Applies ToAzure Stack HCI, version 20H2

Release Date:

6/07/2021

Version:

OS Build 17784.1798

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system’s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.

For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

To return to the Azure Stack HCI documentation site

Known issues in this update

Symptom

Workaround

You might have issues installing this update by using the Windows Admin Center or Cluster Aware Updating (CAU) through the Windows Update Plugin.

This issue is resolved in KB5004311.

How to get this update

The July 6, 2021 security update (KB5004961) for Azure Stack HCI is delivered from the release channels below. To install it on your Azure Stack HCI cluster, see Update Azure Stack HCI clusters.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Windows Update for Business

Yes

None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Product: Azure Stack HCI

Classification: Security Updates

File Information

For a list of the files that are provided in this update, download the ile information for cumulative update 5004961.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.