- March 2021 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Microsoft Windows Security Updates March 2021 overview
Microsoft released security updates and non-security updates on the Marc 2021 Patch Day for all supported versions of Windows and other company products.
This guide provides system administrators and home users with information on the released patches and related information. You find links to all major security updates released by Microsoft for Windows, links to direct downloads, information on known issues as reported by Microsoft, and other information.
Click here to open the February 2021 Update overview if you want to check it out as well.
The Microsoft Windows Security Updates: March 2021
Excel spreadsheet with list of security updates is now available. Click on the following link to download it to your system: Security Updates 2021-03-10-014118pm
Executive Summary
- This is the last Patch Day for the legacy Microsoft Edge web browser. The browser won't be supported anymore after today, and Microsoft plans to replace it with the Chromium-based version of Edge starting in April 2021.
- Microsoft released security updates for Exchange Server. You may want to read up on the release on MSRC and the Microsoft On The Issues blog.
- Microsoft released security updates for all supported client and server versions of Windows. No client version of Windows is affected by a security issue with the highest severity rating of critical.
- The list of other Microsoft products with security updates is long, it includes Microsoft Office, Internet Explorer, Visual Studio, Windows Installer, Windows Media, Windows DirectX, Microsoft Exchange Server, and Azure among other products.
Operating System Distribution
- Windows 7Â Â (extended support only): 5 vulnerabilities: 0 critical and 5 important
- Windows 8.1: 5 vulnerabilities: 0 critical and 5 important
- Windows 10 version 1809: 5 vulnerabilities: 0 critical and 5 important
- Windows 10 version 1903 and 1909: 7 vulnerabilities: 0 critical and 7 important
- Windows 10 version 2004 and 20H2: 8 vulnerabilities, 0 critical and 8 important
Windows Server products
- Windows Server 2008 R2 (extended support only):Â 9 vulnerabilities: 1 critical and 8 important
- CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
- Windows Server 2012 R2: 10 vulnerabilities: 1 critical and 9 important
- CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
- Windows Server 2016: 9 vulnerabilities: 1 critical and 9 important.
- CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
- Windows Server 2019: 9 vulnerabilities: 1 critical and 8 important.
- CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
- Monthly Rollup: KB5000841
- Security-only: KB5000851Â
Updates and improvements:
- Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
- Addresses an issue in "which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs".
- Security updates
Windows 8.1 and Windows Server 2012 R2
- Monthly Rollup:Â KB5000848Â
- Security-only: KB5000822
Updates and improvements:
- Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
- Security updates.
Windows 10 version 1909
- Support Page: KB5000808Â
Updates and improvements:
- Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
- Security updates.
Windows 10 version 2004 and 20H2
- Support Page: KB5000802Â
Updates and improvements:
- Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
- Security updates.
Other security updates
2021-03 Cumulative Security Update for Internet Explorer (KB5000800)
2021-03 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5000840)
2021-03 Security Monthly Quality Rollup for Windows Server 2008 (KB5000844)
2021-03 Security Only Quality Update for Windows Server 2008 (KB5000856)
2021-03 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5000847)
2021-03 Cumulative Update for Windows 10 Version 1607, and Windows Server 2016 (KB5000803)
2021-03 Cumulative Update for Windows 10 Version 1507 (KB5000807)
2021-03 Cumulative Update for Windows 10 Version 1803 (KB5000809)
2021-03 Cumulative Update for Windows 10 Version 1703 (KB5000812)
Known Issues
Windows 7 SP1 and Windows Server 2008 R2
- Updates are reverted if the device is not supported by ESU; this is expected behavior.
- Certain operations on Cluster Shared Volumes may fail. Microsoft suggests to run operations from processes with admin privileges or to perform them from a node that does not have CSV ownership.
Windows 8.1 and Server 2012 R2
- The error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." may be displayed after installing KB4493509 on devices with "some Asian language packs. Microsoft suggests to uninstall and reinstall recently added language packs, install recent Windows Updates, and if that does not help, to reset the PC.
Windows 10 version 1909, 2004, 20H2
- System and user certificates may be lost during updates. Microsoft suggests to roll back the upgrade to the new version of Windows.
Windows 10 version 2004 and 20H2
- Incorrect Furigana characters may be entered when using the Microsoft Japanese Input Method Editor. Microsoft is working on a resolution.
Security advisories and updates
ADV 990001Â -- Latest Servicing Stack Updates
Non-security related updates
KB890830Â -- Windows Malicious Software Removal Tool
Microsoft Office Updates
You find Office update information here.
How to download and install the March 2021 security updates
Security updates are released via Windows Updates to the majority of Home systems. Enterprise and business customers have other options at their disposal, including using update management systems such as WSUS.
We recommend that backups are created before updates are installed, as updates may introduce issues on systems that range from usability issues to serious bugs that may damage data or make the system unbootable.
Windows administrators may check for updates manually using the following method:
- Select Start, type Windows Update and load the Windows Update item that is displayed.
- Select check for updates to run a manual check for updates.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 7 and Server 2008 R2
- KB5000841 -- 2021-03 Security Monthly Quality Rollup for Windows 7
- KB5000851 -- 2021-03 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB5000848 -- 2021-03 Security Monthly Quality Rollup for Windows 8.1
- KB5000822 -- 2021-03 Security Only Quality Update for Windows 8.1
Windows 10 (version 1909)
- KB5000808Â -- 2021-03 Cumulative Update for Windows 10 Version 1909
Windows 10 (version 2004)
- KB5000802 -- 2021-03 Cumulative Update for Windows 10 Version 2004
Windows 10 (version 20H2)
- KB5000802-- 2021-03 Cumulative Update for Windows 10 Version 20H2
Additional resources
Summary
Article Name
Microsoft Windows Security Updates March 2021 overview
Description
Microsoft released security updates and non-security updates on the Marc 2021 Patch Day for all supported versions of Windows and other company products.Â
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
FWIW, I perhaps foolishly optionally updated 20H2 to 2009 (build 1904.870) with KB5001649 which installed relatively quickly with no problems for me.
about ,netframe updates.. ;
if you have updated in februari you are good..
Only systems which have not done that get same update with a new version number…
According to reports, nearly all supported versions of Windows 10 are affected, which includes version 20H2, version 2004, version 1909, and even version 1803/1809. But the server 2016 and 2019 enterprises LTSC also are affected?
By installing KB5000841 — 2021-03 Security Monthly Quality Rollup for Windows 7-
you dont have that problem …. IE patches are included!
Only if you install KB5000851 — 2021-03 Security Only Quality Update for Windows 7
Then next phrase is true >
REMINDER
If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer (KB5000800).
What a load of garbage. If you install via windows update, all that is given to you, IE updates are NOT included for Windows 7. Go away.
Are you stupid?
I did manually install KB5000841 on windows 7-x86 -with patch v11-
and IE says it is using latest version! KB5000800
Open IE.. go to help> go to about IE …..
How on earth can the Internet Explorer patches not be automatic, given that Internet Explorer is so deeply coded into Windows 7? Now they patched a flaw that can open a backdoor to your system just by visiting a website, and one is supposed to go find out if and where and when and how to install such a patch? A PAYING ESU CUSTOMER has to do that!? Not using Internet Explorer is not a patch, or a safety feature, since that code runs on your computer whether you use Internet Explorer or not. That leaking hole has been open since forever and is to blame for probably a massive chunk of all infections. It’s simple: ESU customers are NOT fully patched, they are only led to believe so. Meanwhile, in Redmond thousands of developers have worked day and night to make sure you must use a Microsoft account just to install Windows 10. F**K YOU, Microsoft.
Server 2016 – kb5000803
https://support.microsoft.com/en-us/topic/march-9-2021-kb5000803-os-build-14393-4283-711d10dd-adcb-490b-a640-aaa25009cfed
Server 2019 – kb5000822
https://support.microsoft.com/en-us/topic/march-9-2021-kb5000822-os-build-17763-1817-2eb6197f-e3b1-4f42-ab51-84345e063564
What on earth has Microsoft bundled with KB500848? It’s 538MB of which the Security Only update is only 38MB!
Is this a last ditch attempt to download a bunch of telemetry crap onto our Win 8.1 systems?
@Martin,
Did you delete all the .NET Framework updates? I don’t see them anywhere now.
Yes, these were from last month,
Martin, the pre-fix name of the patches in the catalog are incorrect for Win7 NET framework patches for this month, they should start with 2021-03 and not 2021-02 – they show up in february but not in march within the catalog.
Noticed your list also displays the 2021-02 name prefix
Thank you, the February 2021 patches were listed there. I corrected this!
a few hours after installing the march update (rechecked right after the 1st update and found… nothing).. it now wants to update microcode kb4589212 and .net framework preview kb4601554 will see if the microcode changes anything in hwinfo
On 2021-03-10 in US, Microsoft forced a download of KB4589212 (Intel microcode updates) during my normal working hours. It was appropriate for my laptop CPU, so I installed it with no problem. Belarc Advisor shows it is now installed.
curiously hwinfo now says CPU ID: 000506E3 microcode 0xd6 (it was e2 before installation).. yet 506e3 is listed as 0xcc in that ms table. with 506e+05 as 0xd6. but that tallies how it was the last time i looked at that table months ago… clear as mud.
Hoi Martin,
Thanks really (Handy and) easy readable article again
Do I understand it correctly that you’re still busy with the Excel spreadsheet that lists the released security updates for Microsoft’s Windows operating system and other company products?
am running Windows 7, but is it normal to only have KB890830 as the available update????
That’s the Windows Malicious Software Removal Tool.
Windows 7 doesn’t get other updates any more.
I got all updates including KB5000841 with ESU.
Same here ; got only KB890830 on win7 -x86 with Bypass esu v11…
Did manual dloading KB5000841 — 2021-03 Security Monthly Quality Rollup for Windows 7
And all Ok after installing that one!
just like you had to manually dl KB5000841 for W7 x64, currently installing (and would appear to take all night I guesswas…)
so no .NET Framework updates this month???
Yesterday I updated to 20H2 from 1909, and today 2021-03-09 KB5000802 got me to Windows 10 Home (x64) Version 2009 (build 19042.867) from yesterday’s 804. It was good to see Microsoft WU finally got smart with installing SSU KB5000858 so that KB5000802 was not downloaded twice, a longtime pet peeve of mine.
On 2021-03-30 I updated 20H2 to 2009 (build 19042.906) with SSU KB5000981 and Update for Windows 10 KB5000842, all using optional WU. No problems to date.
Kb4603002 Net framework aparently rejects update third vendor software antiviruses.
There’s an update for IE 11 too this month: https://www.catalog.update.microsoft.com/Search.aspx?q=kb5000800
@ Bitty,
Martin mentioned IE11 in the Executive Summary, but didn’t provide a link to it this time. Too busy I guess.
Thanks for the link though :)
This update gives me error when I try to update on my Windows 10.
No mention of Windows 8.1 in the support article for KB5000822 Martin. The only info reads:
“Windows 10, version 1809, all editions Windows Server version 1809 Windows Server 2019, all editions”. That’s it.
He’s right, Martin. I think it is KB5000853 that you(and we) want.
Security only KB for Windows 8.1 is KB5000853.
Thanks David H. That looks like the correct one.
It’s a bit odd though that in Windows CP the only update which appears is KB890830.
Windows 10 and Windows Server 2019 update history
https://support.microsoft.com/en-us/topic/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059
March 9, 2021—KB5000822 (OS Build 17763.1817)
https://support.microsoft.com/en-us/topic/march-9-2021-kb5000822-os-build-17763-1817-2eb6197f-e3b1-4f42-ab51-84345e063564
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000822
KB5000859: Servicing stack update for Windows 10, version 1809: March 9, 2021
https://support.microsoft.com/en-us/topic/kb5000859-servicing-stack-update-for-windows-10-version-1809-march-9-2021-131d7ec3-a212-4d10-9679-e97395197bac
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000859
Updated 3x LTSC and 1x Server 2019 machines. All went well, currently cleaning images. I did notice something different this time around, installing the offline update, within Windows GUI, took considerably longer on all of them, I’m used to sit on this step for 2-5 minutes, now it took more like 8-10 minutes, however, the restart was instantaneous.
A welcome change imo, this meant I could still use my mahine while it was updating.
it took longer than usual for me, as well. After the reboot there was a new ‘cleaning up’ message before login. So i suspect that’s it.