Windows 10 1909 has just obtained the April 2021 security update or LCU. KB5001337 is the release that carries a bunch of bug fixes and changes and increases the November 2019 Update version OS build to 18363.1500. See the compilation here – Windows 10 Cumulative Updates List.
You can auto download KB5001337 and install it through the Windows update unless you made any modifications. Furthermore, the Microsoft update catalog also allows downloading the .MSU file for manual installation of the patch.
KB5001337 for Windows 10 1909 18363.1500
Here is the changelog –
Changes and fixes
- The patch addresses principal in a trusted MIT realm that becomes unable to get a Kerberos service ticket from Active Directory domain controllers aka DC. The problem happens on devices that installed Windows Updates that have CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were rolled out between 10/11/2020 and 8/12/2020. Moreover, Ticket acquisition also fails and shows an error – KRB_GENERIC_ERROR, if callers submit a PAC-less Ticket Granting Ticket aka TGT as an evidence ticket without providing the “USER_NO_AUTH_DATA_REQUIRED” flag.
- The deliverance addresses an issue with security vulnerabilities traced out by a security researcher. Subsequently, this and entire future Windows updates will no longer have the RemoteFX vGPU. To know the details see – CVE-2020-1036 and KB4570006. The Secure vGPU replacements are available using Discrete Device Assignment (DDA) in Windows Server LTSC rollouts (Windows Server 2016 and 2019) and Windows Server SAC (Windows Server v1803 and later).
- KB5001337 for Windows 10 v1909 18363.1500 addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the 3rd-party endpoints used for federated authentication. To get more information, read CVE-2021-27092 and Policy CSP – Authentication.
- This rollout carries Security updates to Windows Apps, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, Windows Input and Composition, Windows App Platform and Frameworks, Windows Kernel, Windows Virtualization, and Windows Media.
Symptom – User certificates and System and might be missing when updating a device from Windows 10 v1809 or greater to a later version. This bug will impact the devices installed any LCU pushed on 16/09/2020 or later and then continue to update to a later version from media or an installation source that does not have an LCU rolled out on 13/10/2020 or later integrated. The mess-up occurs when managed devices are updated using outdated bundles or media via an update management tool, for instance, WSUS or Microsoft Endpoint Configuration Manager. This might also occur when using either outdated ISO images or physical media that do not have the latest updates integrated.
Remark – Devices that receive Windows Update for Business or that directly get Windows Update are not impacted.
Workaround – Return back to your previous version of Windows using the guide – here. If you don’t see the option to go back to the previous version then pursue – How to change the roll back period to 60 days in Windows 10.
How to download KB5001337 and install on Windows 10 1909 18363.1500
Prior to beginning ensure that you have installed the most recent SSU KB and then pursue the below guidelines –
1. Via Auto Windows update
Press the – Winkey.
Type in – updates.
Once the Settings page prompts, click – Check for updates.
Wait for the completion of the downloading of the patch and finally, click – Restart now.
2. Using Microsoft update catalog
- First of all, go to KB5001337 direct download link – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001337
- Find the relevant file for your system and click – Download.
- A page will appear; select the only link showing here.
- Once the .MSU file is downloaded, right-click and choose – Install.
- Follow the instructions coming ahead until the patch is installed.