Lucene search

K
mskbMicrosoftKB5001387
HistoryApr 13, 2021 - 12:00 a.m.

April 13, 2021—KB5001387 (Monthly Rollup)

2021-04-1300:00:00
Microsoft
support.microsoft.com
17

9 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

51.1%

April 13, 2021—KB5001387 (Monthly Rollup)

**Important:**Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as “C” or “D” releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the “B” or Update Tuesday release).

For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows Server 2012 update history home page.

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB5000847 (released March 9, 2021) and addresses the following issues:

  • Addresses a time zone change for Volgograd, Russia from UTC+4 to UTC+3 Moscow Standard Time (MSK).
  • Addresses a time zone change for The Republic of South Sudan from UTC+3 to UTC+2 Juba. For more information about this change, see KB 4601275.
  • Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
  • Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.
  • Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, “Failed to start the backup of user links (error 8007005)”.
  • Security updates to Windows Apps, Windows Input and Composition, Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.
    For more information about the resolved security vulnerabilities, please refer to the new Security Update Guide website.

Known issues in this update

Symptom Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
    Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update

Before installing this updateWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.If you use Windows Update, the latest SSU (KB5001401) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows Server 2012, Windows Embedded 8 StandardClassification: Security Updates

File information

For a list of the files that are provided in this update, download the file information for update 5001387.

9 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

51.1%