Microsoft Windows Security Updates November 2021 overview
This guide offers an overview of the security updates and non-security updates that Microsoft released for its products on the November 2021 Patch Day. Microsoft released updates for all supported client and server versions of Windows, including Windows 11, and for other company products such as Microsoft Office.
Most Windows updates are cumulative, and the most recent updates for Windows includes the patches of the optional updates that Microsoft released after the October 2021 Patch Day.
The overview begins with an executive summary that summarizes the most important information. Then you find the operating system distribution, information about all updates for client versions of Windows, including known issues confirmed by Microsoft, lists of other security and non security updates, and download information.
The Microsoft Windows Security Updates: October 2021
Click here to download a spreadsheet that includes all released security updates by Microsoft on today's Patch Day: Security Updates 2021-11-09-microsoft-windows
Executive Summary
- All Windows 10 and 11 systems have patches for critical vulnerabilities.
- Windows versions with known issues: Windows 7, Windows 8.1, Windows 10 version 1607, 1809, and 1909, Windows 10 versions 2004, 20H2, 21H1, Windows Server 2022, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008.
- Microsoft released updates for other products, including 3D Viewer, Azure, Azure RTOS and Sphere, Microsoft Dynamics, Microsoft Office, and Visual Studio and Visual Studio Code.
- Windows 10, version 2004 will reach end of servicing on December 14, 2021
Operating System Distribution
- Windows 7 (extended support only): 11 vulnerabilities: 1 critical and 10 important
- Remote Desktop Client Remote Code Execution Vulnerability -- CVE-2021-38666
- Windows 8.1: 13 vulnerabilities: 1 critical and 12 important
- Same as Windows 7.
- Windows 10 version 1909: 22 vulnerabilities: 3 critical and 19 important
- Chakra Scripting Engine Memory Corruption Vulnerability -- CVE-2021-42279
- Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability -- CVE-2021-26443
- Remote Desktop Client Remote Code Execution Vulnerability -- CVE-2021-38666
- Windows 10 version 2004, 20H2 and 21H1 : 24 vulnerabilities, 3 critical and 21 important
- same as Windows 10 version 1909
- Windows 11: 21 vulnerabilities, 3 critical and 18 important
- same as Windows 10 version 1909
Windows Server products
- Windows Server 2008 R2 (extended support only): 15 vulnerabilities: 1 critical and 14 important
- Remote Desktop Client Remote Code Execution Vulnerability -- CVE-2021-38666
- Windows Server 2012 R2: 17 vulnerabilities: 1 critical and 16 important
- same as Windows Server 2008 R2.
- Windows Server 2016: 24 vulnerabilities: 2 critical and 22 important
- Chakra Scripting Engine Memory Corruption Vulnerability -- CVE-2021-42279
- Remote Desktop Client Remote Code Execution Vulnerability -- CVE-2021-38666
- Windows Server 2019: 27 vulnerabilities: 2 critical and 25 important
- same as Windows Server 2016
- Windows Server 2022: 26 vulnerabilities: 3 critical and 23 important
- Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability -- CVE-2021-26443
- Remote Desktop Client Remote Code Execution Vulnerability -- CVE-2021-38666
- Chakra Scripting Engine Memory Corruption Vulnerability -- CVE-2021-42279
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
Updates and improvements:
- Fixes an issue that could prevent devices from downloading and installing printer drivers "when the devices attempt to connect to a network printer for the first time".
- Fixes a printing issue that prevents an "Internet print server from properly packaging modified printer properties before sending the package to the client".
- Addresses an issue of a 0 (zero) width Pen to render one pixel regardless of transformation. (monthly rollup only)
- Security updates
Windows 8.1 and Windows Server 2012 R2
Updates and improvements:
- Same as Windows 7 above.
Windows 10 version 1909
- Support Page: KB5007189
Updates and improvements:
- Fixes an issue that might prevent the installation of printers using IPP (Internet Printing Protocol).
- Addresses an issue of a 0 (zero) width Pen to render one pixel regardless of transformation.
- Adds a feature to facilitate certain cross-browser data transfers.
- Addresses an issue in JScript9.dll with PropertyGet.
- Fixes an issue with Assigned Access Kiosks and Microsoft Edge, which caused Edge to fail to restart.
- Improved Microsoft Defender for Endpoint's ability to identify and intercept ransomware and advanced attacks.
- Fixed a File Explorer stops responding issue.
- Security updates.
Windows 10 version 2004, 20H2 and 21H1
- Support Page: KB5007186
Updates and improvements:
- Addresses an issue of a 0 (zero) width Pen to render one pixel regardless of transformation.
- Security updates.
Windows 11
- Support Page: KB5007215
Updates and improvements:
- Fixes the application startup issue.
- Addresses an issue "in which certain apps might have unexpected results when rendering some user interface elements or when drawing within the app".
- Security updates.
Other security updates
2021-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5007245)
2021-11 Security Only Quality Update for Windows Server 2008 (KB5007246)
2021-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5007260)
2021-11 Security Monthly Quality Rollup for Windows Server 2008 (KB5007263)
2021-11 Dynamic Cumulative Update for Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5007186)
2021-11 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5007192)
2021-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5007205)
2021-11 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5007206)
2021-11 Cumulative Update for Windows 10 (KB5007207)
Servicing Stack Updates
Known Issues
Windows 7 SP1 and Windows Server 2008 R2
- Updates may be rolled back if the machine that is not supported for ESU.
- Operations may fail on Cluster Shared Volumes.
- Workaround 1: perform the operations from a process with administrative privileges.
- Workaround 2: perform the operation from a node that does not have CSV ownership.
- Print clients may throw errors when connecting to a remote printer shared on a Windows print server. Errors that Microsoft lists are: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x00000709 (ERROR_INVALID_PRINTER_NAME)
- Microsoft is investigating the issue.
Windows 8.1 and Windows Server 2012 R2
- Operations may fail on Cluster Shared Volumes.
- Workaround 1: perform the operations from a process with administrative privileges.
- Workaround 2: perform the operation from a node that does not have CSV ownership.
- Print clients may throw errors when connecting to a remote printer shared on a Windows print server. Errors that Microsoft lists are: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x00000709 (ERROR_INVALID_PRINTER_NAME)
- Microsoft is investigating the issue.
Windows 10 version 1909
- Print clients may throw errors when connecting to a remote printer shared on a Windows print server. Errors that Microsoft lists are: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x00000709 (ERROR_INVALID_PRINTER_NAME)
- Microsoft is investigating the issue.
Windows 10 versions 2004, 20H2 and 21H1
- Microsoft Edge Chromium may not replace Microsoft Edge Legacy if custom offline media or custom ISO images were used to install or upgrade Windows.
- Workarounds available on the support page.
- Some devices can't update after installing the June 21, 2021 update. The error "PSFX_E_MATCHING_BINARY_MISSING" is thrown in this case.
- Check out Microsoft's support page for the issue here.
- Connections may fail to authenticate when using smart card authentication when connecting to devices in an untrusted domain using Remote Desktop. The error our credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red may be displayed.
- Microsoft has executed a Known Issue Rollback, which should take care of the issue.
- Print clients may throw errors when connecting to a remote printer shared on a Windows print server. Errors that Microsoft lists are: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x00000709 (ERROR_INVALID_PRINTER_NAME)
- Microsoft is investigating the issue.
Security advisories and updates
ADV 990001 -- Latest Servicing Stack Updates
Non-security updates
2021-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5007149)
2021-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5007150)
2021-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5007299)
2021-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5007300)
2021-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5007301)
2021-11 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5007302)
2021-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5007153)
2021-11 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5007154)
2021-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5007156)
2021-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5007157)
2021-11 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5007167)
2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for (KB5006363)
2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5006364)
2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5006365)
2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5006366)
2021-11 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5006368)
2021-11 Update for Windows 10 Version 1909 (KB5007114)
2021-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5007152)
2021-11 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5007298)
Microsoft Office Updates
You find Office update information here.
How to download and install the November 2021 security updates
Security updates are distributed automatically to most Home versions of Windows. Windows Update is set to download and install security updates automatically. Organizations may use update management systems, e.g. WSUS, to manage updating on company machines.
Updates are not delivered in real-time, and that means that you may get them early by searching for them manually. In any event, it is advised to create a system backup before updates are installed.
Here is how you may check for updates manually:
- Select Start, type Windows Update and load the Windows Update item that is displayed.
- Select check for updates to run a manual check for updates.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 7 and Server 2008 R2
- KB5007236 -- 2021-11 Security Monthly Quality Rollup for Windows 7
- KB5007233 -- 2021-11 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB5007247-- 2021-11 Security Monthly Quality Rollup for Windows 8.1
- KB5007255 -- 2021-11 Security Only Quality Update for Windows 8.1
Windows 10 (version 1909)
- KB5007189 -- 2021-11 Cumulative Update for Windows 10 Version 1909
Windows 10 (version 2004)
- KB5007186 -- 2021-11 Cumulative Update for Windows 10 Version 2004
Windows 10 (version 20H2)
- KB5007186 -- 2021-11 Cumulative Update for Windows 10 Version 20H2
Windows 10 (version 21H1)
- KB5007186 -- 2021-11 Cumulative Update for Windows 10 Version 21H1
- KB5007215 -- 2021-11 Cumulative Update for Windows 11
Additional resources
- November 2021 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
I wish MS would notify you before they start updating…just so a person knows…because my system slows down, and gets somewhat freezy and buggy and it takes me a while to finally wonder if it’s Win updates? Then when I check in Settings—yup. Downloading and installing updates. Thanks MS!
You can configure when you want Windows to install the updates or you can do it manually. You have go to settings in windows updates to makes changes. If this is at the enterprise level you even have more control if you manage the GPO or less if your managed by GPO depending how things are setup.
Win 7-8 consistently have less critical security patches every month for years vs win 10 and now win 11. Spyware, butchered productivity, forced buggy updates, and adverts > security to MS.
Microsoft Dynamics? A rocket division?
Appears some aspects of printing have been permanently mangled; has always worked fine for us.
I survived the October updates with no issues. Yay!
The powershell Chredge Remover still works.
ViVeTool still works to remove AdJunkware from top of Settings Home page.
Things are peachy!
Thanks Martin, for helping me understand the updates, witch implemented quit smoothly/fast, to Windows 10 pro. version 21H1 (o.s. build 19043.1348).
Do I understand that the printing problems are partly solved?
Not solved…
Thanks @Vdias! Hopefully it will be solved before the end of the year.