The Patch Tuesday focus for April: Windows and Exchange (again)


On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest “Patch Now” rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

Key testing scenarios

Due to the major update to the Disk Management utility this month (which we consider high-risk), we recommend testing partition formatting and partition extensions. This month’s update also includes changes to the following lower-risk Windows components:

  • Check that TIFF, RAW, and EMF files render correctly due to changes in the Windows codecs.
  • Test your VPN connections.
  • Test creating Virtual Machines (VMs) and applying snapshots.
  • Test creating and using VHD files.
  • Ensure that all applications that rely on the Microsoft Speech API function as expected.

The Windows Servicing stack (including Windows Update and MSI Installer) was updated this month with CVE-2021-28437, so larger deployments may want to include a test of install, update, self-heal, and repair functionality in their application portfolio.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. I’ve referenced a few key issues that relate to the latest builds from Microsoft, including:

  • When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. In addition, after installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.” Microsoft is working on a resolution and will provide an update in an upcoming release.
  • Devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. If you need to broadly deploy the new Edge for business, see Download and deploy Microsoft Edge for business.
  • After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

You can find Microsoft’s summary of known issues for this release in a single page.

Major revisions

For this April update cycle, Microsoft published a single major revision:

Mitigations and workarounds

As of now, it does not appear Microsoft has published any mitigations or workarounds for this April release.

Copyright © 2021 IDG Communications, Inc.

HavenSOS News