Patchday: Windows 10-Updates (January 12, 2021)

[German]On January 12, 2021 (second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about each update.


Advertising

A list of the updates can be found on this Microsoft website. I have pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if this is not current, search for Servicing Stack Updates in the Microsoft Update Catalog).

Adobe Flash Player will no longer be supported after December 31, 2020. Flash content will be blocked from running in Flash Player starting January 12, 2021.

Updates for Windows 10 Version 2004/20H2

For Windows 10 version 2004 released in May 2020 and Windows 10 version 20H2 offered via update search in October 2020, Microsoft will provide the same update packages mentioned below.

Update KB4598242 for Windows 10 Version 2004/20H2

Cumulative Update KB4598242 raises the OS build to 19041.746 for Windows 10 version 2004 and to 19042.746 for Windows 10 version 20H2. The update is available for Windows 10 version 2004, Windows 10 version 20H2, and Windows Server version 2004 and Windows Server version 20H2. It includes quality improvements but no new operating system features. Here is the list of improvements, called highlights by Microsoft:

  • Updates to improve security when using external devices, such as game controllers, printers, and web cameras.
  • Updates to improve security when Windows performs basic operations.

The following fixes and improvements has been added.

  • Addresses a security vulnerability issue with HTTPS-based intranet servers. After installing this update, HTTPS-based intranet servers cannot, by default, use a user proxy to detect updates. Scans using these servers will fail if you have not configured a system proxy on the clients. If you must use a user proxy, you must configure the behavior using the policy "Allow user proxy to be used as a fallback if detection using system proxy fails." To ensure the highest levels of security, also use Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. This change does not affect customers who are using HTTP WSUS servers. For more information, see Changes to scans, improved security for Windows devices.
  • Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see KB4599464.
  • Security updates to Windows App Platform and Frameworks, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

This update is automatically downloaded and installed by Windows Update. This update is also available from the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) KB459848 for your operating system before installing the latest Cumulative Update (LCU). For the update, Microsoft states that users of the Microsoft Input Method Editor (IME) for Chinese and Japanese may receive an error, or the application may become unresponsive or close when trying to drag with the mouse. The certificate issue (see KB459824) is also still present.


Advertising

In addition, Microsoft has released an update directly for the Windows Update client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant, and updates have not been blocked via GPO.

Updates for Windows 10 Version 1909

Windows 10 version 1903 is out of support on December 8, 2020. For Windows 10 version 1909 released in 2019, the following updates are available.

Update KB4598229 for Windows 10 Version 1909

Cumulative Update KB4598229 raises Windows 10 V1909 OS build to 18363.1316. The update is available for Windows 10 version 1909 and Windows Server version 1909. It includes quality improvements but no new operating system features. Here is the list of improvements, called highlights by Microsoft:

  • Updates to improve security when using external devices, such as game controllers, printers, and web cameras.
  • Updates to improve security when using Microsoft Office products.
  • Updates to improve security when Windows performs basic operations.

The following fixes and improvements has been added.

  • Addresses a security vulnerability issue with HTTPS-based intranet servers. After installing this update, HTTPS-based intranet servers cannot, by default, use a user proxy to detect updates. Scans using these servers will fail if you have not configured a system proxy on the clients. If you must use a user proxy, you must configure the behavior using the policy "Allow user proxy to be used as a fallback if detection using system proxy fails." To ensure the highest levels of security, also use Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. This change does not affect customers who are using HTTP WSUS servers. For more information, see Changes to scans, improved security for Windows devices.
  • Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see KB4599464.
  • Addresses an issue that might damage the file system of some devices and prevent them from starting up after running chkdsk /f.
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

This update is automatically downloaded and installed by Windows Update. This update is also available from the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). For the update, Microsoft cites the certificate issue mentioned above, which is documented in KB4598229.

In addition, Microsoft has released an update directly to the Windows Update client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked via GPO.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (version 1809) and Windows Server 2019.

Update KB4598230 for Windows 10 Version 1809

Cumulative Update KB4598230 the OS build (according to MS) to 17763.1697 and includes quality improvements but no new OS features. Here is the list of improvements, called highlights by Microsoft:

  • Updates to improve security when using external devices, such as game controllers, printers, and web cameras.
  • Updates to improve security when using Microsoft Office products.
  • Updates to improve security when Windows performs basic operations.

The following fixes and improvements has been added.

  • Addresses a timing issue on print servers that might send print jobs to the wrong print queue.
  • Addresses a security vulnerability issue with HTTPS-based intranet servers. After installing this update, HTTPS-based intranet servers cannot, by default, use a user proxy to detect updates. Scans using these servers will fail if you have not configured a system proxy on the clients. If you must use a user proxy, you must configure the behavior using the policy "Allow user proxy to be used as a fallback if detection using system proxy fails." To ensure the highest levels of security, also use Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. This change does not affect customers who are using HTTP WSUS servers. For more information, see Changes to scans, improved security for Windows devices.
  • Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see KB4599464.
  • Addresses an issue that might damage the file system of some devices and prevent them from starting up after running chkdsk /f.
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

This update is automatically downloaded and installed by Windows Update, but is also available from Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists the known issue that the update causes. Error 0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND may occur during the update installation. Details can be found in the KB article.

In addition, Microsoft has released an update directly for the Windows Update client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked via GPO.

Updates for Windows 10 Version 1507 till 1803

For Windows 10 RTM up to version 1803, various updates are available for the LTSC versions and possibly the Enterprise versions. The Home and Pro variants, on the other hand, have fallen out of support. These updates are automatically downloaded and installed by Windows Update, but are available for download from the Microsoft Update Catalog (search for the KB number). Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details can be found in the respective KB article.

  • Windows 10 Version 1803: Update KB4598245 is only available for Enterprise and Education. The update upgrades the OS build to 17134.1967.
  • Windows 10 Version 1703: Update KB4599208 is now only available for Surface Hub. The update raises the OS build to 15063.2614.
  • Windows 10 Version 1607: Update KB4598243 is only available for Enterprise LTSC. The update raises the OS build to 14393.4169.
  • Windows 10 Version 1507: Update KB4598231 is available for the RTM version (LTSC). The update raises the OS build to 10240.18818.

There was no update for the remaining Windows 10 versions, as these versions have fallen out of support. Details on the above updates can be found in the respective Microsoft KB articles if in doubt.

Similar articles
Microsoft Office Patchday (January 5, 2021)
Microsoft Security Update Summary (January 12, 2021)
Patchday: Windows 10-Updates (January 12, 2021)
Patchday: Updates für Windows 7/Server 2008 R2 (January 12, 2021)
Patchday: Windows 8.1/Server 2012-Updates (January 12, 2021)
Patchday Microsoft Office Updates (January 12, 2021)


Advertising

This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

One Response to Patchday: Windows 10-Updates (January 12, 2021)

  1. EP says:

    new preview updates for v1809 and v1909 released TH 1/21:

    KB4598298 for v1909
    https://support.microsoft.com/help/4598298

    KB4598296 for v1809 / LTSC 2019
    https://support.microsoft.com/help/4598296

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).