all supported versions of its Windows operating system.
Of the 117 vulnerabilities, 44 are remote code execution, 32 are for elevation of privilege, 14 are information disclosure, 12 are Denial of Service, 8 are security feature bypass, and 7 are spoofing vulnerabilities.
Security updates are also available for Microsoft Office, Power BI and Visual Studio Code.
The following products have known issues: Windows 7 SP1, Windows 8.1, Windows 10 version 1809, 2004, 20H2, 21H1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2019, Microsoft Exchange Server 2013, 2016 and 2019
Windows Clients
Windows 7 (extended support only): 30 vulnerabilities: 3 critical and 27 important
Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527
Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497
Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448
Windows 8.1: 39 vulnerabilities: 3 critical and 36 important
same as Windows 7
Windows 10 version 1903 and 1909: 67 vulnerabilities: 5 critical and 62 important
same as Windows 7, plus
Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-34450
Microsoft Windows Media Foundation Remote Code Execution Vulnerability — CVE-2021-34503
Windows 10 version 2004, 20H2 and 21H1 : 68 vulnerabilities, 4 critical and 64 important
Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527
Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497
Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-34450
Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448
Windows Servers
Windows Server 2008 R2 (extended support only): 37 vulnerabilities: 1 critical and 11 important
Windows DNS Server Remote Code Execution Vulnerability — CVE-2021-34494
Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527
Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497
Windows Server 2012 R2: 50 vulnerabilities: 4 critical and 46 important
Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448
Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497
Windows DNS Server Remote Code Execution Vulnerability — CVE-2021-34494
Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527
Windows Server 2016: 60 vulnerabilities: 6 critical and 54 important.
same as Windows Server 2021 R2 plus
Windows Kernel Remote Code Execution Vulnerability — CVE-2021-34458
Microsoft Windows Media Foundation Remote Code Execution Vulnerability — CVE-2021-34439
Windows Server 2019: 77 vulnerabilities: 2 critical and 22 important
Microsoft Windows Media Foundation Remote Code Execution Vulnerability — CVE-2021-34439
Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497
Windows DNS Server Remote Code Execution Vulnerability — CVE-2021-34494
Windows Kernel Remote Code Execution Vulnerability — CVE-2021-34458
Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-34450
Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448
Windows Media Remote Code Execution Vulnerability — CVE-2021-33740
Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
Monthly Rollup: KB5004289
Security-Only: KB5004307
Updates and improvements:
Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)
Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)
Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
Security updates.
Windows 8.1 and Windows Server 2012 R2
Monthly Rollup: KB5004298
Security-only: KB5004285
Updates and improvements:
Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)
Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)
Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
Security updates.
Windows 10 version 1909
Support Page: KB5004245
Updates and improvements:
Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
Security updates
Windows 10 version 2004, 20H2 and 21H1
Support Page: KB5004237
Updates and improvements:
Fixed a printing issue that made printing to affected printers difficult. Affected receipt and label printers mostlz.
Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
Fixed a vulnerability that caused Primary Refresh Tokens to be encrypted weakly.
Security updates
Known Issues
Windows 7 SP1 and Server 2008 R2
Updates may fail to install if the system is not an ESU system.
Expected behaviour.
Operations may fail on Cluster Shared Volumes.
Run the operations with administrative privileges.
Run the operations from a node that does not have CSV ownership.
Windows 8.1 and Windows Server 2012 R2
Operations may fail on Cluster Shared Volumes.
Run the operations with administrative privileges.
Run the operations from a node that does not have CSV ownership.
Windows 10 versions 2004, 20H2 and 21H1
An issue with output characters when using the Microsoft Japanese Input Method Editor to enter Kanji characters.
Microsoft is still working on a solution.
Issue with Edge Legacy being removed but the new Edge not installed on devices that were installed using custom offline media or custom ISO images.
See the workaround on the support page.
Advisories & Security Updates
ADV 990001 — Latest Servicing Stack Updates
Other updates
2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004116)
2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004117)
2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5004118)
2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5004120)
2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004121)
2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5004122)
2021-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004229)
2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004230)
2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5004231)
2021-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5004232)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004 (KB5003537)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5003538)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5003539)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5003541)
2021-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5004115)
2021-07 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5004228)
With thanks to the Patchmanagement.org team!