Patchday: Windows 8.1/Server 2012-Updates (January 12, 2021)

Windows Update[German]As of January 12, 2021, Microsoft has released various updates for Windows 8.1. However, these updates are also available for Windows Server 2012 R2. Here is some information about them.


Advertising

Updates for Windows 8.1 and Windows Server 2012 R2

A rollup and security-only update have been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page

Important: As of July 2020, all Windows updates disable the RemoteFX vGPU feature due to vulnerability CVE-2020-1036 (see also KB4570006). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail.  

In addition, Adobe’s Flash Player support expired on December 31, 2020, and Flash will no longer be supported as of January 12, 2021.

KB4598285 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4598285 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.

  • Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see KB4599464.
  • Addresses a security vulnerability issue with HTTPS-based intranet servers. After you install this update, HTTPS-based intranet servers cannot leverage a user proxy to detect updates by default. Scans that use these servers will fail if the clients do not have a configured system proxy.
    If you must leverage a user proxy, you must configure the behavior by using the Windows Update policy Allow user proxy to be used as a fallback if detection using system proxy fails. To make sure that the highest levels of security, additionally leverage Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. For more information, see Changes to scans, improved security for Windows devices.
    Note This change does not affect customers who use HTTP WSUS servers.
  • Addresses an issue in which a principal in a trusted Managed Identity for Application (MIT) realm does not obtain a Kerberos Service ticket from Active Directory domain controllers (DCs). This issue occurs after Windows Updates that contains CVE-2020-17049 protections released between November 10 and December 8, 2020 are installed and PerfromTicketSignature is configured to 1 or higher. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
  • Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, and Windows Virtualization.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog sowie and via WSUS. If installing manually, the latest Servicing Stack Update (SSU KB4566425 dated July 14, 2020) must be installed beforehand – although this SSU cannot be uninstalled.

Microsoft is aware of the following issue related to the update: Certain operations, such as renaming, that you perform for files or folders on a Cluster Shared Volume (CSV) may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that does not have administrator privileges. The KB article suggests a workaround to fix this.

KB4598275 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4598275 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.


Advertising

Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, and Windows Virtualization.

The update is available via WSUS or in the Microsoft Update Catalog. In case of a manual installation, the latest Servicing Stack Update (SSU) KB4566425 has to be installed first. The same bugs are known as with the rollup update, details about the update are described in the KB article. I did not find a security update for Internet Explorer 11. 

Similar articles:
Microsoft Office Patchday (January 5, 2021)
Microsoft Security Update Summary (January 12, 2021)
Patchday: Windows 10-Updates (January 12, 2021)
Patchday: Updates für Windows 7/Server 2008 R2 (January 12, 2021)
Patchday: Windows 8.1/Server 2012-Updates (January 12, 2021)
Patchday Microsoft Office Updates (January 12, 2021)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *