{"id":19254,"date":"2021-03-12T00:09:00","date_gmt":"2021-03-11T23:09:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=19254"},"modified":"2022-03-24T00:40:55","modified_gmt":"2022-03-23T23:40:55","slug":"patchday-windows-8-1-server-2012-updates-9-mrz-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/03\/12\/patchday-windows-8-1-server-2012-updates-9-mrz-2021\/","title":{"rendered":"Patchday: Windows 8.1\/Server 2012 updates (March 9, 2021)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" title=\"Update\" style=\"border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; float: left; margin: 0px 10px 0px 0px; display: inline; border-top-width: 0px\" border=\"0\" alt=\"Windows Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/02\/Update.jpg\" width=\"54\" align=\"left\" height=\"54\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=250941\" target=\"_blank\" rel=\"noopener\">German<\/a>]As of March 9, 2021, Microsoft has released various updates for Windows 8.1. However, these updates are also available for Windows Server 2012 R2. Here is some information about them.<\/p>\n<p><!--more--><\/p>\n<h2>Updates for Windows 8.1 and Windows Server 2012 R2<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/ad63b43a80d24f6b8d8bfaa7ed1506b2\" width=\"1\" height=\"1\">For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4009470\/windows-8-1-windows-server-2012-r2-update-history\" target=\"_blank\" rel=\"noopener\">this Microsoft page<\/a>.&nbsp;&nbsp; <\/p>\n<blockquote>\n<p><strong>Important:<\/strong> Starting in July 2020, all Windows updates disable the <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/virtualization\/hyper-v\/deploy\/deploy-graphics-devices-using-remotefx-vgpu\" target=\"_blank\" rel=\"noopener\">RemoteFX vGPU feature<\/a> due to vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2020-1036\" target=\"_blank\" rel=\"noopener\">CVE-2020-1036<\/a> (see also <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4570006\" target=\"_blank\" rel=\"noopener\">KB4570006<\/a>). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail. <\/p>\n<p>In addition, Adobe's Flash Player support expired on December 31, 2020, and Flash will no longer be supported as of January 12, 2021.<\/p>\n<\/blockquote>\n<h3>KB5000848 (Monthly Rollup) for Windows 8.1\/Server 2012 R2<\/h3>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/help\/5000848\" target=\"_blank\" rel=\"noopener\">KB5000848<\/a> (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.  <\/p>\n<ul>\n<li>Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2020-17049\" target=\"_blank\" rel=\"noopener\">CVE-2020-17049<\/a> protections released between November 10 and December 8, 2020 and configured <b>PerfromTicketSignature<\/b> to <b>1<\/b> or larger. Ticket acquisition fails with <b>KRB_GENERIC_ERROR<\/b> if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the <b>USER_NO_AUTH_DATA_REQUIRED<\/b> flag being set for the user in User Account Controls.\n<li>Addresses an elevation of privilege security vulnerability documented in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-1640\" target=\"_blank\" rel=\"noopener\">CVE-2021-1640<\/a> related to print jobs submitted to \"FILE:\" ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n<li>Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.<\/li>\n<\/ul>\n<p>This update is automatically downloaded and installed by Windows Update, but is also available from the <a href=\"https:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB5000848\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a> and via WSUS. If installing manually, the latest Servicing Stack Update (SSU <a href=\"https:\/\/support.microsoft.com\/help\/4566425\/\" target=\"_blank\" rel=\"noopener\">KB4566425<\/a> dated July 14, 2020) must be installed beforehand &#8211; although this SSU cannot be uninstalled.  <\/p>\n<p>Microsoft is aware of the following issue related to the update: Certain operations, such as renaming, that you perform for files or folders on a Cluster Shared Volume (CSV) may fail with the error \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that does not have administrator privileges. The KB article suggests a workaround to fix this.  <\/p>\n<h3>KB5000853 (Security-only update) for Windows 8.1\/Server 2012 R2<\/h3>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/help\/5000853\" target=\"_blank\" rel=\"noopener\">KB5000853<\/a> (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.  <\/p>\n<ul>\n<li>Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2020-17049\" target=\"_blank\" rel=\"noopener\">CVE-2020-17049<\/a> protections released between November 10 and December 8, 2020 and configured <b>PerfromTicketSignature<\/b> to <b>1<\/b> or larger. Ticket acquisition fails with <b>KRB_GENERIC_ERROR<\/b> if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the <b>USER_NO_AUTH_DATA_REQUIRED<\/b> flag being set for the user in User Account Controls.\n<li>Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.<\/li>\n<\/ul>\n<p>The update contains the same fixes as the rollup update and it is distributed via WSUS or available from the <a href=\"https:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB5000853\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a>. If installing manually, the latest Servicing Stack Update (SSU) <a href=\"https:\/\/support.microsoft.com\/help\/4566425\" target=\"_blank\" rel=\"noopener\">KB4566425<\/a> should be installed beforehand. Furthermore, the cumulative security update <a href=\"https:\/\/support.microsoft.com\/help\/5000800\">KB5000800<\/a> for Internet Explorer 11 should be installed. This is because a vulnerability is probably being actively exploited there.  <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2021\/03\/03\/microsoft-office-patchday-march-2-2021\/\">Microsoft Office Patchday (March 2, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/10\/microsoft-security-update-summary-march-9-2021\/\">Microsoft Security Update Summary (March 9, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/10\/patchday-windows-10-updates-9-mrz-2021\/\">Patchday: Windows 10-Updates (March 9, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/11\/patchday-updates-fr-windows-7-server-2008-r2-9-mrz-2021\/\">Patchday: Updates for Windows 7\/Server 2008 R2 (March 9, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/?p=19254\">Patchday: Windows 8.1\/Server 2012 updates (March 9, 2021)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]As of March 9, 2021, Microsoft has released various updates for Windows 8.1. However, these updates are also available for Windows Server 2012 R2. Here is some information about them.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[2626,69,195,23,492],"class_list":["post-19254","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-patchday-3-2021","tag-security","tag-update","tag-windows-8-1","tag-windows-server-2012"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=19254"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19254\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=19254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=19254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=19254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}