Windows 10 logo and laptop showing the Start Menu

It’s Patch Tuesday today, meaning that all supported Windows versions will receive cumulative updates containing security fixes and general improvements. What these updates also bring is a new fix for the PrintNightmare issue that has seen wide coverage over the last month. While the firm claimed to have fixed the vulnerability with earlier updates, security researchers discovered that the fix could be bypassed. Today, the cumulative updates completely mitigate the issues.

As for Windows 10, the three most recent – and fully supported Windows 10 versions – will be receiving the same update as they are built on the same codebase. The update rolling out is KB5005033 for versions 2004, 20H2, and 21H1, bringing builds 19041.1165, 19042.1165, and 19043.1165, respectively. The patch will contain all the fixes made as part of the out-of-band and optional updates released through the course of the month. The update can be manually downloaded from here.

Additionally, the same update should also begin rolling out to Release Preview ring Insiders who are testing versions 21H2, since that version too, which is expected to release later this year, will be delivered via an enablement package, just like versions 20H2 and 21H1.

The list of fixes is short for this month, especially since the improvements made in the previous updates as mentioned earlier are listed in their respective KB articles. As for what’s new for the fully supported versions, here is the single highlight provided by the Redmond firm:

  • Updates the default installation privilege requirement so that you must be an administrator to install drivers when using Point and Print.

And here is the complete verbiage explaining the fix:

  • Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see KB5005652, Point and Print Default Behavior Change, and CVE-2021-34481 for more information.

In addition to the security and bug fixes, the company is also rolling out an update for the Windows Update client aimed at improving reliability. The changes will roll out to all supported SKUs except for the long-term servicing channel (LTSC).

As is always the case, there are also a few known issues that have been listed for users to be aware of. Here is the complete list:

Symptom

Workaround

When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.

Note The affected apps are using the ImmGetCompositionString() function.

We are working on a resolution and will provide an update in an upcoming release.

Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.

Note Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps.

To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU:

  1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab
  2. Extract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*
  3. You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU.

If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.

After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING".

For more information and a workaround, see KB5005322.

After installing this update, the Elastic File System (EFS) API OpenEncryptedFileRaw(A/W), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).

This behavior is expected because we addressed the issue in CVE-2021-36942.

Note If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support.

Those still on Windows 10 version 1909 Enterprise, Education, or IoT Enterprise SKUs will be served KB5005031, bumping up the version to build 18363.1734. Users can head to the Update Catalog here to download the update manually here, and the knowledge base article to view the complete changelog.

There are other Windows 10 versions that are supported for certain SKUs which are also receiving updates today. Here is a summary of the versions, the corresponding update links, and the SKUs they are supported.

Version

KB

Build

Download

Support

1809

KB5005030

17763.2114

Update Catalog

Long Term Servicing Channel (LTSC)

1607

KB5005043

14393.4583

Update Catalog

1507

KB5005040

10240.19022

Update Catalog