The security update for Windows 10 operating system has been released by Microsoft on 14th December. This update covers the various security vulnerabilities that have been addressed for the period between 10th November to 14th December. This update covers fix for 21 vulnerabilities. Out of these 21 vulnerabilities, 3 are of a critical nature and the remaining 18 are of important impact on the Windows 10 based infrastructure.
How can I apply the security update KB5008230 on Windows 10 computers?
Security update KB5008230 can be applied to the system in one of the following four ways:
- KB5008230 can be applied automatically through the Windows Update program on your computer.
- KB5008230 can be applied automatically through the Windows Update for business
- Windows Server Update Service can also apply the update automatically. You need to set the WSUS to ensure that is configured to sync with the security updates for Windows 10.
- You can apply the security update manually through a download from the Microsoft Windows Update catalog. The update can be downloaded from the following URL: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008230
KB5008230 is valid for x64 based computers running Windows 10. You will update the Windows 10 system to build 10240.19145. The update weighs close to 1200 Mb.
Critical vulnerabilities resolved on Windows 10 in KB5008230
There are 3 critical vulnerabilities that have been patched in Windows 10 security update KB5008230. We provide the details of these vulnerabilities for your ready reference below:
- CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. It requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
- CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
- CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.
Overall, the KB5008230 security update patches the vulnerabilities of critical nature and potentially prone to remote code execution. All these vulnerabilities require immediate patching. A remote attacker can use the security gaps to execute malicious code on the computer.
Elevation of Privileges vulnerability resolution – KB5008230
An attacker could use the vulnerabilities on Windows 10 to elevate credentials and execute commands with the elevated privileges. This would also include installing malicous code on the affected system. The following vulnerabilities are of important severity and must be taken care of:
- CVE-2021-43893
- CVE-2021-43883
- CVE-2021-43248
- CVE-2021-43238
- CVE-2021-43230
- CVE-2021-43229
- CVE-2021-43226
- CVE-2021-43223
- CVE-2021-41333
- CVE-2021-43207
There are 10 vulnerabilities on the Windows 10 build that could potentially be used to cause elevation of privileges.
Remote code execution vulnerabilities with important severity – KB5008230
There are a couple of security vulnerabilites on Windows 10 that have an important severity level. These too have been resolved as part of the security update KB5008230 for Windows 10. The vulnerabilities are stated below for your ready reference.
- CVE-2021-43232
- CVE-2021-43234
Information Disclosure vulnerabilities resolved in KB5008230
Information disclosure vulnerabilities could lead to data theft. It could be business data or personal data. The information disclosure vulnerabilities that have been resolved in the security update KB5008230 for Windows 10 are mentioned below:
- CVE-2021-43236
- CVE-2021-43235
- CVE-2021-43227
- CVE-2021-43224
- CVE-2021-43222
- CVE-2021-43216
These six vulnerabilities for Windows 10 have been taken care on in the KB5008230 update. All these six vulnerabilities have important severity impact on your infrastructure.
Quality improvements and fixes in KB5008230
The following quality improvements and bug fixes have been implemented as part of the KB5008230 security update:
- Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.
- Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.
- Addresses a known issue that might prevent apps, such as Kaspersky apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).
Suggested Windows Updates
The following updates may be useful for system administrators. These updates are cumulative updates.
- KB5026372 cumulative update for Windows 11 22H2
- KB5026368 Cumulative Update for Windows 11 21H2
- KB5026409 Security Update for Windows Server 2012 R2
- KB5026411 security update for Windows Server 2012
- KB5026419 cumulative update for Windows Server 2012
- KB5026415 Monthly rollup update for Windows Server 2012 R2
- KB5026370 cumulative update for Windows Server 2022
- KB5026362 cumulative update for Windows Server 2019
- KB5026363 May 2023 cumulative update for Windows Server 2016
- KB5025287 for Windows Server 2012 – April 2023
- KB5025285 Monthly rollup update for Windows Server 2012 R2 – April 2023
- Security Update for Windows Server 2012 R2 – KB5008285
- KB5025288 security update for Windows Server 2012 R2 – April 2023
- KB5025272 Security Update for Windows Server 2012 – April 2023
- KB5025230 cumulative update for Windows Server 2022 – April 2023
- KB5025229 cumulative update for Windows Server 2019 – April 2023
- KB5025228 cumulative update for Windows Server 2016
- KB5023706 cumulative update for Windows 11 22H2
- KB5023752 security update for Windows Server 2012
- KB5023764 security update for Windows Server 2012 R2
–
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.