A security update is rolling out today on 06/07/2021! Windows 10 2004, 20H2, and 21H1 have received a patch with some considerable fixes for the printer vulnerability issue. KB5004945 is the out of band update having some potential workarounds for the critical issue. As you might know, this vulnerability exists in printer spooler service and is titled as PrintNightmare. The system can not stop attackers from running arbitrary codes through remote code execution (RCE). This is placed under CVE-2021-34527 and Microsoft is keeping an eye on the situation.
The printing issue is being tracked and investigated this out-of-band update brings 2 possible workarounds to mitigate the damage. The release will change the version of Windows 21H1, 20H2, and 2004 to 19043.1083, 19042.1083, and 19041.1083 respectively. This is a mandatory update and will be downloaded automatically without notifying you.
KB5004945 Windows 10 21H1, 20H2, and 2004 to fix printing vulnerability
Here is the changelog –
Improvements and bug fixes
This patch addresses a RCE exploit existing in the Print Spooler service, termed PrintNightmare, under CVE-2021-34527. Subsequent to installing this rollout and further updates, non-admin users will be only able to install the printer drivers which is signed in to a printer server. However, administrators can install both the unsigned as well as signed drivers. Signed drivers are satisfied by root certificates in the Trusted Root Certification Authorities trust of the system. The tech giant suggests that you should install this update on all supported client and server OS, starting with devices that currently host the print server role. Moreover, you can change the RestrictDriverInstallationToAdministrators regedit setting to prevent non-administrators from installing signed printer drivers on a print server. To know more go to – –KB5005010.
|Furigana characters don’t return with correct characters in Kanji characters in Japanese IME. Therefore, you might have to enter the Furigana characters manually.|
Remark –The affected applications are using ImmGetCompositionString() function.
|They are trying to have a resolution and this may be out in a forthcoming update.|
|When custom ISO or Custom offline media creates the installation it is not capable to replace Microsoft Edge Legacy with the chromium version. However, it removes the legacy. You confront this when ISO or custom offline media is generated by slipstreaming this update into the image without having prior installed the SSU rolled out 29/03/2021 or later.||If don’t want to find this problem, slipstream the SSU into ISO or custom offline media before slipstreaming the Cumulative patch. In case you are on v2004 04 20H2, extract the SSU from the combined package. Pursue the instructions –|
How to download KB5004945 and install
Since SSU is folded into cumulative update now so go directly to the following methods to install the patch –
1. Through Windows update
- Press the – Winkey.
- Type – updates.
- Hit the – Enter key.
- When Setting page prompts, you will notice that the update is downloaded is asking you to Restart now; select it.
- Otherwise, click the – Check for upddates.
- Lastly, hit – Restart now.
2. Using Microsoft update catalog
Here is KB5004945 direct download link – Windows update catalog. Click it.
- Find the correct file and click – Download.
- A separate page comes out, click the lone link there.
- As the downloading is completed, double click the .MSU file.
- Follow the on-screen instructions until the out-of-band update is fully installed.
For more knowledge about the installation method, you can read – How to Download and Install Update from Microsoft update catalog on Windows 10.