Updates Windows 10 Cumulative Updates KB4601315 & KB4601319 released

silversurfer

Level 73
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,221
As part of the February Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows.

The cumulative update with security fixes is rolling out to PCs with October 2020 Update, May 2020 Update, November 2019 Update, and May 2019 Update. In this month's update, there are only security enhancements for the system, browsers, core components and other basic functions.
What's new in OS Builds 19042.804 and 19041.804

The cumulative update for Windows 10, version 2004 and 20H2 is KB 4601319 and it is expected to include security bug fixes. At the moment, the changelog is not available due to unknown issues with Microsoft support document.

"The February 2021 security update release is now available on all supported versions of Windows. Release notes associated with these updates might publish with a delay of up to an hour. We will share the release notes after they are published. Thank you for your patience," Microsoft said in a statement.

For those on version 1909, a new cumulative update with package number (KB4601315) is now available and it comes with security fixes. The changelog for this update is also not available.
 

Gandalf_The_Grey

Level 48
Verified
Trusted
Content Creator
Apr 24, 2016
3,746

Zero-day and publicly disclosed vulnerabilities fixed

Microsoft fixed both a zero-day and numerous publicly disclosed vulnerabilities as part of the months security updates.

The actively exploited zero-day is tracked as 'CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability' and allows an attacker or malicious program to elevate their privileges to administrative privileges.

This vulnerability was discovered by researchers at DBAPPSecurity Co., Ltd.

In addition to the zero-day vulnerability, Microsoft also states that they also patched numerous publicly disclosed vulnerabilities:
  • CVE-2021-1721 - .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-1727 - Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-1733 - Sysinternals PsExec Elevation of Privilege Vulnerability
  • CVE-2021-24098 - Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-24106 - Windows DirectX Information Disclosure Vulnerability
  • CVE-2021-26701 - .NET Core Remote Code Execution Vulnerability

Supply chain attack fix

Today, Microsoft fixed a vulnerability tracked as CVE-2021-24105 in their Azure Artifactory product that was discovered after researchers used it in a PoC attack against Microsoft's systems.

This vulnerability allowed threat actors to create malicious public packages that have the same name as internal packages used by internal company applications. When these applications are built, they would instead pull down the malicious package rather than using their own internal one, and trigger a supply chain attack.

This attack affected numerous companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber.

More information about this vulnerability can be found in our dedicated 'Researcher hacks Microsoft, Apple, more in novel supply chain attack' article.
The Ghacks overview:
 
Last edited:

Gandalf_The_Grey

Level 48
Verified
Trusted
Content Creator
Apr 24, 2016
3,746
More info on the supply chain attack that was fixed:
Bleeping Computer:
From the researcher himself:
 

Gandalf_The_Grey

Level 48
Verified
Trusted
Content Creator
Apr 24, 2016
3,746
Hi, @Gandalf_The_Grey, what to do if the updates won't install, I only waited 10 minutes, but it did not begin to count %, it used to at that time frame, I postponed updates with 30 days, but that only helps 30 days, my device is 2 years old, and is up to date with drivers an all, what do you think I should do? be a little more patient? :unsure:
I had probably the same problem today. The update didn't install, hang on 0% for a long time.
Tried a reboot but got a message for waiting for windows, if I remember correctly, but nothing happened.
After that I shut down my laptop with holding down the power botton.
After I started it again and that time Windows Update could install the update, went to 20% took it's time but eventually I got the message to reboot and the update is installed now. Maybe others have the same problem and Microsoft will offer a new update soon.
I would just retry after a week of so.
 

amirr

Level 15
Jan 26, 2020
725
"
Windows classic Alt-Tab app switcher was replaced in Windows 10 with a 'modern Alt-Tab switcher'

After October Update, modern Alt Tab switcher stopped working properly and some people like Raf had advised switching to the classic version until the bug is fixed.

The bug has now been fixed, so those who disabled the modern switcher can now enable it again."
By Mayank Parmar
 

Gandalf_The_Grey

Level 48
Verified
Trusted
Content Creator
Apr 24, 2016
3,746
For February, a 'bumpy' Patch Tuesday ride:
A few issues have already cropped up with this month's collection of patches from Microsoft. So, for now, pause updates if you can.
One week out from Patch Tuesday and it’s been a bumpy release for the month, especially for older versions of Windows 10 and Server 2016.
(Less affected: the consumer versions of Windows 10 2004 and 20H2.)
So what do I recommend at this time? Be patient. I’m still in testing mode to make sure I don’t see any issues. Thus, I recommend staying in “pause” mode when it comes to this month’s updates. We’ll keep you informed here and over on Askwoody.com of any of the details.
So, it's better to be on the latest versions of Windows 10 :D
 
Top