Patch Tuesday January 2021: Update Highlights and Known Issues

windows 10 patch tuesday

Patch Tuesday January 2021Edition

Microsoft rolled out the January 2021 Patch Tuesday updates on January 12, 2021. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.

This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.

We already covered the key changes in these posts. Do check them out to learn what’s new:

Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.


What are the main changes?

Microsoft Products and services updates

Across all major versions of Windows 10 that have received cumulative updates, ranging from Windows 10 v1507 to Windows 10 v2004.

Here are the main highlights brought by the January Patch Tuesday updates according to Microsoft:

  • Updates to improve security when using external devices, such as game controllers, printers, and web cameras.
  • Updates to improve security when using Microsoft Office products.
  • Updates to improve security when using external devices, such as game controllers, printers, and web cameras. 

Patch Tuesday list of CVEs

Despite the fact that December came with only 62 detected CVEs (the lowest value of 2020), January 2021 started off with 91 detected vulnerabilities

  • Adobe Products

Just 8 vulnerabilities were found this month, and they affected Adobe Campaign Classic, Photoshop, Illustrator, Animate, InCopy, Captivate, and Bridge

  • Microsoft product vulnerabilities

The rest of this month’s vulnerabilities were found affecting Microsoft products, 10 are rated as Critical, 73 are rated as Important.

If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:

CVE

Title

Severity

CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability Critical
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability Important
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability Critical
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability Critical
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability Critical
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability Critical
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-1723 .NET Core and Visual Studio Denial of Service Vulnerability Important
CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability Important
CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability Important
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability Important
CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-1691 Hyper-V Denial of Service Vulnerability Important
CVE-2021-1692 Hyper-V Denial of Service Vulnerability Important
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important
CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important
CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important
CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important
CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability Important
CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important
CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important
CVE-2021-1678 NTLM Security Feature Bypass Vulnerability Important
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability Important
CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability Important
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability Important
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important
CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability Important
CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability Important
CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability Important
CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability Important
CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability Important
CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability Important
CVE-2021-1645 Windows Docker Information Disclosure Vulnerability Important
CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability Important
CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability Important
CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability Important
CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability Important
CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability Important
CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability Important
CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability Important
CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability Important
CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability Important
CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability Important
CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability Important
CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability Important
CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability Important
CVE-2021-1669 Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability Important
CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability Important
CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Important
CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability Important
CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability Important
CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability Important

Note: Regardless of the service affected, or the severity level of the CVE, Microsoft advises that all users install the latest patches as soon as they become available in their region.


What are the best practices for Patch Tuesday?

There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors.

In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.


How to download the latest PT updates

While the Patch Tuesday updates are true of greater significance compared to other patches that Microsoft regularly releases, installing them is done in pretty much the same way.

This means that you can perform the actions by following these steps:

  1. Make sure that no other apps are running in the background.
  2. Go to one of these sources to get the updates:
    • The Windows Update menu
    • The Windows Update Catalog (This allows for individual updates to be downloaded one by one manually)
    • The Windows Server Update Service (WSUS)
    • A Group Policy created by a network administrator
  3. After downloading the updates, make sure nothing interrupts the update process until it is finished.
  4. Reboot your PC once the updates are complete to finalize the installation.

Exploit Wednesday & Uninstall Thursday

Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber-attacks.

On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday.

Check out this guide to learn more about how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.


Patch Tuesday: All your Questions Answered

  • When is Patch Tuesday released? 

Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on February 9, 2021.

  • How does Patch Tuesday work?

We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.

  • What is the bandwidth impact of Patch Tuesday?

When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time.

The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers.

Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.


Patch Tuesday Troubleshooting

Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable.

We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.