Microsoft treats Windows 10 users to the release of KB5015807 and KB5015811 updates

We've already spoken about Microsoft releasing the KB5015814 security update for Windows 11, but Windows 10 users have not been forgotten this month. These are security updates that should be installed as soon as possible.

The KB5015811 update is available for Windows 10 version 1809, while the KB5015807 update is designed for Windows 10 versions 20H2, 21H1 and 21H2. Just as with the Windows 11 update, these both address a problem with PowerShell as well as fixing various security issues and introducing numerous improvements.

See also:

• Microsoft launches Windows Autopatch for Windows 10 and Windows 11
• Microsoft releases KB5015814 update for Windows 11 to fix security flaws and PowerShell issues
• Microsoft releases new versions of free Windows 11 virtual machines

Microsoft's release notes for the KB5015807 update indicate that it includes all of the same changes that were part of the previously released KB5014666. In fact, the only difference is the fix for the PowerShell issue: "Addresses an issue that redirects the PowerShell command output so that transcript logs do not contain any content. Transcript logs might contain decrypted passwords if you turn PowerShell logging on. Consequently, the transcript logs lose the decrypted passwords".

The changelog for the previous update is as follows:

• New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
• New! Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.
• Addresses an issue that affects the Cloud Clipboard service and prevents syncing between machines after a period of inactivity.
• Addresses an issue that prevents the Pashto language from appearing in the language list.
• Enables the InternetExplorerModeEnableSavePageAs Group Policy. For more information, see Microsoft Edge Browser Policy Documentation.
• Addresses an issue that affects the touchpad area that responds to a right-click (the right-click zone). For more information, see Right-click zone. 
• Addresses an issue that affects some certificates chains to Root Certification Authorities that are members of the Microsoft Root Certification Program. For these certificates, the certificate chain status can be, “This certificate was revoked by its certification authority”.
• Addresses an issue that leads to a false negative when you run scripts while Windows Defender Application Control (WDAC) is turned on. This might generate AppLocker events 8029, 8028, or 8037 to appear in the log when they should not.
• Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.
• Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).
• Addresses an issue that causes the LocalUsersAndGroups configuration service provider (CSP) policy to fail when you modify the built-in Administrators group. This issue occurs if the local Administrator account isn't specified in the membership list when you perform a replace operation.
• Addresses an issue in which malformed XML inputs might cause an error in DeviceEnroller.exe. This prevents CSPs from being delivered to the device until you restart the device or correct the XML.
• Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:
  • The security database has not been started.
  • The domain was in the wrong state to perform the security operation.
  • 0xc00000dd (STATUS_INVALID_DOMAIN_STATE).
• Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.
• Addresses a known issue that might prevent the Snip & Sketch app from capturing a screenshot or from opening using the keyboard shortcut (Windows logo key+Shift+S). This issue occurs after installing the February 8, 2022 and later updates.

It is much the same story with the KB5015811 update, which addresses the PowerShell issue and also includes the changes from the KB5014669 update. Released last month, the changelog for this update reads as follows:

• New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
• New! Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.
• Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).
• Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.
• Addresses an issue that causes Windows to stop working and generates error code 0x3B.
• Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:
  • The security database has not been started.
  • The domain was in the wrong state to perform the security operation.
  • 0xc00000dd (STATUS_INVALID_DOMAIN_STATE).
• Addresses an issue that causes pool corruption when the client-side caching (CSC) cleanup method fails to delete a resource that was created.
• Addresses an issue that fails to show Windows Server 2019 and Windows Server 2022 in certain dropdown menu lists in Server Manager.
• Addresses an issue that causes file copying to be slower because of a wrong calculation of write buffers within cache manager.
• Optimizes access to the State Repository database to help reduce Appx deployment delays or black screens that might occur when you sign in to Windows 2019 Server.
• Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.
• Addresses a known issue that prevents Windows servers that use the Routing and Remote Access Service (RRAS) from correctly directing internet traffic. Devices that connect to the server might not connect to the internet, and servers might lose connection to the internet after a client device connects to them.

These mandatory updates will be automatically downloaded and installed by Windows Update, but they can also be downloaded from the Microsoft Update Catalog -- KB5015807 and KB5015811.

Image credit: tanuha2001 / Shutterstock