Anyone using Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, or Windows Embedded POS Ready 7 and pays for extended security update (ESU) support, can now install the latest Patch Tuesday update (KB5010404) via the Windows Update tool. Similar to the Windows 8.1 update, the Windows 7 update includes quite a number of improvements and fixes and a few known issues.
Improvements and fixes
This security update includes improvements and fixes that were a part of update KB5009610 (released January 11, 2022) and update KB5010798 (released January 17, 2022). Additionally, this update also addresses the following issues:
- Updates daylight savings time to start in February 2022 instead of March 2022 in Jordan.
- Addresses SHA1 deprecation by removing specific SHA1-signed security and non-security fixes and resigned those fixes with SHA2 in this release.
- Addresses an issue in which a Lightweight Directory Access Protocol (LDAP) modify operation that contains the SamAccountName together with the UserAccountControl attributes fails with “Error: 0x20EF The directory service encountered an unknown failure.”
- Addresses an issue in which Windows Server 2008 R2 domain controllers (DCs) fail to process NTLM pass-through authentication.
- Adds an audit event on Active Directory domain controllers that identifies clients that are not RFC-4456 compliant. For more information, see KB5005408—Smart card authentication might cause print and scan failures.
As mentioned earlier, there are two known issues in this update but they both feature workarounds that you can apply if you’re affected.
After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History.
This is expected in the following circumstances:
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Do one of the following:
Microsoft is working on a resolution and will provide an update in an upcoming release.
Provided your system is fairly up-to-date, you should be OK grabbing the update from Windows Update. It should be noted, however, that there’s quite a long list of prerequisites that you can check out on Microsoft Support under the section about how to get the update.