Executive Summary

Microsoft has released fixes for 117 vulnerabilities, with 13 classified as Critical, 1 Moderate, and 103 as Important.

Microsoft has released security updates for all supported versions of its Windows operating system.

Of the 117 vulnerabilities, 44 are remote code execution, 32 are for elevation of privilege, 14 are information disclosure, 12 are Denial of Service, 8 are security feature bypass, and 7 are spoofing vulnerabilities.

Security updates are also available for Microsoft Office, Power BI and Visual Studio Code.

The following products have known issues: Windows 7 SP1, Windows 8.1, Windows 10 version 1809, 2004, 20H2, 21H1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2019, Microsoft Exchange Server 2013, 2016 and 2019

Windows Clients

Windows 7 (extended support only): 30 vulnerabilities: 3 critical and 27 important

Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527

Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497

Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448

Windows 8.1: 39 vulnerabilities: 3 critical and 36 important

same as Windows 7

Windows 10 version 1903 and 1909: 67 vulnerabilities: 5 critical and 62 important

same as Windows 7, plus

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-34450

Microsoft Windows Media Foundation Remote Code Execution Vulnerability — CVE-2021-34503

Windows 10 version 2004, 20H2 and 21H1 : 68 vulnerabilities, 4 critical and 64 important

Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527

Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-34450

Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448

Windows Servers

Windows Server 2008 R2 (extended support only): 37 vulnerabilities: 1 critical and 11 important

Windows DNS Server Remote Code Execution Vulnerability — CVE-2021-34494

Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527

Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497

Windows Server 2012 R2: 50 vulnerabilities: 4 critical and 46 important

Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448

Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497

Windows DNS Server Remote Code Execution Vulnerability — CVE-2021-34494

Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527

Windows Server 2016: 60 vulnerabilities: 6 critical and 54 important.

same as Windows Server 2021 R2 plus

Windows Kernel Remote Code Execution Vulnerability — CVE-2021-34458

Microsoft Windows Media Foundation Remote Code Execution Vulnerability — CVE-2021-34439

Windows Server 2019: 77 vulnerabilities: 2 critical and 22 important

Microsoft Windows Media Foundation Remote Code Execution Vulnerability — CVE-2021-34439

Windows MSHTML Platform Remote Code Execution Vulnerability — CVE-2021-34497

Windows DNS Server Remote Code Execution Vulnerability — CVE-2021-34494

Windows Kernel Remote Code Execution Vulnerability — CVE-2021-34458

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-34450

Scripting Engine Memory Corruption Vulnerability — CVE-2021-34448

Windows Media Remote Code Execution Vulnerability — CVE-2021-33740

Windows Print Spooler Remote Code Execution Vulnerability — CVE-2021-34527

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Monthly Rollup: KB5004289 

Security-Only: KB5004307 

Updates and improvements:

Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)

Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)

Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.

Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.

Security updates.

Windows 8.1 and Windows Server 2012 R2

Monthly Rollup: KB5004298 

Security-only: KB5004285 

Updates and improvements:

Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)

Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)

Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.

Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.

Security updates.

Windows 10 version 1909

Support Page: KB5004245 

Updates and improvements:

Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.

Security updates

Windows 10 version 2004, 20H2 and 21H1

Support Page: KB5004237

Updates and improvements:

Fixed a printing issue that made printing to affected printers difficult. Affected receipt and label printers mostlz.

Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.

Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.

Fixed a vulnerability that caused Primary Refresh Tokens to be encrypted weakly.

Security updates

Known Issues

Windows 7 SP1 and Server 2008 R2

Updates may fail to install if the system is not an ESU system.

Expected behaviour.

Operations may fail on Cluster Shared Volumes.

Run the operations with administrative privileges.

Run the operations from a node that does not have CSV ownership.

Windows 8.1 and Windows Server 2012 R2

Operations may fail on Cluster Shared Volumes.

Run the operations with administrative privileges.

Run the operations from a node that does not have CSV ownership.

Windows 10 versions 2004, 20H2 and 21H1

An issue with output characters when using the Microsoft Japanese Input Method Editor to enter Kanji characters.

Microsoft is still working on a solution.

Issue with Edge Legacy being removed but the new Edge not installed on devices that were installed using custom offline media or custom ISO images.

See the workaround on the support page.

Advisories & Security Updates

ADV 990001 — Latest Servicing Stack Updates

Other updates

2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004116)
2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004117)
2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5004118)
2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5004120)
2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004121)
2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5004122)
2021-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004229)
2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004230)
2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5004231)
2021-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5004232)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004 (KB5003537)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5003538)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5003539)
2021-07 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5003541)
2021-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5004115)
2021-07 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5004228)

With thanks to the Patchmanagement.org team!

WordPress Appliance - Powered by TurnKey Linux