Microsoft releases Windows 7 February Patch Tuesday update (KB5010404)

Patch Tuesday text next to the default backgrounds of Windows 7 8 and 10

Anyone using Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, or Windows Embedded POS Ready 7 and pays for extended security update (ESU) support, can now install the latest Patch Tuesday update (KB5010404) via the Windows Update tool. Similar to the Windows 8.1 update, the Windows 7 update includes quite a number of improvements and fixes and a few known issues.

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB5009610 (released January 11, 2022) and update KB5010798 (released January 17, 2022). Additionally, this update also addresses the following issues:

  • Updates daylight savings time to start in February 2022 instead of March 2022 in Jordan.
  • Addresses SHA1 deprecation by removing specific SHA1-signed security and non-security fixes and resigned those fixes with SHA2 in this release.
  • Addresses an issue in which a Lightweight Directory Access Protocol (LDAP) modify operation that contains the SamAccountName together with the UserAccountControl attributes fails with “Error: 0x20EF The directory service encountered an unknown failure.”
  • Addresses an issue in which Windows Server 2008 R2 domain controllers (DCs) fail to process NTLM pass-through authentication.
  • Adds an audit event on Active Directory domain controllers that identifies clients that are not RFC-4456 compliant. For more information, see KB5005408—Smart card authentication might cause print and scan failures.

As mentioned earlier, there are two known issues in this update but they both feature workarounds that you can apply if you’re affected.

Symptom Workaround

After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History.

This is expected in the following circumstances:

  • If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
  • If you do not have an ESU MAK add-on key installed and activated.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Provided your system is fairly up-to-date, you should be OK grabbing the update from Windows Update. It should be noted, however, that there’s quite a long list of prerequisites that you can check out on Microsoft Support under the section about how to get the update.

Report a problem with article
Microsoft Defender Preview
Next Article

Microsoft Defender Preview service goes live to protect Windows and Android devices

Windows 11 logo white on top of a fractal variant of the Windows 11 default wallpaper
Previous Article

Windows 11 feature leak: Microsoft could add more Task Manager features soon

4 Comments - Add comment

Advertisement