WINDOWS 10 KB5004237

Windows 10 KB5004237 applies to Windows 10 2004 and above, Windows Server 2004 and above. The build is 19041.1110.

  • Addresses an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port. After installing this update, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue.
  • Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers.
  • Adds Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. For more information, see KB5004605.
  • Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed.
  • Security updates to Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.

The products and services affected include Microsoft Windows, Exchange Server, Microsoft Office, Dynamics, SharePoint Server, Internet Explorer, Bing, Visual Studio, OpenEnclave, and Windows Storage Spaces Controller. Thirteen are classified as Critical, 103 are Important, and one is ranked Moderate in severity. May and June brought 55 and 50 patches, respectively — and reminiscent of the larger rollouts Microsoft had throughout 2020. Last year’s monthly patch count consistently topped 100; this year, they’ve been somewhat smaller.

Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets’ machines. Redmond said at least 100 people – from politicians, human rights activists, and journalists, to academics, embassy workers and political dissidents – have had their systems infiltrated by Sourgum’s code; about half are in Palestine, and the rest dotted around Israel, the United Kingdom. Iran, Lebanon, Yemen, Spain, Turkey, Armenia, and Singapore. Most likely the exploit is pervasive.

The Israeli NSO Group has also been implicated in surveillance against journalists. This is an example of the abuses that demand free press be recognized globally. Signal is a secure messenger but its possible to attack the mobile handset with malware which can pervert the secure messages. Jamal Khashoggi was murdered for being a journalist. Snowden revealed the existence of the spyware. The Washington Post and 16 other news organizations all investigated the murder of Jamal Khashoggi. NSO Group’s Pegasus spyware is licensed to governments around the world and can hack a mobile phone’s data and activate the microphone, according to the report. NSO said the spyware is only used to surveil terrorists and other criminals.

The graphic shows some techniques used to intercept messages and communications. Malicious attacks on browsers are a constant problem for safety. Attacking Microsoft Office is another common vector.

Candiru’s Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets computers, phones, network infrastructure, and internet-connected devices.

It’s important that updates are installed immediately to protect servers and workstations from security threats. Many threats patched are in the wild forcing Microsoft to move quickly.

NB: Visual Studio 2019 needs to be manually updated. This needs to be modernized to use Windows update.