Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users. Yes, good people of the Windows world, it’s time once again to use XEOX!
Get back full control on windows update by using XEOX Job Editor.
The January 2021 Patch Tuesday Security Updates
Security Updates are available for the following software:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Visual Studio
- SQL Server
- Microsoft Malware Protection Engine
- .NET Core
- .NET Repository
- ASP .NET
- Azure
Information about the updates:
- CVE-2020-0689 has been re-released. For further information see Security update for Secure Boot DBX: January 12, 2021.
- For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
| Tag | CVE ID | CVE Title |
| .NET Repository | CVE-2021-1725 | Bot Framework SDK Information Disclosure Vulnerability |
| ASP.NET core & .NET core | CVE-2021-1723 | ASP.NET Core and Visual Studio Denial of Service Vulnerability |
| Azure Active Directory Pod Identity | CVE-2021-1677 | Azure Active Directory Pod Identity Spoofing Vulnerability |
| Microsoft Bluetooth Driver | CVE-2021-1683 | Windows Bluetooth Security Feature Bypass Vulnerability |
| Microsoft Bluetooth Driver | CVE-2021-1638 | Windows Bluetooth Security Feature Bypass Vulnerability |
| Microsoft Bluetooth Driver | CVE-2021-1684 | Windows Bluetooth Security Feature Bypass Vulnerability |
| Microsoft DTV-DVD Video Decoder | CVE-2021-1668 | Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability |
| Microsoft Edge (HTML-based) | CVE-2021-1705 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability |
| Microsoft Graphics Component | CVE-2021-1709 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-1696 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2021-1665 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-1708 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Malware Protection Engine | CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-1713 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-1714 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-1711 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-1715 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-1716 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1712 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1707 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1718 | Microsoft SharePoint Server Tampering Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1717 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1719 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2021-1641 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft RPC | CVE-2021-1702 | Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2021-1649 | Active Template Library Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2021-1676 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2021-1689 | Windows Multipoint Management Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2021-1657 | Windows Fax Compose Form Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2021-1646 | Windows WLAN Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2021-1650 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2021-1706 | Windows LUAFV Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2021-1699 | Windows (modem.sys) Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-1644 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-1643 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows DNS | CVE-2021-1637 | Windows DNS Query Information Disclosure Vulnerability |
| SQL Server | CVE-2021-1636 | Microsoft SQL Elevation of Privilege Vulnerability |
| Visual Studio | CVE-2020-26870 | Visual Studio Remote Code Execution Vulnerability |
| Windows AppX Deployment Extensions | CVE-2021-1642 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| Windows AppX Deployment Extensions | CVE-2021-1685 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| Windows CryptoAPI | CVE-2021-1679 | Windows CryptoAPI Denial of Service Vulnerability |
| Windows CSC Service | CVE-2021-1652 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows CSC Service | CVE-2021-1654 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows CSC Service | CVE-2021-1659 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows CSC Service | CVE-2021-1653 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows CSC Service | CVE-2021-1655 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows CSC Service | CVE-2021-1693 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows CSC Service | CVE-2021-1688 | Windows CSC Service Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2021-1680 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2021-1651 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows DP API | CVE-2021-1645 | Windows Docker Information Disclosure Vulnerability |
| Windows Event Logging Service | CVE-2021-1703 | Windows Event Logging Service Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-1662 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Hyper-V | CVE-2021-1691 | Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2021-1704 | Windows Hyper-V Elevation of Privilege Vulnerability |
| Windows Hyper-V | CVE-2021-1692 | Hyper-V Denial of Service Vulnerability |
| Windows Installer | CVE-2021-1661 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-1697 | Windows InstallService Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-1682 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Media | CVE-2021-1710 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Windows NTLM | CVE-2021-1678 | NTLM Security Feature Bypass Vulnerability |
| Windows Print Spooler Components | CVE-2021-1695 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Projected File System Filter Driver | CVE-2021-1663 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability |
| Windows Projected File System Filter Driver | CVE-2021-1672 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability |
| Windows Projected File System Filter Driver | CVE-2021-1670 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability |
| Windows Remote Desktop | CVE-2021-1674 | Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability |
| Windows Remote Desktop | CVE-2021-1669 | Windows Remote Desktop Security Feature Bypass Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1701 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1700 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1666 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1664 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1671 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1673 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1658 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1667 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-1660 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows splwow64 | CVE-2021-1648 | Microsoft splwow64 Elevation of Privilege Vulnerability |
| Windows TPM Device Driver | CVE-2021-1656 | TPM Device Driver Information Disclosure Vulnerability |
| Windows Update Stack | CVE-2021-1694 | Windows Update Stack Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2021-1686 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2021-1681 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2021-1690 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2021-1687 | Windows WalletService Elevation of Privilege Vulnerability |
The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20210112. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
| KB ARTICLE | APPLIES TO |
|---|---|
| 4598229 | Windows 10, Version 1903, Windows Server, Version 1903, Windows 10, Version 1909, Windows Server, Version 1909 |
| 4598230 | Windows 10, Version 1809, Windows Server 2019 |
| 4598242 | Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2 |
| 4598275 | Windows 8.1, Windows Server 2012 R2 (Security-only update) |
| 4598278 | Windows Server 2012 (Monthly Rollup) |
| 4598279 | Windows 7, Windows Server 2008 R2 (Monthly Rollup) |
| 4598285 | Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) |
| 4598287 | Windows Server 2008 (Security-only update) |
| 4598288 | Windows Server 2008 (Monthly Rollup) |
| 4598289 | Windows 7, Windows Server 2008 R2 (Security-only update) |
| 4598297 | Windows Server 2012 (Security-only update) |
More Information:
https://krebsonsecurity.com/2021/01/microsoft-patch-tuesday-january-2021-edition/
https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/
KB4598229
KB4598230
KB4598242
KB4598275
KB4598278
KB4598279
KB4598285
KB4598287
KB4598288
KB4598289
KB4598297
- CVE-2020-26870
- CVE-2021-1636
- CVE-2021-1637
- CVE-2021-1643
- CVE-2021-1644
- CVE-2021-1645
- CVE-2021-1647
- CVE-2021-1648
- CVE-2021-1656
- CVE-2021-1663
- CVE-2021-1669
- CVE-2021-1670
- CVE-2021-1672
- CVE-2021-1676
- CVE-2021-1677
- CVE-2021-1694
- CVE-2021-1696
- CVE-2021-1699
- CVE-2021-1707
- CVE-2021-1708
- CVE-2021-1711
- CVE-2021-1713
- CVE-2021-1714
- CVE-2021-1715
- CVE-2021-1716
- CVE-2021-1725
