Patchday: Windows 8.1/Server 2012 updates (March 9, 2021)

Windows Update[German]As of March 9, 2021, Microsoft has released various updates for Windows 8.1. However, these updates are also available for Windows Server 2012 R2. Here is some information about them.


Advertising

Updates for Windows 8.1 and Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.  

Important: Starting in July 2020, all Windows updates disable the RemoteFX vGPU feature due to vulnerability CVE-2020-1036 (see also KB4570006). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail.

In addition, Adobe’s Flash Player support expired on December 31, 2020, and Flash will no longer be supported as of January 12, 2021.

KB5000848 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB5000848 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.

  • Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain CVE-2020-17049 protections released between November 10 and December 8, 2020 and configured PerfromTicketSignature to 1 or larger. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the USER_NO_AUTH_DATA_REQUIRED flag being set for the user in User Account Controls.
  • Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.
  • Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS. If installing manually, the latest Servicing Stack Update (SSU KB4566425 dated July 14, 2020) must be installed beforehand – although this SSU cannot be uninstalled.

Microsoft is aware of the following issue related to the update: Certain operations, such as renaming, that you perform for files or folders on a Cluster Shared Volume (CSV) may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that does not have administrator privileges. The KB article suggests a workaround to fix this.

KB5000853 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB5000853 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.


Advertising

  • Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain CVE-2020-17049 protections released between November 10 and December 8, 2020 and configured PerfromTicketSignature to 1 or larger. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the USER_NO_AUTH_DATA_REQUIRED flag being set for the user in User Account Controls.
  • Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.

The update contains the same fixes as the rollup update and it is distributed via WSUS or available from the Microsoft Update Catalog. If installing manually, the latest Servicing Stack Update (SSU) KB4566425 should be installed beforehand. Furthermore, the cumulative security update KB5000800 for Internet Explorer 11 should be installed. This is because a vulnerability is probably being actively exploited there.

Similar articles:
Microsoft Office Patchday (March 2, 2021)
Microsoft Security Update Summary (March 9, 2021)
Patchday: Windows 10-Updates (March 9, 2021)
Patchday: Updates for Windows 7/Server 2008 R2 (March 9, 2021)
Patchday: Windows 8.1/Server 2012 updates (March 9, 2021)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update, Windows and tagged , , , , . Bookmark the permalink.

4 Responses to Patchday: Windows 8.1/Server 2012 updates (March 9, 2021)

  1. Chris Pugson says:

    Mention of the Microsoft Update Catalog prompts me to say that the search function has deteriorated considerably over the past year or so. I attempted to search for ‘2021-03 Windows 8.1’ to identify Windows 8.1 updates for March 2021 and only see the result that nothing can be found. However, a similar search request for ‘2021-03 Windows 10’ works as expected.

    This seems to be symptomatic of the decline of Microsoft under Nadella’s direction.

    In the swamp that is now Microsoft, it seems impossible to draw MS’s attention to this shortcoming. Ah well, c’est la vie I suppose.

  2. Hitchhiker says:

    The Security-Only update KB5000853 which I’ve already installed is 38MB. No complaints there, but the rollup KB5000848 is a whopping 583MB! So what on earth does it contain that makes it so big?

    No info on the M$ site about that except a 1MB .csv file which just provide a list of files (big deal). So is this a last ditch attempt by Microsoft to load our 8.1 systems up with all that telemetry crap?

  3. Suresh Babu says:

    We have installed KB5000853 and KB5000848 in Windows Server 2012 R2, but %windir%\system32\ntoskrnl.exe Version is 6.3.9600.19939 still pointing to old version. Any suggestions ? Pls

Leave a Reply

Your email address will not be published. Required fields are marked *