Windows 10: First builds for 2021 just arrived, loaded with security updates

Microsoft flags extra security fixes for Windows 10 that admins should address beyond the Patch Tuesday updates.

ZDNet guides you through the maze of Windows 10 updates

With the January 2021 Patch Tuesday security fixes out, Microsoft has released new Windows builds for Windows 10 versions 1909 and up. 

For systems on Windows versions 20H2 and 2004, Microsoft has the update KB4598242 with 19041.746 for version 2004 and 19042.746 for 20H2. PCs on version 1909 get KB4598229 with build 18363.1316, while users with version 1903 get... nothing, since it reached end of service on December 8

Microsoft started nudging 1903 systems up to 1909 last year and recommends users on version 1903 install the version 1909 enablement package to make the upgrade easier

SEE: Cheat sheet: Windows 10 PowerToys (free PDF) (TechRepublic)

Microsoft also released the 20H2 Build 19042.746 (KB4598242) to the Beta and Release Preview Channels for Insiders on 20H2.

Besides the 83 security fixes Microsoft disclosed in the Patch Tuesday update, Microsoft points to two key security improvements for 20H2 and 2004, including bolstering security when using connected devices, such as game controllers, printers, and web cameras; an improvements to the security of Windows when perfuming "basic operations". 

The build for Windows 10 version 1909 lists the same security improvements plus additional security improvements when using Office products. 

Additionally, the new 1909 build fixes a security flaw affecting HTTPS-based intranet servers. After installing the update, it prevents HTTPS-based intranet servers from using a user proxy, by default, to detect updates. Scans with these servers will fail if an admin hasn't configured a system proxy on the client. 

"If you must use a user proxy, you must configure the behavior using the policy 'Allow user proxy to be used as a fallback if detection using system proxy fails'," Microsoft explains. 

"To ensure the highest levels of security, also use Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. This change does not affect customers who are using HTTP WSUS servers."

SEE: Programming languages: Microsoft TypeScript leaps ahead of C#, PHP and C++ on GitHub

Microsoft also draws attention to a security bypass vulnerability in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. This issue affects authentication between clients and servers and relates to the bug tagged as CVE-2021-1678, an NTLM security feature bypass.

Microsoft warns that admins need to follow two steps to protect an environment and prevent outages: 

  1. Update all client and server devices by installing the January 12, 2021 Windows update or a later Windows update. Be aware that installing the Windows update does not fully mitigate the security vulnerability and might impact your current print setup. You must perform Step 2.
  2. Enable Enforcement mode on the print server. Starting with the June 8, 2021 update, Enforcement mode will be enabled on all Windows devices. 

The update also addresses a bug that can happen after running the command chkdsk /f that might damage the file system of some devices. As Ghacks reported in December, this issue was known to affect Windows 10 20H2 after installing the December 8, 2020 update.