Microsoft Windows Security Updates July 2021 overview

Martin Brinkmann
Jul 13, 2021
Updated • Jul 13, 2021
Windows Updates
|
17

It is the second Tuesday of the month and that means it is Microsoft Patch Day. Microsoft released security and non-security updates for all supported client and server versions of its Windows operating system as well as for other company products such as Microsoft Office.

Our overview starts with an executive summary; the operating system distribution and list of critical security updates follow. Below that are the main cumulative updates for all client and server versions of Windows and the list of other security updates.

The list of known issues includes only those confirmed by Microsoft. You will also find links to security advisories and other, non-security updates, as well as download information and additional resource links on this page.

Here is the link to the June 2021 Patch Day overview in case you missed it.

The Microsoft Windows Security Updates: June 2021

Here is an Excel spreadsheet with the released security updates for client and server versions of Windows: Security Updates 2021-07-13-071231pm

Executive Summary

  • Microsoft released security updates for all supported versions of its Windows operating system.
  • Security updates are also available for Microsoft Office, Power BI and Visual Studio Code.
  • The following products have known issues: Windows 7 SP1, Windows 8.1, Windows 10 version 1809, 2004, 20H2, 21H1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2019, ,and Windows Server 2004 and 20H2, Microsoft Exchange Server 2013, 2016 and 2019

Operating System Distribution

  • Windows 7 (extended support only): 30 vulnerabilities: 3 critical and 27 important
    • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
    • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
    • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448
  • Windows 8.1: 39 vulnerabilities: 3 critical and 36 important
    • same as Windows 7
  • Windows 10 version 1903 and 1909: 67 vulnerabilities: 5 critical and 62 important
    • same as Windows 7, plus
    • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-34450
    • Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- CVE-2021-34503
  • Windows 10 version 2004, 20H2 and 21H1 : 68 vulnerabilities, 4 critical and 64 important
    • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
    • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
    • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-34450
    • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448

Windows Server products

  • Windows Server 2008 R2 (extended support only): 37 vulnerabilities: 1 critical and 11 important
    • Windows DNS Server Remote Code Execution Vulnerability -- CVE-2021-34494
    • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
    • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
  • Windows Server 2012 R2: 50 vulnerabilities: 4 critical and 46 important
    • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448
    • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
    • Windows DNS Server Remote Code Execution Vulnerability -- CVE-2021-34494
    • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527
  • Windows Server 2016: 60 vulnerabilities: 6 critical and 54 important.
    • same as Windows Server 2021 R2 plus
    • Windows Kernel Remote Code Execution Vulnerability -- CVE-2021-34458
    • Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- CVE-2021-34439
  • Windows Server 2019: 77 vulnerabilities: 2 critical and 22 important
    • Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- CVE-2021-34439
    • Windows MSHTML Platform Remote Code Execution Vulnerability -- CVE-2021-34497
    • Windows DNS Server Remote Code Execution Vulnerability -- CVE-2021-34494
    • Windows Kernel Remote Code Execution Vulnerability -- CVE-2021-34458
    • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-34450
    • Scripting Engine Memory Corruption Vulnerability -- CVE-2021-34448
    • Windows Media Remote Code Execution Vulnerability -- CVE-2021-33740
    • Windows Print Spooler Remote Code Execution Vulnerability -- CVE-2021-34527

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)
  • Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)
  • Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
  • Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
  • Security updates.

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Fixes an issue that is causing 16-bit applications to fail with error messages that indicate VBRUN300.DLL (Monthly-Rollup only)
  • Fixed an EMF rendering issue caused by third-party applications using ExtCreatePen and ExtCreateFontIndirect. (Monthly-Rollup only)
  • Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
  • Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
  • Security updates.

Windows 10 version 1909

Updates and improvements:

  • Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
  • Security updates

Windows 10 version 2004, 20H2 and 21H1

Updates and improvements:

  • Fixed a printing issue that made printing to affected printers difficult. Affected receipt and label printers mostlz.
  • Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode. See this support article for additional information.
  • Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. See KB5004605.
  • Fixed a vulnerability that caused Primary Refresh Tokens to be encrypted weakly.
  • Security updates

Other security updates

2021-07 Cumulative Security Update for Internet Explorer (KB5004233)

2021-07 Security Monthly Quality Rollup for Windows Server 2008 (KB5004305)

2021-07 Security Only Quality Update for Windows Server 2008 (KB5004299)

2021-07 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5004294)

2021-07 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5004302)

2021-07 Cumulative Update for Windows 10 Version 1507 (KB5004249)

2021-07 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 (KB5004238)

2021-07 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5004244)

2021-07 Cumulative Update for Azure Stack HCI, version 20H2 and Windows Server 2019 Datacenter: Azure Edition for x64-based Systems (KB5004235)

Servicing Stack Updates

2021-07 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004378)

2021-07 Servicing Stack Update for Windows 10 Version 1909 (KB5004748)

Known Issues

Windows 7 SP1 and Server 2008 R2

  • Updates may fail to install if the system is not an ESU system.
    • Expected behavior.
  • Operations may fail on Cluster Shared Volumes.
    • Run the operations with administrative privileges.
    • Run the operations from a node that does not have CSV ownership.

Windows 8.1 and Windows Server 2012 R2

  • Operations may fail on Cluster Shared Volumes.
    • Run the operations with administrative privileges.
    • Run the operations from a node that does not have CSV ownership.

Windows 10 versions 2004, 20H2 and 21H1

  • An issue with output characters when using the Microsoft Japanese Input Method Editor to enter Kanji characters.
    • Microsoft is still working on a solution.
  • Issue with Edge Legacy being removed but the new Edge not installed on devices that were installed using custom offline media or custom ISO images.

Security advisories and updates

ADV 990001 -- Latest Servicing Stack Updates

Other updates

2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004116)

2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004117)
2021-07 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5004118)

2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5004120)

2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004121)

2021-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5004122)

2021-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5004229)

2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5004230)

2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5004231)

2021-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5004232)

2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004 (KB5003537)

2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5003538)

2021-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5003539)

2021-07 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5003541)

2021-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5004115)

2021-07 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5004228)

Microsoft Office Updates

You find Office update information here.

How to download and install the June 2021 security updates

microsoft windows security updates july 2021

Security updates are downloaded and installed automatically on client versions of Windows by default. Updates can also be downloaded directly from the Microsoft Update Catalog website, and you may also check for updates manually to install them as quickly as possible.

System administrators who manage update management systems such as WSUS may also install the updates using these systems.

To check for updates manually, do the following:

  1. Select Start, type Windows Update and load the Windows Update item that is displayed.
  2. Select check for updates to run a manual check for updates.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB5004289  -- 2021-07 Security Monthly Quality Rollup for Windows 7
  • KB5004307 -- 2021-07 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB5004298 -- 2021-07 Security Monthly Quality Rollup for Windows 8.1
  • KB5004285  -- 2021-07 Security Only Quality Update for Windows 8.1

Windows 10 (version 1909)

  • KB5004245 -- 2021-07 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB5004237 -- 2021-07 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB5004237 -- 2021-07 Cumulative Update for Windows 10 Version  20H2

Windows 10 (version 21H1)

  • KB5004237 -- 2021-07 Cumulative Update for Windows 10 Version  21H1

Additional resources

Summary
Microsoft Windows Security Updates July 2021 overview
Article Name
Microsoft Windows Security Updates July 2021 overview
Description
A full overview of the security updates and non-security updates that Microsoft released on the July 2021 Patch Day for client and server versions of the Windows operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Karsten Küpfer said on August 4, 2021 at 8:53 am
    Reply

    Lenovo notebook, same story as with Charlie

  2. Karsten Küpfer said on August 4, 2021 at 8:29 am
    Reply

    Stuck at 61% with the latest 20H2 update…made several attempts but no luck.

  3. Charlie said on July 16, 2021 at 12:49 am
    Reply

    And on my Lenovo G505 laptop I cannot get beyond 1909 because WU Feature Upgrade to W10 20H2 gets to 61% and hangs there until some days later it codes out (0xc1900104) with some kind of timeout error code. Probably because of Conexant HD Audio driver being noncompatible. Conexant went out of business, and company that bought the remains (Synaptics?) has no interest in providing updated driver.

  4. Tech hole said on July 15, 2021 at 6:48 am
    Reply

    Had anyone read about this update requiring the May one before working? Something to do with SSU no longer being packaged?

  5. ULBoom said on July 15, 2021 at 3:35 am
    Reply

    Wow, no more of the usual gHacks mentions on Woody. New management.

  6. Richard said on July 14, 2021 at 6:01 pm
    Reply

    KB5004245 will not install on Windows 10 1909 Pro. It gets to 98% and rolls back. Apparently it will only install on Windows 10 1909 Enterprise.

    1. ULBoom said on July 15, 2021 at 3:33 am
      Reply

      Same with 4945, ‘cept only gets to 7% on 21H1 Pro.

      Oh, well, I disabled updates, found a registry change that takes pause out as far as you want, Nov seems far enough.

    2. Peterc said on July 15, 2021 at 3:11 am
      Reply

      @Richard: Isn’t 1909 past end of support, *except* for Enterprise?

  7. John G. said on July 14, 2021 at 12:07 pm
    Reply

    Thanks @Martin! :]

  8. TelV said on July 14, 2021 at 7:51 am
    Reply

    As regards “2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2” don’t bother if you only want updates 3.5 and 4.5.2 for Windows 8.1 since the last update for both was October, 2020.

    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4578956

    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4578953

  9. TelV said on July 14, 2021 at 7:40 am
    Reply

    These days we see the word “Quality” all the way through Windows updates. But who is the beneficiary of the “Quality” aspect? Certainly not the user.

    And what sort of “Quality” is added I wonder. There’s never an explanation from Microsoft as to what that entails.

    Thanks anyway for the updates Martin.

  10. Paul(us) said on July 14, 2021 at 12:24 am
    Reply

    Thanks, Martin for guiding me to update KB5004237 – which took care of 68 vulnerabilities, from with the were 4 critical and 64 important.
    This update upgrades my o.s. system to Windows 10 pro version 21H1 (o.s. Build 19043.1110)

  11. Adam Smith said on July 14, 2021 at 12:24 am
    Reply

    Thanks Martin
    Helpful articles like this are the reason I visit hacks.net

    Martin, why can’t Microsoft default to just prompting users with new security updates only

    The vast majority of feature updates are not essential and pose the risk of rendering existing hardware and software nonfunctional

    1. Adam Smith said on July 14, 2021 at 12:25 am
      Reply

      Sorry for the autocorrect typo – ghacks.net

  12. Scott said on July 13, 2021 at 10:44 pm
    Reply

    In excecutive summary, Windows Server 2004 ?

  13. Martin P. said on July 13, 2021 at 10:31 pm
    Reply

    All good! Thanks for your great work!

  14. Citizenz said on July 13, 2021 at 10:22 pm
    Reply

    No one update fix the print nightmare vulnerability. The solution must be delivery end of 2021

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.