We"re already three months deep into 2021, and as we reach the second Tuesday of March, that means it"s time once again for Microsoft to update every supported version of Windows. Naturally, the most recent versions of Windows 10 are getting updates, but Windows 8.1 is also still supported. And, for businesses paying for extended security updates, so is Windows 7.
There are updates heading out to both of these Windows releases, and as usual, there are two types of updates for both Windows 8.1 and Windows 7, as well as their server counterparts - a monthly rollup that"s usually installed automatically and a security-only update that you have to install manually.
Starting with Windows 8.1, the monthly rollup update is labeled KB5000848 and you can download it manually here. It includes the following changes:
Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain CVE-2020-17049 protections released between November 10 and December 8, 2020 and configured PerfromTicketSignature to 1 or larger. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the USER_NO_AUTH_DATA_REQUIRED flag being set for the user in User Account Controls.
Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.
Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.
There"s a single known issue, which is the same we"ve been seeing for months now:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
And as for the security-only update, that"s KB5000853, and you can download it manually here. It includes the first and last bullet points from the monthly rollup update, and it has the same known issue.
Moving on to Windows 7, again, you"ll need to be paying for extended security updates to get any updates at this point. If you are, the monthly rollup you"ll get is KB5000841 and you can download it manually here. Here"s what"s included:
- Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.
- Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain CVE-2020-17049 protections released between November 10 and December 8, 2020 and configured PerfromTicketSignature to 1 or larger. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the USER_NO_AUTH_DATA_REQUIRED flag being set for the user in User Account Controls.
- Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, and Windows Media.
The single known issue is the same as the one for the Windows 8.1 updates.
Finally, the security-only update for Windows 7 is KB5000851 and it can be downloaded manually here. It only includes the last two points of the updates mentioned above and has the same known issue as the other updates.