Here's what's new for Windows 8.1 and 7 this Patch Tuesday

An X shaped patch using the Windows 7 and 8 dot 1 default backgrounds on each half

We're already three months deep into 2021, and as we reach the second Tuesday of March, that means it's time once again for Microsoft to update every supported version of Windows. Naturally, the most recent versions of Windows 10 are getting updates, but Windows 8.1 is also still supported. And, for businesses paying for extended security updates, so is Windows 7.

There are updates heading out to both of these Windows releases, and as usual, there are two types of updates for both Windows 8.1 and Windows 7, as well as their server counterparts - a monthly rollup that's usually installed automatically and a security-only update that you have to install manually.

Starting with Windows 8.1, the monthly rollup update is labeled KB5000848 and you can download it manually here. It includes the following changes:

Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain CVE-2020-17049 protections released between November 10 and December 8, 2020 and configured PerfromTicketSignature to 1 or larger. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the USER_NO_AUTH_DATA_REQUIRED flag being set for the user in User Account Controls.

Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.

Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.

There's a single known issue, which is the same we've been seeing for months now:

Symptom Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

And as for the security-only update, that's KB5000853, and you can download it manually here. It includes the first and last bullet points from the monthly rollup update, and it has the same known issue.

Moving on to Windows 7, again, you'll need to be paying for extended security updates to get any updates at this point. If you are, the monthly rollup you'll get is KB5000841 and you can download it manually here. Here's what's included:

  • Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.
  • Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain CVE-2020-17049 protections released between November 10 and December 8, 2020 and configured PerfromTicketSignature to 1 or larger. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the USER_NO_AUTH_DATA_REQUIRED flag being set for the user in User Account Controls.
  • Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, and Windows Media.

The single known issue is the same as the one for the Windows 8.1 updates.

Finally, the security-only update for Windows 7 is KB5000851 and it can be downloaded manually here. It only includes the last two points of the updates mentioned above and has the same known issue as the other updates.

Report a problem with article
Forza Horizon 4 available now on Steam
Next Article

Forza Horizon 4 is now available on Steam with Xbox cross-play

Windows 10 logo with a PC running the OS next to it
Previous Article

Microsoft releases Windows 10 builds 19042.867, 18363.1440 - here's what's new

2 Comments - Add comment

Advertisement