Patch Tuesday Windows 10 Update KB5004237 Is Out for the May 2021 Update
Microsoft has today released KB5004237 for Windows 10 May 2021 Update, version 21H1, the October 2020 Update, version 20H2, and the May 2020 Update, version 2004. Since these three versions share a core operating system, they receive similar updates every month. Builds 19041.1110, 19042.1110, and 19043.1110 are now available for these three latest versions of Windows 10.
Some of the highlights of today's update include:
- Updates for verifying usernames and passwords.
- Updates to improve security when Windows performs basic operations.
- Updates an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port.
Today's update is a security update, which means it's addressing quite a few serious security vulnerabilities. "A scripting engine memory corruption attack (CVE-2021-34448) is the most serious vulnerability for me," Kevin Breen, Director of Cyber Threat Research at Immersive Labs said. "It is elegant in its simplicity, letting an attacker gain remote code execution just by getting the target to visit a domain. With malicious, yet professional-looking, domains carrying valid TLS certificates a regular feature nowadays, seamless compromise would be a trivial matter. Victims could even be attacked by sending .js or .hta files in targeted phishing emails."
Release notes for Windows 10 21H1 update KB5004237:
Addresses an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port.
- Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.
- Adds Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. For more information, see KB5004605.
- Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed. For more information about this issue, see CVE-2021-33779.
- Security updates to Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.
July's Patch Tuesday updates are live through the Windows Update and Microsoft Update, Windows Update for Business, Microsoft Update Catalog, and the Windows Server Update Services (WSUS). For more details about KB5004237, check out the official release notes.