KB5008218 Security Update for Windows 10 Version 1809

December security update for the Windows 10 operating system has been made available by Microsoft. Windows 10 has multiple versions and builds that may be running on your infrastructure or corporate networks. Before making an update on a Windows 10 system, you will need to make sure that the Windows 10’s correct version is known to you. On this study note, we will understand the KB5008218 security update that focuses on updating Windows 10 version 1809.

This security update follows the last security update KB5007187; and will need a reboot of the target computer. So, you may want to plan some sort of planned maintenance to get this update rolled out to the Windows 10 version 1809 computers.

How can I get the KB5008218 for Windows 10 version 1809

The security update for Windows 10 version 1809 will take your build to version OS Build 17763.2366. This cumulative update can be updated on a Windows 10 computer in either of the following ways:

  • KB5008218 can be downloaded from the Microsoft Update catalog website. The link to download KB5008218 from the Microsoft website is – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008218. The KB5008218 for x64 based computers is available for download from this page. It weighs 554.5 MB. Manually downloading the update is preferred by many system administrators for patching the Windows 10 computers.
  • You can get the update automatically using the Windows Update program on your Windows 10 computer.
  • Windows Update for Business will help you patch Windows 10 Pro version computers automatically.
  • Finally, Windows Server Update Service (WSUS) can also help in automatic sync between the KB5008218 security update and your Windows 10 computer. For this to happen, you will need to set the WSUS configuration to use Windows 10 as the product type, and security update as the product classification.

What improvements or bug fixes have been implemented as part of KB5008218 for Windows 10 version 1809?

The KB5008218 security update focuses on addressing issues with the Microsoft Defender. This update fixes a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation. 

What vulnerabilities have been resolved under KB5008218 for Windows 10 version 1809

There are 27 critical or important security vulnerabilities that have been resolved on Windows 10 version 1809 through the security update KB5008218. The following vulnerabilities have been resolved on the security update KB5008218 for Windows 10 version 1809:

Critical Remote Code execution vulnerabilities resolved under KB5008218

There are three remote code execution vulnerabilities that have been resolved in the cumulative update KB5008218 for Windows 10 version 1809. Remote code execution vulnerabilities can allow a remote attacker to deploy and execute malicious code on the affected target computer. The security vulnerabilities of a critical nature that have been resolved in KB5008218 for Windows 10 Version 1809 are:

  • CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. It requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
  • CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
  • CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.

Remote code execution – important severity – KB5008218 for Windows 10 version 1809

Security update KB5008218 resolves 2 important severity level vulnerabilities on the Windows 10 version 1809. The vulnerabilities that have been resolved are as hereunder:

  • CVE-2021-43232 – carries a CVSS score of 7.8 and affects the Windows Event Tracing Service.
  • CVE-2021-43234 – carries a CVSS score of 7.8 and affects Windows Fax Service.

The two components or services affected by these vulnerabilities need to be patched with the KB5008218 security update.

Elevation of Privileges resolved under KB5008218 for Windows 10 version 1809

Elevation of privileges can cause an attacker to assume elevated authentication credentials on the target computer. There is 12 ‘elevation of privileges’ vulnerabilities on Windows 10 version 1809 that have been resolved under the security update KB5008218 for Windows 10. All these vulnerabilities have important severity levels for the affected Windows 10 computers. These vulnerabilities are mentioned below:

  • CVE-2021-43893 – CVSS score of 7.5 and affects Windows Encrypting File System (EFS)
  • CVE-2021-43883 – CVSS score of 7.8 and affects Windows Installer
  • CVE-2021-43248 – CVSS score of 7.8 and affects Windows Digital Media Receiver
  • CVE-2021-43247 – CVSS score of 7.8 and affects Windows TCP/IP driver.
  • CVE-2021-43238 – CVSS score of 7.8 and affects Windows Remote Access.
  • CVE-2021-43231 – CVSS score of 7.8 and affects Windows NTFS.
  • CVE-2021-43230 – CVSS score of 7.8 and affects Windows NTFS.
  • CVE-2021-43229 – CVSS score of 7.8 and affects Windows NTFS.
  • CVE-2021-43226 – CVSS score of 7.8 and affects Windows Common Log File System Driver.
  • CVE-2021-43223 – CVSS score of 7.8 and affects Windows Remote Access Connection Manager.
  • CVE-2021-41333 – CVSS score of 7.8 and affects Windows Print Spooler.
  • CVE-2021-43207 – CVSS score of 7.8 and affects Windows Common Log File System Driver.

Information disclosure vulnerabilities resolved on Windows 10 under KB5008218

Information disclosure vulnerabilities result in data theft. Data could be personal or business in nature. There are 7 information disclosure vulnerabilities that have been patched in the KB5008218 security update for Windows 10 version 1809. The vulnerabilities that have been fixed are mentioned below:

  • CVE-2021-43244 – CVSS score of 6.5 and affects Windows Kernel.
  • CVE-2021-43236 – CVSS score of 7.5 and affects Microsoft Messaging Queue
  • CVE-2021-43235 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
  • CVE-2021-43227 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
  • CVE-2021-43224 – CVSS score of 5.5 and affects the Windows Common Log File System Driver.
  • CVE-2021-43222 – CVSS score of 7.5 and affects Microsoft Messaging Queue.
  • CVE-2021-43216 – CVE-2021-43216 – CVSS score of 6.5 and affects Microsoft Local Security Authority Server (lsasrv).

Denial of Service (DoS) vulnerabilities on Windows 10 version 1809 resolved in KB5008218

The security update KB5008218 for Windows 10 version 1809 resolves three denial of service vulnerabilities. These vulnerabilities are given below:

  • CVE-2021-43246 – carries a CVSS score of 5.6 and affects Windows Hyper V service.
  • CVE-2021-43228 – carries a CVSS score of 7.5 and affects SymCrypt.
  • CVE-2021-43219 – carries a CVSS score of 7.4 and affects DirectX Graphics Kernel File.

Two of these three vulnerabilities have a significant impact on the affected systems of Windows 10.

Windows 10 version 1809 December security update KB5008218 takes care of 27 vulnerabilities that have been fixed during the period between November 10th to December 14th. The update does need a reboot. Therefore, we do suggest a maintenance window to roll out the KB5008218 update on the affected Windows 10 version 1809 computers.

You may also like to read the following content related to updates on Windows: