Blog Post

Ritelink Blog > News > Windows > Microsoft releases updates KB5015807 and KB5015811 for Windows 10 users

Microsoft releases updates KB5015807 and KB5015811 for Windows 10 users

This month, Microsoft released the KB5015814 security update for Windows 11, but it has not forgotten about Windows 10 users. You are advised to install these security updates as soon as possible.

While the KB5015807 update is made for Windows 10 versions 20H2, 21H1, and 21H2, the KB5015811 update is available for Windows 10 version 1809. Similar to the Windows 11 update, these both solve multiple security flaws, offer a number of enhancements, and address a PowerShell issue.

Microsoft’s release notes for the KB5015807 update indicate that it includes all of the same changes that were part of the previously released KB5014666. In fact, the only difference is the fix for the PowerShell issue: “Addresses an issue that redirects the PowerShell command output so that transcript logs do not contain any content. Transcript logs might contain decrypted passwords if you turn PowerShell logging on. Consequently, the transcript logs lose the decrypted passwords”.

The changelog for the previous update is as follows:

  • New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
  • New! Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.
  • Addresses an issue that affects the Cloud Clipboard service and prevents syncing between machines after a period of inactivity.
  • Addresses an issue that prevents the Pashto language from appearing in the language list.
  • Enables the InternetExplorerModeEnableSavePageAs Group Policy. For more information, see Microsoft Edge Browser Policy Documentation.
  • Addresses an issue that affects the touchpad area that responds to a right-click (the right-click zone). For more information, see Right-click zone
  • Addresses an issue that affects some certificates chains to Root Certification Authorities that are members of the Microsoft Root Certification Program. For these certificates, the certificate chain status can be, “This certificate was revoked by its certification authority”.
  • Addresses an issue that leads to a false negative when you run scripts while Windows Defender Application Control (WDAC) is turned on. This might generate AppLocker events 8029, 8028, or 8037 to appear in the log when they should not.
  • Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.
  • Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).
  • Addresses an issue that causes the LocalUsersAndGroups configuration service provider (CSP) policy to fail when you modify the built-in Administrators group. This issue occurs if the local Administrator account isn’t specified in the membership list when you perform a replace operation.
  • Addresses an issue in which malformed XML inputs might cause an error in DeviceEnroller.exe. This prevents CSPs from being delivered to the device until you restart the device or correct the XML.
  • Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:
    • The security database has not been started.
    • The domain was in the wrong state to perform the security operation.
    • 0xc00000dd (STATUS_INVALID_DOMAIN_STATE).
  • Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.
  • Addresses a known issue that might prevent the Snip & Sketch app from capturing a screenshot or from opening using the keyboard shortcut (Windows logo key+Shift+S). This issue occurs after installing the February 8, 2022 and later updates.

It is much the same story with the KB5015811 update, which addresses the PowerShell issue and also includes the changes from the KB5014669 update. Released last month, the changelog for this update reads as follows:

  • New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
  • New! Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.
  • Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).
  • Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.
  • Addresses an issue that causes Windows to stop working and generates error code 0x3B.
  • Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:
    • The security database has not been started.
    • The domain was in the wrong state to perform the security operation.
    • 0xc00000dd (STATUS_INVALID_DOMAIN_STATE).
  • Addresses an issue that causes pool corruption when the client-side caching (CSC) cleanup method fails to delete a resource that was created.
  • Addresses an issue that fails to show Windows Server 2019 and Windows Server 2022 in certain dropdown menu lists in Server Manager.
  • Addresses an issue that causes file copying to be slower because of a wrong calculation of write buffers within cache manager.
  • Optimizes access to the State Repository database to help reduce Appx deployment delays or black screens that might occur when you sign in to Windows 2019 Server.
  • Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.
  • Addresses a known issue that prevents Windows servers that use the Routing and Remote Access Service (RRAS) from correctly directing internet traffic. Devices that connect to the server might not connect to the internet, and servers might lose connection to the internet after a client device connects to them.

These mandatory updates will be automatically downloaded and installed by Windows Update, but they can also be downloaded from the Microsoft Update Catalog — KB5015807 and KB5015811.

Leave a comment

Your email address will not be published. Required fields are marked *