Patch Tuesday January 2021: Update Highlights and Known Issues
Patch Tuesday January 2021Edition
Microsoft rolled out the January 2021 Patch Tuesday updates on January 12, 2021. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.
This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.
We already covered the key changes in these posts. Do check them out to learn what’s new:
- Get the Windows 10 January Patch Tuesday updates today
- Windows 10 January Patch Tuesday [DIRECT DOWNLOAD LINKS]
- 91 vulnerabilities discovered in January during Patch Tuesday
- January Patch Tuesday updates fix intranet server vulnerability
- KB4598229 and KB4598242 affect system and user certificates
Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.
What are the main changes?
Microsoft Products and services updates
Across all major versions of Windows 10 that have received cumulative updates, ranging from Windows 10 v1507 to Windows 10 v2004.
Here are the main highlights brought by the January Patch Tuesday updates according to Microsoft:
- Updates to improve security when using external devices, such as game controllers, printers, and web cameras.
- Updates to improve security when using Microsoft Office products.
- Updates to improve security when using external devices, such as game controllers, printers, and web cameras.Â
Patch Tuesday list of CVEs
Despite the fact that December came with only 62 detected CVEs (the lowest value of 2020), January 2021 started off with 91 detected vulnerabilities
- Adobe Products
Just 8 vulnerabilities were found this month, and they affected Adobe Campaign Classic, Photoshop, Illustrator, Animate, InCopy, Captivate, and Bridge
- Microsoft product vulnerabilities
The rest of this month’s vulnerabilities were found affecting Microsoft products, 10 are rated as Critical, 73 are rated as Important.
If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:
CVE |
Title |
Severity |
CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
CVE-2021-1648 | Microsoft splwow64 Elevation of Privilege Vulnerability | Important |
CVE-2021-1665 | GDI+ Remote Code Execution Vulnerability | Critical |
CVE-2021-1643 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
CVE-2021-1668 | Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | Critical |
CVE-2021-1705 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | Critical |
CVE-2021-1658 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-1660 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-1666 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-1667 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-1673 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-1723 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
CVE-2021-1649 | Active Template Library Elevation of Privilege Vulnerability | Important |
CVE-2021-1677 | Azure Active Directory Pod Identity Spoofing Vulnerability | Important |
CVE-2021-1725 | Bot Framework SDK Information Disclosure Vulnerability | Important |
CVE-2021-1651 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
CVE-2021-1680 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
CVE-2021-1644 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
CVE-2021-1691 | Hyper-V Denial of Service Vulnerability | Important |
CVE-2021-1692 | Hyper-V Denial of Service Vulnerability | Important |
CVE-2021-1713 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2021-1714 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2021-1711 | Microsoft Office Remote Code Execution Vulnerability | Important |
CVE-2021-1712 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
CVE-2021-1719 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
CVE-2021-1707 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
CVE-2021-1718 | Microsoft SharePoint Server Tampering Vulnerability | Important |
CVE-2021-1641 | Microsoft SharePoint Spoofing Vulnerability | Important |
CVE-2021-1717 | Microsoft SharePoint Spoofing Vulnerability | Important |
CVE-2021-1636 | Microsoft SQL Elevation of Privilege Vulnerability | Important |
CVE-2021-1710 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
CVE-2021-1715 | Microsoft Word Remote Code Execution Vulnerability | Important |
CVE-2021-1716 | Microsoft Word Remote Code Execution Vulnerability | Important |
CVE-2021-1678 | NTLM Security Feature Bypass Vulnerability | Important |
CVE-2021-1664 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-1671 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-1700 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-1701 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-1656 | TPM Device Driver Information Disclosure Vulnerability | Important |
CVE-2020-26870 | Visual Studio Remote Code Execution Vulnerability | Important |
CVE-2021-1699 | Windows (modem.sys) Information Disclosure Vulnerability | Important |
CVE-2021-1642 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important |
CVE-2021-1685 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important |
CVE-2021-1638 | Windows Bluetooth Security Feature Bypass Vulnerability | Important |
CVE-2021-1683 | Windows Bluetooth Security Feature Bypass Vulnerability | Important |
CVE-2021-1684 | Windows Bluetooth Security Feature Bypass Vulnerability | Important |
CVE-2021-1679 | Windows CryptoAPI Denial of Service Vulnerability | Important |
CVE-2021-1652 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1653 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1654 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1655 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1659 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1688 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1693 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1637 | Windows DNS Query Information Disclosure Vulnerability | Important |
CVE-2021-1645 | Windows Docker Information Disclosure Vulnerability | Important |
CVE-2021-1703 | Windows Event Logging Service Elevation of Privilege Vulnerability | Important |
CVE-2021-1662 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
CVE-2021-1657 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important |
CVE-2021-1708 | Windows GDI+ Information Disclosure Vulnerability | Important |
CVE-2021-1696 | Windows Graphics Component Information Disclosure Vulnerability | Important |
CVE-2021-1704 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
CVE-2021-1661 | Windows Installer Elevation of Privilege Vulnerability | Important |
CVE-2021-1697 | Windows InstallService Elevation of Privilege Vulnerability | Important |
CVE-2021-1682 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2021-1706 | Windows LUAFV Elevation of Privilege Vulnerability | Important |
CVE-2021-1689 | Windows Multipoint Management Elevation of Privilege Vulnerability | Important |
CVE-2021-1676 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | Important |
CVE-2021-1695 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
CVE-2021-1663 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important |
CVE-2021-1670 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important |
CVE-2021-1672 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important |
CVE-2021-1674 | Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | Important |
CVE-2021-1669 | Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability | Important |
CVE-2021-1702 | Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | Important |
CVE-2021-1650 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | Important |
CVE-2021-1694 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
CVE-2021-1681 | Windows WalletService Elevation of Privilege Vulnerability | Important |
CVE-2021-1686 | Windows WalletService Elevation of Privilege Vulnerability | Important |
CVE-2021-1687 | Windows WalletService Elevation of Privilege Vulnerability | Important |
CVE-2021-1690 | Windows WalletService Elevation of Privilege Vulnerability | Important |
CVE-2021-1709 | Windows Win32k Elevation of Privilege Vulnerability | Important |
CVE-2021-1646 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
Note: Regardless of the service affected, or the severity level of the CVE, Microsoft advises that all users install the latest patches as soon as they become available in their region.
What are the best practices for Patch Tuesday?
There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors.
In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.
How to download the latest PT updates
While the Patch Tuesday updates are true of greater significance compared to other patches that Microsoft regularly releases, installing them is done in pretty much the same way.
This means that you can perform the actions by following these steps:
- Make sure that no other apps are running in the background.
- Go to one of these sources to get the updates:
- The Windows Update menu
- The Windows Update Catalog (This allows for individual updates to be downloaded one by one manually)
- The Windows Server Update Service (WSUS)
- A Group Policy created by a network administrator
- After downloading the updates, make sure nothing interrupts the update process until it is finished.
- Reboot your PC once the updates are complete to finalize the installation.
Exploit Wednesday & Uninstall Thursday
Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber-attacks.
On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday.
Check out this guide to learn more about how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.
Patch Tuesday: All your Questions Answered
- When is Patch Tuesday released?
Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on February 9, 2021.
- How does Patch Tuesday work?
We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
- What is the bandwidth impact of Patch Tuesday?
When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time.
The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers.
Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.
Patch Tuesday Troubleshooting
Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable.
We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.
January 12, 2021 Patch has impacted File Explorer. File Explorer Hangs and Hunts. Everything slowed down.