Microsoft releases these security updates for Windows 10

Microsoft today released a set of patches for supported Windows 10 versions. Patches resolve a vulnerability in the printing subsystem, and also include a number of other security fixes and general improvements.

The updates share the following change log:

• Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.

• Security updates to the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Virtualization, the Windows Kernel, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.

The above is applicable to the following patches and versions.

• Windows 10, version 20H2 and 2004, KB5000802 (OS Builds 19041.867 and 19042.867)
• Windows 10, version 1909, KB5000808 (OS Build 18363.1440)
• Windows 10, version 1809, KB5000822 (OS Build 17763.1817)
• Windows 10, version 1803, KB5000809 (OS Build 17134.2087)
• Windows 10, version 1703. KB5000812 (OS Build 15063.2679)
• Windows 10, initial version, KB5000807 (OS Build 10240.18874)

Finally, Windows 10, version 1607 has got extra fixes with KB5000803 (OS Build 14393.4283), and comes with the following change log.

• Turns off token binding by default in Windows Internet (WinINet).

• Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.
• Addresses an issue with extra dereferencing that causes a server to stop working.
• Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
• Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.
• Addresses a reliability issue in Remote Desktop.
• Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
• Adds a new dfslogkey as described below:
  • Keypath: HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/dfslog.
  • The RootShareAcquireSuccessEvent field has the following possible values:
    • Default value = 1; enables the log.
    • Value other than 1; disables the log.

If this key does not exist, it will be created automatically. To take effect, any change to
dfslog/RootShareAcquireSuccessEvent in the registry requires that you restart the DFSN service.

• Addresses an issue that causes an increase in network traffic during update detection for Windows Updates. This issue occurs on devices that are configured to use an authenticated user proxy as the fallback method if update detection with a system proxy fails or there is no proxy.
• Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, Windows Hybrid Cloud Networking, Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.

Check out the Windows Update History website to see prerequisites for the packages, and read about known issues (if any).

How to install the updates

To download these updates, open Settings - > Update & recovery and click on the Check for Updates button on the right.