Lucene search

K
mskb
MicrosoftKB5006699
HistoryOct 12, 2021 - 12:00 a.m.

October 12, 2021—KB5006699 (OS Build 20348.288)

2021-10-1200:00:00
Microsoft
support.microsoft.com
38

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.512 Medium

EPSS

Percentile

97.5%

October 12, 2021—KB5006699 (OS Build 20348.288)

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protection for Export Address Filtering (EAF).
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the Security Update Guide and the October 2021 Security Updates.

Windows 10 servicing stack update - 20348.260

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Symptom Workaround
After installing KB5005575, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and print operations to that printer will succeed as usual.NoteIPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations. This issue is resolved in KB5006745.
After installing KB5005619 on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server – for example, duplex print settings – will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005619 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.NoteThe printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations. This issue is resolved in KB5006745.
After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, “Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials.” and “The login attempt failed” in red. This issue is addressed in KB5007254.
You might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.Note The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations. This issue is resolved in KB5006745.
After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:
  • 0x000006e4 (RPC_S_CANNOT_SUPPORT)

  • 0x0000007c (ERROR_INVALID_LEVEL)

  • 0x00000709 (ERROR_INVALID_PRINTER_NAME)
    Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5007254.
    Universal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:

  • App packages with framework dependencies

  • Apps that are provisioned for the device, not per user account.
    The affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015879 for all releases starting September 14, 2021 and later.

How to get this update

Before installing this updateMicrosoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business Yes None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Microsoft Server operating system-21H2Classification: Security Updates

If you want to remove the LCUTo remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command:DISM /online /get-packages.Running Windows Update Standalone Installer (wusa.exe) with the**/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File InformationFor a list of the files that are provided in this update, download the file information for cumulative update 5006699.For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.260.

How to protect your server from attacks?

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.512 Medium

EPSS

Percentile

97.5%

Related for KB5006699