- October 2021 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Microsoft Windows Security Updates October 2021 overview
Microsoft released security patches for all supported versions of its Windows operating system today on the October 2021 Patch Tuesday. The company released the first patch for Windows 11, the new version of Windows, which it releases last week, as well as for other client and server versions of the operating system.
Microsoft released updates for other company products as well, including .NET Core and Visual Studio, Active Directory Federation Services, and Microsoft Office.
Our overview of the October 2021 Patch Day provides you with essential information. It lists all released security updates and non-security updates, lists downloads and links to support patches, all known issues as reported by Microsoft, and other information that is relevant to making fast educated decisions when it comes to patching.
Click here to open the September 2021 Windows Patch Day overview here.
The Microsoft Windows Security Updates: October 2021
Click here to download an Excel spreadsheet that lists all released security updates: microsoft-windows-security-updates-october-2021
Executive Summary
- All Windows 10 and 11 systems have patches for critical vulnerabilities.
- Windows 11 has received its first update, KB5006674. It resolves a known issue with Intel networking software and the operating system.
- Windows versions with known issues: Windows 7, Windows 8.1, Windows 10 version 1809, Windows 10 version 20H2, Windows Server 2019, Windows Server 2008 R2, Windows Server 2012
Operating System Distribution
- Windows 7 (extended support only): 19 vulnerabilities: 0 critical and 19 important
- Windows 8.1: 27 vulnerabilities: 0 critical and 27 important
- Windows 10 version 1909: 37 vulnerabilities: 1 critical and 36 important
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
- Windows 10 version 2004, 20H2 and 21H1 : 39 vulnerabilities, 1 critical and 38 important
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
- Windows 11: 39 vulnerabilities, 2 critical and 38 important
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-38672
Windows Server products
- Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 0 critical and 20 important
- Windows Server 2012 R2: 28 vulnerabilities: 0 critical and 28 important
- Windows Server 2016: 33 vulnerabilities: 0 critical and 33 important
- Windows Server 2019: 40 vulnerabilities: 1 critical and 39 important
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
- Windows Server 2022: 43 vulnerabilities: 2 critical and 41 important
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-40461
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2021-38672
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
Updates and improvements:
- Addresses an issue in which an Internet print server cannot package the driver to send to the client.
- Addresses an issue in which Security Account Manager (SAM) events are not displayed properly in the Event Viewer.
- Adds a new Policy setting to ensure that only admins can install printer drivers on a print server. More information is available on this support page.
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- RestrictDriverInstallationToAdministrators
- Value: 1
- Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:
- Package Point and Print - Approved Servers
- Point and Print Restrictions
It is unclear which of these are also included in the Security-Only update. Microsoft simply states:
- This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
Windows 8.1 and Windows Server 2012 R2
Updates and improvements:
- Addresses an issue in which a user does not have a way to track DCOM activation failures on a server that is running Windows Server 2012 R2.
- Addresses an issue in which an Internet print server cannot package the driver to send to the client.
- Addresses an issue in which Security Account Manager (SAM) events are not displayed properly in the Event Viewer.
- In Internet Explorer 11 for Windows 8.1 and Windows Server 2012 R2, certain circumstances might cause Enterprise Mode Site List redirection from Internet Explorer 11 to Microsoft Edge to open the site in multiple tabs in Microsoft Edge.
- Adds a new Policy setting to ensure that only admins can install printer drivers on a print server. More information is available on this support page.
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- RestrictDriverInstallationToAdministrators
- Value: 1
- Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:
- Package Point and Print - Approved Servers
- Point and Print Restrictions
It is unclear which of these are also included in the Security-Only update. Microsoft simply states:
- This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
Windows 10 version 1909
- Support Page: KB5006667
Updates and improvements:
- Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protection for Export Address Filtering (EAF).
Windows 10 version 2004, 20H2 and 21H1
- Support Page: KB5006670
Updates and improvements:
- Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protectionfor Export Address Filtering (EAF).
Windows 11
- Support Page: KB5006674
Updates and improvements:
- Addresses known compatibility issues between some Intel “Killer” and “SmartByte” networking software and Windows 11 (original release). Devices with the affected software might drop User Datagram Protocol (UDP) packets under certain conditions. This creates performance and other issues for protocols based on UDP. For example, some websites might load slower than others on the affected devices, which might cause videos to stream slower in certain resolutions. VPN solutions based on UDP might also be slower.
Other security updates
2021-10 Cumulative Update for Windows 10 Version 1607 (KB5006669)
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699)
2021-10 Cumulative Security Update for Internet Explorer (KB5006671)
2021-10 Security Only Quality Update for Windows Server 2008 (KB5006715)
2021-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5006736)
2021-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5006732)
2021-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5006739)
Servicing Stack Updates
2021-10 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006749)
2021-10 Servicing Stack Update for Windows Server 2008 (KB5006750)
Known Issues
Windows 7 and Server 2008 R2
- Updates may fail to install if the system is not an ESU system. Expected behavior.
- Certain file operations may fail on cluster shared volumes.
- Perform the operation from a process with elevated rights.
- Perform the operation from a node that does not have CSV ownership.
Windows 8.1 and Server 2012 R2
- Certain file operations may fail on cluster shared volumes.
- Perform the operation from a process with elevated rights.
- Perform the operation from a node that does not have CSV ownership.
Security advisories and updates
ADV 990001 -- Latest Servicing Stack Updates
Non-security updates
2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 (KB5006064)
2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006066)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for (KB5005537)
2021-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006761)
2021-10 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006762)
2021-10 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5006763)
2021-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5006764)
2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5006067)
2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006060)
2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5006061)
2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006063)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 (KB5005538)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5005539)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5005540)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5005541)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5005543)
2021-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5006065)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5006765)
Microsoft Office Updates
You find Office update information here.
How to download and install the October 2021 security updates
All released security updates for Windows are available via Windows Update, other update management systems, and as direct downloads. Windows 11 systems that don't meet the minimal system requirements may install the update via Windows Update as well.
To run a check for updates, do the following on Windows devices:
- Select Start, type Windows Update and load the Windows Update item that is displayed.
- Select check for updates to run a manual check for updates.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 7 and Server 2008 R2
- KB5006743 -- 2021-10 Security Monthly Quality Rollup for Windows 7
- KB5006728 -- 2021-10 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB5006714 -- 2021-10 Security Monthly Quality Rollup for Windows 8.1
- KB5006729 -- 2021-10 Security Only Quality Update for Windows 8.1
Windows 10 (version 1909)
- KB5006667 -- 2021-10 Cumulative Update for Windows 10 Version 1909
Windows 10 (version 2004)
- KB5006670 -- 2021-10 Cumulative Update for Windows 10 Version 2004
Windows 10 (version 20H2)
- KB5006670 -- 2021-10 Cumulative Update for Windows 10 Version 20H2
Windows 10 (version 21H1)
- KB5006670 -- 2021-10 Cumulative Update for Windows 10 Version 21H1
Windows 11
- KB5006674 -- 2021-10 Cumulative Update for Windows 11
So my question is, if I download this month’s updates from the Microsoft Catalog, do they still remove the built in Adobe Flash component?
Is someone able to answer this at all?
Thank you for all your efforts wit this site – with that said, where are the OCT update reviews?
Thanks for helping me update to Windows 10 pro. Version 21H1 (O.S. build 19043.1288).
In the light that unsupported devices seem to have to possibility to update I am wondering about thoughts:
1.) does the upgrade from the last Windows o.s. ever is realized because of a deal with the hardware suppliers?
2.) Is Windows 11 one of those release from Microsoft where everything is wrong like Vista, etc.?
As usual, Windows 7-8 are more secure than 10-11. I can’t recall a single month going back to 2013 that Windows 10 didn’t have the same or more number of critical vulnerabilities as 7-8. Looks like Windows 11 is continuing that trend of being even less secure. Microsoft shills and fanboys in shambles.
By the way I have discovered that W11 has Powershell version 5.1 not 7.1.4 (latest).
@Martin thanks for the effort, the Windows family is growing! :]
Windows 11 on incompatible PCs get the updates too.
For now, but there’s no guarantee it’ll stay that way. They obviously have some checks planned or already in place but not enabled with the whole “might not receive updates” threat. I really wouldn’t risk running Windows 11 on unsupported hardware and would likely just stick with 10.
Good advice but what I think they’re doing is saying they don’t support certain devices (officially) but continue to support those devices anyway. The goal is to get everyone to upgrade their computers. Microsoft has worked with Dell for Xbox Series X and related partnerships, I’m sure this is how they’re trying to make this a win/win for both companies to get people to upgrade their computers.