Windows 7 and 8.1 Patch Tuesday updates are out, here's what's new

An X shaped patch using the Windows 7 and 8 dot 1 default backgrounds on each half

It’s the second Tuesday of the month, which is when all supported Windows versions receive cumulative updates. This includes supported Windows 10 versions such as the three latest versions based on the same codebase, Windows 8.1, and Windows 7 users who have opted for extended security updates (ESU). Unlike Windows 10, Windows 7 and 8.1 users receive one update a month, with there being some exceptions for when there are critical vulnerabilities.

As is always the case with Windows 7 and 8.1, there are two kinds of updates. They are monthly rollup packages and security-only updates. The monthly rollups are those that can be installed via Windows Update and the security-only ones are those that can only be manually installed. However, both these updates can be downloaded from the Update Catalog manually.

Starting with Windows 8.1 and Windows Server 2012 R2, the monthly rollup is KB5005076 and can be downloaded manually from here. The improvements and fixes made in this update include:

  • Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see KB5005652, Point and Print Default Behavior Change, and CVE-2021-34481 for more information.
  • Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see KB5005391.
  • This update also contains miscellaneous security improvements to internal OS functionality.

The security-only update for this version is termed KB5005106 and brings with it identical fixes. Users can download the update manually from here depending on the version required. Both these updates also share identical known issues, which are listed below:

Symptom

Workaround

After installing this update, the Elastic File System (EFS) API OpenEncryptedFileRaw(A/W), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).

This behavior is expected because we addressed the issue in CVE-2021-36942.

Note If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Next up is Windows 7 Windows Server 2008 R2 SP1, updates for which head only to users and enterprises that have opted to pay for extended updates. For these users, the monthly rollup is KB5005088, which can be downloaded manually from here. The security-only update for these is KB5005089 and can be had from the Update Catalog here.

The fixes being made to Windows 7 are identical to that of Windows 8.1. While the updates share the two known issues as well, there is an additional issue that users might want to be aware of for the older OS. Here is the single additional known issue listed by Microsoft:

Symptom

Workaround

After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.

This is expected in the following circumstances:

  • If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
  • If you do not have an ESU MAK add-on key installed and activated.
  • If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.

As mentioned earlier, the monthly rollups will be served through Windows Update for supported devices. The security-only updates, however, are to be manually pulled from the Update Catalog links.

Report a problem with article
Microsoft Edge Dev written next to an Edge Dev logo and three vertically slanted green lines
Next Article

This week's Edge Dev build brings Sleeping Tabs improvements and more

ebook offer
Previous Article

On-ramp to the Cloud - Free eGuide Download

7 Comments - Add comment

Advertisement