Microsoft November 2021 Security Patching

Executive Summary

All Windows 10 and 11 systems have patches for critical vulnerabilities.

Windows versions with known issues: Windows 7, Windows 8.1, Windows 10 version 1607, 1809, and 1909, Windows 10 versions 2004, 20H2, 21H1, Windows Server 2022, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008.

Microsoft released updates for other products, including 3D Viewer, Azure, Azure RTOS and Sphere, Microsoft Dynamics, Microsoft Office, and Visual Studio and Visual Studio Code.

Windows 10, version 2004 will reach end of servicing on December 14, 2021

Operating System Distribution

Windows Clients

Windows 7 (extended support only): 11 vulnerabilities: 1 critical and 10 important

Remote Desktop Client Remote Code Execution Vulnerability — CVE-2021-38666

Windows 8.1: 13 vulnerabilities: 1 critical and 12 important

Same as Windows 7.

Windows 10 version 1909: 22 vulnerabilities: 3 critical and 19 important

Chakra Scripting Engine Memory Corruption Vulnerability — CVE-2021-42279

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability — CVE-2021-26443

Remote Desktop Client Remote Code Execution Vulnerability — CVE-2021-38666

Windows 10 version 2004, 20H2 and 21H1 : 24 vulnerabilities, 3 critical and 21 important

same as Windows 10 version 1909

Windows 11: 21 vulnerabilities, 3 critical and 18 important

same as Windows 10 version 1909

Windows Servers

Windows Server 2008 R2 (extended support only): 15 vulnerabilities: 1 critical and 14 important

Remote Desktop Client Remote Code Execution Vulnerability — CVE-2021-38666

Windows Server 2012 R2: 17 vulnerabilities: 1 critical and 16 important

same as Windows Server 2008 R2.

Windows Server 2016: 24 vulnerabilities: 2 critical and 22 important

Chakra Scripting Engine Memory Corruption Vulnerability — CVE-2021-42279

Remote Desktop Client Remote Code Execution Vulnerability — CVE-2021-38666

Windows Server 2019: 27 vulnerabilities: 2 critical and 25 important

same as Windows Server 2016

Windows Server 2022: 26 vulnerabilities: 3 critical and 23 important

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability — CVE-2021-26443

Remote Desktop Client Remote Code Execution Vulnerability — CVE-2021-38666

Chakra Scripting Engine Memory Corruption Vulnerability — CVE-2021-42279

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Monthly Rollup: KB5007236

Security-Only: KB5007233

Updates and improvements:

Fixes an issue that could prevent devices from downloading and installing printer drivers “when the devices attempt to connect to a network printer for the first time”.

Fixes a printing issue that prevents an “Internet print server from properly packaging modified printer properties before sending the package to the client”.

Addresses an issue of a 0 (zero) width Pen to render one pixel regardless of transformation. (monthly rollup only)

Security updates

Windows 8.1 and Windows Server 2012 R2

Monthly Rollup: KB5007247

Security-only: KB5007255

Updates and improvements:

Same as Windows 7 above.

Windows 10 version 1909

Support Page: KB5007189

Updates and improvements:

Fixes an issue that might prevent the installation of printers using IPP (Internet Printing Protocol).

Addresses an issue of a 0 (zero) width Pen to render one pixel regardless of transformation.

Adds a feature to facilitate certain cross-browser data transfers.

Addresses an issue in JScript9.dll with PropertyGet.

Fixes an issue with Assigned Access Kiosks and Microsoft Edge, which caused Edge to fail to restart.

Improved Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks.

Fixed a File Explorer stops responding issue.

Security updates.

Windows 10 version 2004, 20H2 and 21H1

Support Page: KB5007186

Updates and improvements:

Addresses an issue of a 0 (zero) width Pen to render one pixel regardless of transformation.

Security updates.

Windows 11

Support Page: KB5007215

Updates and improvements:

Fixes the application startup issue.

Addresses an issue “in which certain apps might have Unexpected Results when rendering some user interface elements or when drawing within the app”.

Security updates.

Other security updates

2021-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5007245)

2021-11 Security Only Quality Update for Windows Server 2008 (KB5007246)

2021-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5007260)

2021-11 Security Monthly Quality Rollup for Windows Server 2008 (KB5007263)

2021-11 Dynamic Cumulative Update for Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5007186)

2021-11 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5007192)

2021-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5007205)

2021-11 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5007206)

2021-11 Cumulative Update for Windows 10 (KB5007207)

Known Issues

Windows 7 SP1 and Windows Server 2008 R2

Updates may be rolled back if the machine that is not supported for ESU.

Operations may fail on Cluster Shared Volumes.

Workaround 1: perform the operations from a process with administrative privileges.

Workaround 2: perform the operation from a node that does not have CSV ownership.

Print clients may throw errors when connecting to a remote printer shared on a Windows print server. Errors that Microsoft lists are: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x00000709 (ERROR_INVALID_PRINTER_NAME)

Microsoft is investigating the issue.

Windows 8.1 and Windows Server 2012 R2

Operations may fail on Cluster Shared Volumes.

Workaround 1: perform the operations from a process with administrative privileges.

Workaround 2: perform the operation from a node that does not have CSV ownership.

Microsoft is investigating the issue.

Windows 10 version 1909

Microsoft is investigating the issue.

Windows 10 versions 2004, 20H2 and 21H1

Microsoft Edge Chromium may not replace Microsoft Edge Legacy if custom offline media or custom ISO images were used to install or upgrade Windows.

Workarounds available on the support page.

Some devices can’t update after installing the June 21, 2021 update. The error “PSFX_E_MATCHING_BINARY_MISSING” is thrown in this case.

Check out Microsoft’s support page for the issue here.

Connections may fail to authenticate when using smart card authentication when connecting to devices in an untrusted domain using Remote Desktop. The error our credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials.” and “The login attempt failed” in red may be displayed.

Microsoft has executed a Known Issue Rollback, which should take care of the issue.

Microsoft is investigating the issue.

Security advisories and updates

ADV 990001 — Latest Servicing Stack Updates

Other updates (Non Security)

2021-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5007149)

2021-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5007150)

2021-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5007299)

2021-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5007300)

2021-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5007301)

2021-11 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5007302)

2021-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5007153)

2021-11 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5007154)

2021-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5007156)

2021-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5007157)

2021-11 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5007167)

2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for (KB5006363)

2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5006364)

2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5006365)

2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5006366)

2021-11 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5006368)

2021-11 Update for Windows 10 Version 1909 (KB5007114)

2021-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5007152)

2021-11 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5007298)

Additional resources

November 2021 Security Updates release notes

List of software updates for Microsoft products

List of the latest Windows Updates and Services Packs

Security Updates Guide

Microsoft Update Catalog site

Our in-depth Windows update guide