Microsoft Windows Security Updates July 2021 overview

It is the second Tuesday of the month and that means it is Microsoft Patch Day. Microsoft released security and non-security updates for all supported client and server versions of its Windows operating system as well as for other company products such as Microsoft Office.

Our overview starts with an executive summary; the operating system distribution and list of critical security updates follow. Below that are the main cumulative updates for all client and server versions of Windows and the list of other security updates.

The list of known issues includes only those confirmed by Microsoft. You will also find links to security advisories and other, non-security updates, as well as download information and additional resource links on this page.

Here is the link to the June 2021 Patch Day overview in case you missed it.

The Microsoft Windows Security Updates: June 2021

Here is an Excel spreadsheet with the released security updates for client and server versions of Windows: Security Updates 2021-07-13-071231pm

Executive Summary

• Microsoft released security updates for all supported versions of its Windows operating system.
• Security updates are also available for Microsoft Office, Power BI and Visual Studio Code.
• The following products have known issues: Windows 7 SP1, Windows 8.1, Windows 10 version 1809, 2004, 20H2, 21H1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2019, ,and Windows Server 2004 and 20H2, Microsoft Exchange Server 2013, 2016 and 2019

Operating System Distribution

• Windows 7 (extended support only): 30 vulnerabilities: 3 critical and 27 important
  • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
  • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
  • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448
• Windows 8.1: 39 vulnerabilities: 3 critical and 36 important
  • same as Windows 7
• Windows 10 version 1903 and 1909: 67 vulnerabilities: 5 critical and 62 important
  • same as Windows 7, plus
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-34450
  • Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- CVE-2021-34503
• Windows 10 version 2004, 20H2 and 21H1 : 68 vulnerabilities, 4 critical and 64 important
  • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
  • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-34450
  • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448

Windows Server products

• Windows Server 2008 R2 (extended support only): 37 vulnerabilities: 1 critical and 11 important
  • Windows DNS Server Remote Code Execution Vulnerability -- CVE-2021-34494
  • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
  • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
• Windows Server 2012 R2: 50 vulnerabilities: 4 critical and 46 important
  • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448
  • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
  • Windows DNS Server Remote Code Execution Vulnerability -- CVE-2021-34494
  • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
• Windows Server 2016: 60 vulnerabilities: 6 critical and 54 important.
  • same as Windows Server 2021 R2 plus
  • Windows Kernel Remote Code Execution Vulnerability -- CVE-2021-34458
  • Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- CVE-2021-34439
• Windows Server 2019: 77 vulnerabilities: 2 critical and 22 important
  • Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- CVE-2021-34439
  • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
  • Windows DNS Server Remote Code Execution Vulnerability -- CVE-2021-34494
  • Windows Kernel Remote Code Execution Vulnerability -- CVE-2021-34458
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-34450
  • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448
  • Windows Media Remote Code Execution Vulnerability -- CVE-2021-33740
  • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

• Monthly Rollup: KB5004289 
• Security-Only: KB5004307 

Updates and improvements:

• Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)
• Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)
• Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
• Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
• Security updates.

Windows 8.1 and Windows Server 2012 R2

• Monthly Rollup:  KB5004298 
• Security-only: KB5004285 

Updates and improvements:

• Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)
• Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)
• Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
• Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
• Security updates.

Windows 10 version 1909

• Support Page: KB5004245 

Updates and improvements:

• Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
• Security updates

Windows 10 version 2004, 20H2 and 21H1

• Support Page: KB5004237

Updates and improvements:

• Fixed a printing issue that made printing to affected printers difficult. Affected receipt and label printers mostlz.
• Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
• Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
• Fixed a vulnerability that caused Primary Refresh Tokens to be encrypted weakly.
• Security updates

Other security updates

Known Issues

Windows 7 SP1 and Server 2008 R2

• Updates may fail to install if the system is not an ESU system.
  • Expected behavior.
• Operations may fail on Cluster Shared Volumes.
  • Run the operations with administrative privileges.
  • Run the operations from a node that does not have CSV ownership.

Windows 8.1 and Windows Server 2012 R2

• Operations may fail on Cluster Shared Volumes.
  • Run the operations with administrative privileges.
  • Run the operations from a node that does not have CSV ownership.

Windows 10 versions 2004, 20H2 and 21H1

• An issue with output characters when using the Microsoft Japanese Input Method Editor to enter Kanji characters.
  • Microsoft is still working on a solution.
• Issue with Edge Legacy being removed but the new Edge not installed on devices that were installed using custom offline media or custom ISO images.
  • See the workaround on the support page.

Security advisories and updates

ADV 990001 -- Latest Servicing Stack Updates

Other updates

Microsoft Office Updates

You find Office update information here.

How to download and install the June 2021 security updates

Security updates are downloaded and installed automatically on client versions of Windows by default. Updates can also be downloaded directly from the Microsoft Update Catalog website, and you may also check for updates manually to install them as quickly as possible.

System administrators who manage update management systems such as WSUS may also install the updates using these systems.

To check for updates manually, do the following:

1. Select Start, type Windows Update and load the Windows Update item that is displayed.
2. Select check for updates to run a manual check for updates.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

• KB5004289  -- 2021-07 Security Monthly Quality Rollup for Windows 7
• KB5004307 -- 2021-07 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB5004298 -- 2021-07 Security Monthly Quality Rollup for Windows 8.1
• KB5004285  -- 2021-07 Security Only Quality Update for Windows 8.1

Windows 10 (version 1909)

• KB5004245 -- 2021-07 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

• KB5004237 -- 2021-07 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

• KB5004237 -- 2021-07 Cumulative Update for Windows 10 Version  20H2

Windows 10 (version 21H1)

• KB5004237 -- 2021-07 Cumulative Update for Windows 10 Version  21H1

Additional resources

• July 2021 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates July 2021 overview appeared first on gHacks Technology News.