Microsoft Windows Security Updates March 2021 overview

Microsoft released security updates and non-security updates on the Marc 2021 Patch Day for all supported versions of Windows and other company products.

This guide provides system administrators and home users with information on the released patches and related information. You find links to all major security updates released by Microsoft for Windows, links to direct downloads, information on known issues as reported by Microsoft, and other information.

Click here to open the February 2021 Update overview if you want to check it out as well.

The Microsoft Windows Security Updates: March 2021

Excel spreadsheet with list of security updates is now available. Click on the following link to download it to your system: Security Updates 2021-03-10-014118pm

Executive Summary

  1. This is the last Patch Day for the legacy Microsoft Edge web browser. The browser won't be supported anymore after today, and Microsoft plans to replace it with the Chromium-based version of Edge starting in April 2021.
  2. Microsoft released security updates for Exchange Server. You may want to read up on the release on MSRC and the Microsoft On The Issues blog.
  3. Microsoft released security updates for all supported client and server versions of Windows. No client version of Windows is affected by a security issue with the highest severity rating of critical.
  4. The list of other Microsoft products with security updates is long, it includes Microsoft Office, Internet Explorer, Visual Studio, Windows Installer, Windows Media, Windows DirectX, Microsoft Exchange Server, and Azure among other products.

Operating System Distribution

  • Windows 7  (extended support only): 5 vulnerabilities: 0 critical and 5 important
  • Windows 8.1: 5 vulnerabilities: 0 critical and 5 important
  • Windows 10 version 1809: 5 vulnerabilities: 0 critical and 5 important
  • Windows 10 version 1903 and 1909: 7 vulnerabilities: 0 critical and 7 important
  • Windows 10 version 2004 and 20H2: 8 vulnerabilities, 0 critical and 8 important

Windows Server products

  • Windows Server 2008 R2 (extended support only): 9 vulnerabilities: 1 critical and 8 important
    • CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 10 vulnerabilities: 1 critical and 9 important
    • CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
  • Windows Server 2016: 9 vulnerabilities: 1 critical and 9 important.
    • CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability
  • Windows Server 2019: 9 vulnerabilities: 1 critical and 8 important.
    • CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
  • Addresses an issue in "which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs".
  • Security updates

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
  • Security updates.

Windows 10 version 1909

Updates and improvements:

  • Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
  • Security updates.

Windows 10 version 2004 and 20H2

Updates and improvements:

  • Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft.
  • Security updates.

Other security updates

2021-03 Cumulative Security Update for Internet Explorer (KB5000800)

2021-03 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5000840)

2021-03 Security Monthly Quality Rollup for Windows Server 2008 (KB5000844)

2021-03 Security Only Quality Update for Windows Server 2008 (KB5000856)

2021-03 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5000847)

2021-03 Cumulative Update for Windows 10 Version 1607, and Windows Server 2016 (KB5000803)

2021-03 Cumulative Update for Windows 10 Version 1507 (KB5000807)

2021-03 Cumulative Update for Windows 10 Version 1803 (KB5000809)

2021-03 Cumulative Update for Windows 10 Version 1703 (KB5000812)

 

Known Issues

Windows 7 SP1 and Windows Server 2008 R2

  • Updates are reverted if the device is not supported by ESU; this is expected behavior.
  • Certain operations on Cluster Shared Volumes may fail. Microsoft suggests to run operations from processes with admin privileges or to perform them from a node that does not have CSV ownership.

Windows 8.1 and Server 2012 R2

  • The error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." may be displayed after installing KB4493509 on devices with "some Asian language packs. Microsoft suggests to uninstall and reinstall recently added language packs, install recent Windows Updates, and if that does not help, to reset the PC.

Windows 10 version 1909, 2004, 20H2

  • System and user certificates may be lost during updates. Microsoft suggests to roll back the upgrade to the new version of Windows.

Windows 10 version 2004 and 20H2

  • Incorrect Furigana characters may be entered when using the Microsoft Japanese Input Method Editor. Microsoft is working on a resolution.

Security advisories and updates

ADV 990001 -- Latest Servicing Stack Updates

Non-security related updates

KB890830 -- Windows Malicious Software Removal Tool

Microsoft Office Updates

You find Office update information here.

How to download and install the March 2021 security updates

windows-security updates march 2021

Security updates are released via Windows Updates to the majority of Home systems. Enterprise and business customers have other options at their disposal, including using update management systems such as WSUS.

We recommend that backups are created before updates are installed, as updates may introduce issues on systems that range from usability issues to serious bugs that may damage data or make the system unbootable.

Windows administrators may check for updates manually using the following method:

  1. Select Start, type Windows Update and load the Windows Update item that is displayed.
  2. Select check for updates to run a manual check for updates.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB5000841 -- 2021-03 Security Monthly Quality Rollup for Windows 7
  • KB5000851 -- 2021-03 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB5000848 -- 2021-03 Security Monthly Quality Rollup for Windows 8.1
  • KB5000822 -- 2021-03 Security Only Quality Update for Windows 8.1

Windows 10 (version 1909)

  • KB5000808  -- 2021-03 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB5000802 -- 2021-03 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB5000802-- 2021-03 Cumulative Update for Windows 10 Version  20H2

Additional resources

Summary
Microsoft Windows Security Updates March 2021 overview
Article Name
Microsoft Windows Security Updates March 2021 overview
Description
Microsoft released security updates and non-security updates on the Marc 2021 Patch Day for all supported versions of Windows and other company products. 
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

    1. Yuliya said on March 9, 2021 at 9:30 pm
      Reply

      Updated 3x LTSC and 1x Server 2019 machines. All went well, currently cleaning images. I did notice something different this time around, installing the offline update, within Windows GUI, took considerably longer on all of them, I’m used to sit on this step for 2-5 minutes, now it took more like 8-10 minutes, however, the restart was instantaneous.
      A welcome change imo, this meant I could still use my mahine while it was updating.

      1. az said on March 10, 2021 at 1:34 am
        Reply

        it took longer than usual for me, as well. After the reboot there was a new ‘cleaning up’ message before login. So i suspect that’s it.

  1. TelV said on March 9, 2021 at 9:05 pm
    Reply

    No mention of Windows 8.1 in the support article for KB5000822 Martin. The only info reads:
    “Windows 10, version 1809, all editions Windows Server version 1809 Windows Server 2019, all editions”. That’s it.

    1. David H said on March 10, 2021 at 12:03 am
      Reply

      Security only KB for Windows 8.1 is KB5000853.

      1. TelV said on March 10, 2021 at 9:57 am
        Reply

        Thanks David H. That looks like the correct one.

        It’s a bit odd though that in Windows CP the only update which appears is KB890830.

    2. Anonymous said on March 10, 2021 at 2:23 am
      Reply

      He’s right, Martin. I think it is KB5000853 that you(and we) want.

  2. boris said on March 9, 2021 at 10:29 pm
    Reply

    This update gives me error when I try to update on my Windows 10.

  3. Bitty said on March 9, 2021 at 10:51 pm
    Reply

    There’s an update for IE 11 too this month: https://www.catalog.update.microsoft.com/Search.aspx?q=kb5000800

    1. TelV said on March 10, 2021 at 10:06 am
      Reply

      @ Bitty,

      Martin mentioned IE11 in the Executive Summary, but didn’t provide a link to it this time. Too busy I guess.

      Thanks for the link though :)

  4. Lqmlen said on March 10, 2021 at 12:04 am
    Reply

    Kb4603002 Net framework aparently rejects update third vendor software antiviruses.

  5. chesscanoe said on March 10, 2021 at 12:45 am
    Reply

    Yesterday I updated to 20H2 from 1909, and today 2021-03-09 KB5000802 got me to Windows 10 Home (x64) Version 2009 (build 19042.867) from yesterday’s 804. It was good to see Microsoft WU finally got smart with installing SSU KB5000858 so that KB5000802 was not downloaded twice, a longtime pet peeve of mine.

    1. chesscanoe said on March 31, 2021 at 6:16 pm
      Reply

      On 2021-03-30 I updated 20H2 to 2009 (build 19042.906) with SSU KB5000981 and Update for Windows 10 KB5000842, all using optional WU. No problems to date.

  6. anon said on March 10, 2021 at 6:09 am
    Reply

    am running Windows 7, but is it normal to only have KB890830 as the available update????

    1. Tron said on March 10, 2021 at 10:38 am
      Reply

      Same here ; got only KB890830 on win7 -x86 with Bypass esu v11…

      Did manual dloading KB5000841 — 2021-03 Security Monthly Quality Rollup for Windows 7

      And all Ok after installing that one!

      1. anon said on March 10, 2021 at 3:36 pm
        Reply

        just like you had to manually dl KB5000841 for W7 x64, currently installing (and would appear to take all night I guesswas…)

        so no .NET Framework updates this month???

    2. Nico said on March 10, 2021 at 11:48 am
      Reply

      That’s the Windows Malicious Software Removal Tool.

      Windows 7 doesn’t get other updates any more.

      1. Anonymous said on March 11, 2021 at 1:42 am
        Reply

        I got all updates including KB5000841 with ESU.

  7. Paul(us) said on March 10, 2021 at 11:55 am
    Reply

    Hoi Martin,
    Thanks really (Handy and) easy readable article again
    Do I understand it correctly that you’re still busy with the Excel spreadsheet that lists the released security updates for Microsoft’s Windows operating system and other company products?

  8. meh said on March 10, 2021 at 1:07 pm
    Reply

    a few hours after installing the march update (rechecked right after the 1st update and found… nothing).. it now wants to update microcode kb4589212 and .net framework preview kb4601554 will see if the microcode changes anything in hwinfo

    1. meh said on March 10, 2021 at 3:17 pm
      Reply

      curiously hwinfo now says CPU ID: 000506E3 microcode 0xd6 (it was e2 before installation).. yet 506e3 is listed as 0xcc in that ms table. with 506e+05 as 0xd6. but that tallies how it was the last time i looked at that table months ago… clear as mud.

    2. chesscanoe said on March 11, 2021 at 2:44 am
      Reply

      On 2021-03-10 in US, Microsoft forced a download of KB4589212 (Intel microcode updates) during my normal working hours. It was appropriate for my laptop CPU, so I installed it with no problem. Belarc Advisor shows it is now installed.

  9. microfix said on March 10, 2021 at 1:10 pm
    Reply

    Martin, the pre-fix name of the patches in the catalog are incorrect for Win7 NET framework patches for this month, they should start with 2021-03 and not 2021-02 – they show up in february but not in march within the catalog.
    Noticed your list also displays the 2021-02 name prefix

    1. Martin Brinkmann said on March 10, 2021 at 1:44 pm
      Reply

      Thank you, the February 2021 patches were listed there. I corrected this!

  10. TelV said on March 10, 2021 at 2:05 pm
    Reply

    @Martin,

    Did you delete all the .NET Framework updates? I don’t see them anywhere now.

    1. Martin Brinkmann said on March 10, 2021 at 2:26 pm
      Reply

      Yes, these were from last month,

  11. TelV said on March 10, 2021 at 2:33 pm
    Reply

    What on earth has Microsoft bundled with KB500848? It’s 538MB of which the Security Only update is only 38MB!

    Is this a last ditch attempt to download a bunch of telemetry crap onto our Win 8.1 systems?

  12. TickedOff said on March 11, 2021 at 3:56 am
    Reply

    How on earth can the Internet Explorer patches not be automatic, given that Internet Explorer is so deeply coded into Windows 7? Now they patched a flaw that can open a backdoor to your system just by visiting a website, and one is supposed to go find out if and where and when and how to install such a patch? A PAYING ESU CUSTOMER has to do that!? Not using Internet Explorer is not a patch, or a safety feature, since that code runs on your computer whether you use Internet Explorer or not. That leaking hole has been open since forever and is to blame for probably a massive chunk of all infections. It’s simple: ESU customers are NOT fully patched, they are only led to believe so. Meanwhile, in Redmond thousands of developers have worked day and night to make sure you must use a Microsoft account just to install Windows 10. F**K YOU, Microsoft.

  13. Tron said on March 11, 2021 at 10:12 am
    Reply

    By installing KB5000841 — 2021-03 Security Monthly Quality Rollup for Windows 7-
    you dont have that problem …. IE patches are included!

    Only if you install KB5000851 — 2021-03 Security Only Quality Update for Windows 7

    Then next phrase is true >

    REMINDER
    If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer (KB5000800).

    1. TickedOff said on March 11, 2021 at 6:24 pm
      Reply

      What a load of garbage. If you install via windows update, all that is given to you, IE updates are NOT included for Windows 7. Go away.

      1. Tron said on March 12, 2021 at 7:23 am
        Reply

        Are you stupid?

        I did manually install KB5000841 on windows 7-x86 -with patch v11-
        and IE says it is using latest version! KB5000800

        Open IE.. go to help> go to about IE …..

  14. carlos said on March 11, 2021 at 5:42 pm
    Reply

    According to reports, nearly all supported versions of Windows 10 are affected, which includes version 20H2, version 2004, version 1909, and even version 1803/1809. But the server 2016 and 2019 enterprises LTSC also are affected?

  15. Tron said on March 12, 2021 at 7:32 am
    Reply

    about ,netframe updates.. ;

    if you have updated in februari you are good..

    Only systems which have not done that get same update with a new version number…

  16. chesscanoe said on March 27, 2021 at 6:16 pm
    Reply

    FWIW, I perhaps foolishly optionally updated 20H2 to 2009 (build 1904.870) with KB5001649 which installed relatively quickly with no problems for me.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.