Microsoft has released cumulative updates for all supported versions of Windows as part of the Patch Tuesday Update. This includes fully supported versions of Windows 10 – such as the last three versions, other SKUs that are supported for certain types of customers, along with Windows 8.1 and users who have opted for Windows 7 Extended Security Updates (ESUs).
While Windows 8.1 and 7 typically receive one update per month, the company released emergency updates for the PrintNightmare vulnerability earlier this month, which will also be bundled into these packages.
As always with Windows 8.1 and Windows 7 updates, there are two types of updates. They are monthly packages and security updates only. While monthly rollups are offered automatically through Windows Updates, only security updates can be obtained manually from the update catalog and installed on systems.
For Windows 8.1 and the corresponding Windows Server edition, the update is KB5004298, which can also be downloaded from the update catalog here. The improvements and fixes made in this update are as follows:
- Addresses an issue in which 16-bit applications fail with an error message that states a general fault in VBRUN300.DLL.
- Addresses an issue in which some EMFs built by using third-party applications that use ExtCreatePen and ExtCreateFontIndirect render incorrectly.
- Adds Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. For more information, see KB5004605.
- Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.
- Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Operating System Security, Windows Graphics, Microsoft Scripting Engine, Windows HTML Platforms, and Windows MSHTML Platform.
The security-only update for Windows 8.1 is served by KB5004285, which can be downloaded manually from here. The changelog is similar to that of the monthly rollup, bringing fixes for CVE-2021-33757 and removing the PerformTicketSignature setting. It also contains the single known issue found in the rollup.
The firm has listed one known issue that is common across both updates, which has been present for a long time. It is not clear when the renaming issue will be fixed. Here is the explanation of that issue provided by the company:
Windows 7 and Windows Server 2008 R2 SP1 users that have opted for ESUs will receive monthly rollup via KB5004289 that can be found for manual download here. The security-only update is KB5004307 which can be manually downloaded from here. The changelogs for both the monthly rollup and security-only update are identical to that of Windows 8.1, which is listed above.
The updates for Windows 7, however, have an additional known issue that might cause the update to fail. The rename bug in Cluster Shared Volume (CSV) folders affects this OS as well. Here is the changelog that details the additional issue:
motamyez 