March 9, 2021

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users.

Top of the heap this month (apart from the ongoing, global Exchange Server mass-compromise) is a patch for an Internet Explorer bug that is seeing active exploitation. The IE weakness — CVE-2021-26411 — affects both IE11 and newer EdgeHTML-based versions, and it allows attackers to run a file of their choice by getting you to view a hacked or malicious website in IE.

The IE flaw is tied to a vulnerability that was publicly disclosed in early February by researchers at ENKI who claim it was one of those used in a recent campaign by nation-state actors to target security researchers. In the ENKI blog post, the researchers said they will publish proof-of-concept (PoC) details after the bug has been patched.

“As we’ve seen in the past, once PoC details become publicly available, attackers quickly incorporate those PoCs into their attack toolkits,” said Satnam Narang, staff research engineer at Tenable. “We strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible.”

This is probably a good place to quote Ghacks.net’s Martin Brinkman: This is the last patch hurrah for the legacy Microsoft Edge web browser, which is being retired by Microsoft.

For the second month in a row, Microsoft has patched scary flaws in the DNS servers on Windows Server 2008 through 2019 versions that could be used to remotely install software of the attacker’s choice. All five of the DNS bugs quashed in today’s patch batch earned a CVSS Score (danger metric) of 9.8 — almost as bad as it gets.

“There is the outside chance this could be wormable between DNS servers,” warned Trend Micro’s Dustin Childs.

As mentioned above, hundreds of thousands of organizations are in the midst dealing with a security nightmare after having their Exchange Server and Outlook Web Access (OWA) hacked and retrofitted with a backdoor. If an organization you know has been affected by this attack, please have them check with the new victim notification website mentioned in today’s story.

Susan Bradley over at Askwoody.com says “nothing in the March security updates (besides the Exchange ones released last week) is causing me to want to urge you to go running to your machines and patch at this time.” I’d concur, unless of course you cruise the web with older Microsoft browsers.

Update, Mar. .11, 9:32 a.m.: AskWoody now says any delay in patching may have been warranted. “We are seeing issues with printing after the March updates. Ghacks reports BSODs are being triggered after printing. It’s unclear if it’s all of the March operating system updates or just the Windows 10 versions. Note it appears that Microsoft has pulled the updates from Windows update but NOT from WSUS or the catalog site.”

Original story:

It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any kinks in the new armor.

But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

Additional reading:

Martin Brinkman’s always comprehensive take.

The SANS Internet Storm Center no-frills breakdown of the fixes.

 


37 thoughts on “Microsoft Patch Tuesday, March 2021 Edition

    1. Pam

      They are making me sign up for things I don’t want. And no way to opt out! Makes me so mad!!!

  1. PinsAndNeedles

    It seems Microsoft may have removed their March patches temporarily. When I checked a few minutes ago, it was not available for Windows 10 20H2 or for Windows Server 2019.

    What was available was
    – Windows Malicious Software Removal Tool (KB890830)
    – Security Intelligence Update for Microsoft Defender Antivirus – KB2267602
    – 2021-02 Cumulative Update Preview for Windows 10 (KB4601382), even though February patches were previously up to date
    – 2021-01 Update for Windows Server (KB4589208), even though February patches were previously up to date

    1. District Attorney

      The march cumulative update, KB5000802 has been pulled. Getting the same lists of updates as above.

    2. Ray

      Like others here, unable to pull down updates earlier. I am now seeing March updates becoming available for our Windows 2012 and 2016 servers.

    3. Karen

      I am receiving all kinds of lurid requests for serial favors. It includes 10 to 15 numbers and I cannot determine which download will circumvent the server breach. It’s making me crazy.

  2. john nicholson

    I checked this morning a few minutes ago. I am not seeing anything for windows 2012 r2 except the malicious software removal. Usually the is a big patch and some .net updates. Thgis is unusual to me.

  3. Erwan

    March Security Update (KB5000802 and siblings) was pulled because some PC are BSODing on boot (rare) and any PC that have a Kyocera/Zebra drivers BSOD as soon as you are trying to print.

    1. AdmiralCool

      most of our printers are kyoceras and 802 and/or 808 killed them all. had to put all patching on hold and rip it out of everyone it did get installed on

  4. John Dunleavy

    KB5000802 totally crashed my system Windows 10 Version 2004, hanging with the update partially installed and refusing to respond to any programs. A forced reboot made things worse and I had to hard power down, after which it tried to reinstall the patch and failed . I did a clean boot and tried again, at which point it installed some other updates that hadn’t been apparent previously and KB5000802 wasn’t listed as an option. System is now running again and I assumed that the update had been pulled. That was 3 hours of my day gone getting round Microsoft’s cock up.

  5. Jon

    Can anyone confirm that MS has pulled this back? I kept trying this morning and wasn’t being offered this KB, and just now was offered it and confirmed that it crashed on printing to a Kyocera printer. I don’t see anything in the Windows Health dashboard and nothing on the Windows Update sites. I am looking for a place that MS confirms when they pull updates.

    1. Jon

      Do you have Kyocera printers? I have only seen reports of those printers crashing it. I tested a Kyocera and crashed mine. But I was also on 20H2. You are using 1809 it appears.

      1. Steve C#

        What is the issue with Kyocera printers? At one of our sister companies they have Kyocera printers and they are regularly having driver related issues that cause crashes. We have Sharp and HP printers and have had none of these issues.

  6. ccarlo

    kb4603002 NET framework does not allow updates third software antiviruses engine

  7. dcmargo54

    My Windows machine downloaded and installed all updates without issue, including KB5000802.

  8. Wilderness

    I just installed KB4589212 and KB5000802 without any issues at all.

    1. george gibson

      I have one heck of a problem with KB4589212. It downloads and installs ok but restart gets to 30% and fails and cannot boot up again have to force my Asus Laptop into Auto Repair to get back on line. After several attempt’s wound up with a corrupted component store. Have had to hide this update and limit updates to essential only.

  9. KoSReader600000

    “Susan Bradley over at Askwoody.com says “nothing in the March security updates is causing me to want to urge you to go running to your machines and patch at this time.”

    “I’d concur… -BK

    “I now see MS-Defcon 1 with a line “Current Microsoft patches are causing havoc. Don’t patch.” which is the highest I have ever seen over at Askwoody dot com. Ether this is a mistake or some serious problems are occurring with Microsoft patches. Has anyone else seen “MS-Defcon 1” ?

  10. Drow

    If you have a hp laserjet print p1102 series then print documents over wifi. The bsod kb5000802 performance while print only affected if do with usb printer connected.

  11. Jim

    Okay. MS replaced 7 with Redmond Curse 10 bragging about how secure 10 would be. Bravo Sierra, the curse lives on. My 7 os is alive and well. MS stopped support? MS has never supported any OS. With 10 they have control of computers more than ever.

    1. Mealy

      Literal always-on logs of how long you spend in each application, and they keep re-enabling phone home to get that data even after the user turns it off, because of course they do.

      RDP issues forever, now Kyocera drivers are blowing up BSOD?
      That’s a fairly well known vendor. Not a good look for MS QA.
      Again. And again. Like there’s money in failing like this? Is there?

  12. Mason

    I ran into the BSOD issue this morning, with a PC attempting to print to a Kyocera printer. I uninstalled the rollup package and confirmed that printing was no longer causing the BSOD.

    It is possible to uninstall the rollup package using this command.

    dism /Online /Remove-Package /PackageName:Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8

    If you prefer, you can confirm that this is the correct package name by running this command and selecting the rollup package name.

    dism /online /get-packages /format:table | findstr 19041.867

  13. glass of gin

    Terry A. Davis made his own Operating System and compiler by himself. One man! Yet look how many problematic updates we’re seeing from a company that has billions and how many talented people?

    @Mason:

    I don’t think Grandma knows how to do all of that stuff. Yet more proof that Windows 10 is not ready for the desktop.

  14. Andrew

    We have Kyocera printers across our business and have the BSOD on all Windows 10 that have had KB5000802 applied. Complete nightmare.

  15. Chris Pugson

    Before every second Tuesday of each month, people are on tenterhooks waiting for the possible bricking of their vital Windows PC. In the pandemic, the computer is a vital utility but Microsoft continues to press on with adding features to Windows 10, many of which are irrelevant to ordinary consumers. There is clearly no priority given to reliability and when a bad update strikes, the ordinary user has a serious problem. Windows 10 is suitable for environments where quality tech support is readily available. It is not a consumer product.

    Thank heaven for Windows 7 which provides a dependable lifeline in the last resort when Microsoft’s jewel product is glitched. It is possible to keep Windows 7 passably secure with available tools and methods of configuration but only to be used where security matters as a last resort. It’s fine for just surfing though.

    Microsoft is on a slippery downward path. In Microsoft Update Catalog, try searching for ‘2021-03 Windows 8.1’. A report of nothing found is returned but a search for 2021-03 Windows 10′ does return results.

  16. Mazza

    Unable to sign into my laptop since the March 21 update. Cannot uninstall or revert as option greyed out. Unable to do anything with the laptop. Microsoft should stop releasing these updates on users before they have some idea they are actually safe. I have written to Microsoft but no response, I suspect they are a little overrun with complaints.

    1. Chris Pugson

      I have a HP LaserJet 1100 connected to a Windows 7 system. My Windows 10 2004/20H2 devices print over both ethernet and WiFi connections to the 1100 without problems.

  17. Scott Duncan

    Since the March update my computer is a brick. I have tried bloody everything, and it is still stuffed. My only option left is to rip out the hard drive, put it into a desktop, copy everything across, then reformat the damn hard drive. BUT WHY THE HELL SHOULD I HAVE TO?????
    Now one damn clever piece of advice from ex-girlfriend which I will follow in the future. She has set up her system to “IGNORE” Microsoft. She does not have problems.

    1. mealy

      She may just not be aware of them yet.

      You actually don’t have to reformat to fix this, but you do you!

  18. Bab

    I’m uninstalling all updates I got in early March. Since installing KB5000802, KB4589212, and KB4601554 and a ‘servicing stack 10.0.19041.860 my system has not been working right. Windows freezes if I try to open the start menu usually after my system comes out of hibernation. Keyboard stops working. Have to hard-shut down to fix it. I know its one of those updates because everything was fine before them.

  19. Alex

    KB5000802 on win 10 20H2 broke DNS on 4 workstations from a pool of 100. Removing the update immediately allowed those machines to connect to the internet using our internal DNS servers. Update is now blocked in WSUS and won’t be allowed back in. Absolutely broken.

    1. Alex

      Thanks Susan. Appreciate the response and it does seem as though these 4 machine may be an oddity as there are no other reports of DNS issues. Maybe a placebo effect of removing the 5000802 and the machines coming back to life. I’ll give your suggestion a shot. Thanks!

Comments are closed.