About

Windows 10 Security Update for December – KB5008230

The security update for Windows 10 operating system has been released by Microsoft on 14th December. This update covers the various security vulnerabilities that have been addressed for the period between 10th November to 14th December. This update covers fix for 21 vulnerabilities. Out of these 21 vulnerabilities, 3 are of a critical nature and the remaining 18 are of important impact on the Windows 10 based infrastructure.

How can I apply the security update KB5008230 on Windows 10 computers?

Security update KB5008230 can be applied to the system in one of the following four ways:

  • KB5008230 can be applied automatically through the Windows Update program on your computer.
  • KB5008230 can be applied automatically through the Windows Update for business
  • Windows Server Update Service can also apply the update automatically. You need to set the WSUS to ensure that is configured to sync with the security updates for Windows 10.
  • You can apply the security update manually through a download from the Microsoft Windows Update catalog. The update can be downloaded from the following URL: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008230

KB5008230 is valid for x64 based computers running Windows 10. You will update the Windows 10 system to build 10240.19145. The update weighs close to 1200 Mb.

Critical vulnerabilities resolved on Windows 10 in KB5008230

There are 3 critical vulnerabilities that have been patched in Windows 10 security update KB5008230. We provide the details of these vulnerabilities for your ready reference below:

  • CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. It requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
  • CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
  • CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.

Overall, the KB5008230 security update patches the vulnerabilities of critical nature and potentially prone to remote code execution. All these vulnerabilities require immediate patching. A remote attacker can use the security gaps to execute malicious code on the computer.

Elevation of Privileges vulnerability resolution – KB5008230

An attacker could use the vulnerabilities on Windows 10 to elevate credentials and execute commands with the elevated privileges. This would also include installing malicous code on the affected system. The following vulnerabilities are of important severity and must be taken care of:

  • CVE-2021-43893
  • CVE-2021-43883
  • CVE-2021-43248
  • CVE-2021-43238
  • CVE-2021-43230
  • CVE-2021-43229
  • CVE-2021-43226
  • CVE-2021-43223
  • CVE-2021-41333
  • CVE-2021-43207

There are 10 vulnerabilities on the Windows 10 build that could potentially be used to cause elevation of privileges.

Remote code execution vulnerabilities with important severity – KB5008230

There are a couple of security vulnerabilites on Windows 10 that have an important severity level. These too have been resolved as part of the security update KB5008230 for Windows 10. The vulnerabilities are stated below for your ready reference.

  • CVE-2021-43232
  • CVE-2021-43234

Information Disclosure vulnerabilities resolved in KB5008230

Information disclosure vulnerabilities could lead to data theft. It could be business data or personal data. The information disclosure vulnerabilities that have been resolved in the security update KB5008230 for Windows 10 are mentioned below:

  • CVE-2021-43236
  • CVE-2021-43235
  • CVE-2021-43227
  • CVE-2021-43224
  • CVE-2021-43222
  • CVE-2021-43216

These six vulnerabilities for Windows 10 have been taken care on in the KB5008230 update. All these six vulnerabilities have important severity impact on your infrastructure.

Quality improvements and fixes in KB5008230

The following quality improvements and bug fixes have been implemented as part of the KB5008230 security update:

  • Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.
  • Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.
  • Addresses a known issue that might prevent apps, such as Kaspersky apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).