Microsoft has just released today new Patch Tuesday updates for all supported versions of Windows 10, including the soon-to-be-released version 21H1. The upcoming Windows 10 release is currently available for Windows Insiders in the Beta and Release Preview channels, who can download today the 21H1 build 19043.928 (KB5001330) from Windows Update.
This same KB5001330 patch is also available today for Windows 10 versions 20H2 and 2004 in the form of the builds 19042.928 and 19041.928, respectively. Since these older versions of the OS share a common core with Windows 10 version 21H1, the list of fixes below applies to all 3 of them:
- We fixed an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
- We fixed an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU.For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
- We fixed a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP – Authentication.
- Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, Internet Explorer, and Windows Media.
- We have resolved an issue where some Insiders were getting an 0x800f081f error when attempting to install an early version of KB5000842. If you continue to hit an issue with the final version of KB5000842 update, let us know via Feedback Hub.
As of this writing, Microsoft has yet to update its Windows support website to detail all the Patch Tuesday updates for all supported versions of Windows 10. We hope the changelogs for older versions of the OS will go live later today, and we recommend keeping an eye on the Windows Update Twitter account for the announcement.
Microsoft could have used this month’s Patch Tuesday to announce when Windows 10 version 21H1 will start rolling out to all users, but the company may well wait until next month to do so. Windows 10 version 21H1 will be another minor update for the OS, only bringing multi-camera support for Windows Hello as well as performance improvements for Windows Defender Application Guard. We hope the company will share more details about its general availability soon.
Update 11:40 AM PT: The release notes for all April Patch Tuesday updates are now available on the Windows Support website.
📄 Windows 10, version 2004 and Windows 10, version 20H2 – KB5001330 – https://t.co/5hfKNgbp7I
— Windows Update (@WindowsUpdate) April 13, 2021