CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.7%
NEW 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release (known as a “C” release) for the month of December 2021. There will be a monthly security release (known as a “B” release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11 (original release), see its update history page.NoteFollow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.
This security update includes quality improvements. Key changes include:
__
Click or tap to view the known issues
Applies to | Symptom | Workaround |
---|---|---|
IT admins | After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:0x000006e4 (RPC_S_CANNOT_SUPPORT)0x0000007c (ERROR_INVALID_LEVEL)0x00000709 (ERROR_INVALID_PRINTER_NAME)NoteThe printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations. | This issue is resolved in KB5007262. |
IT admins | After installing this update, Microsoft Installer (MSI) might have issues repairing or updating apps. Apps that are known to be affected include some apps from Kaspersky. Affected apps might fail to open after an update or repair has been attempted. | This issue is resolved in KB5007262. |
All users | After installing Windows 11, some image editing programs might not render colors correctly on certain high dynamic range (HDR) displays. This is frequently observed with white colors, which could display in bright yellow or other colors.This issue occurs when certain color-rendering Win32 APIs return unexpected information or errors under specific conditions. Not all color profile management programs are affected, and color profile options available in the Windows 11 Settings page, including Microsoft Color Control Panel, are expected to function correctly. | This issue is resolved in KB5008353. |
All users | Recent emails might not appear in the search results of the Microsoft Outlook desktop app. This issue is related to emails that have been stored locally in a PST or OST files. It might affect POP and IMAP accounts, as well as accounts hosted on Microsoft Exchange and Microsoft 365. If the default search in the Microsoft Outlook app is set to server search, the issue will only affect the advanced search. | This issue is resolved in KB5010386. |
All users | When attempting to reset a Windows device with apps that have folders with reparse data, such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the “Remove everything” option. This issue might be encountered when attempting a manual reset initiated within Windows or a remote reset. Remote resets might be initiated from Mobile Device Management (MDM) or other management applications, such as Microsoft Intune or third-party tools. OneDrive files that are “cloud only” or have not been downloaded or opened on the device are not affected and will not persist, as the files are not downloaded or synced locally.Note Some device manufacturers and some documentation might call the feature to reset your device, “Push Button Reset”, “PBR”, “Reset This PC”, “Reset PC”, or “Fresh Start”. | This issue was addressed in KB5011493. Some devices might take up to seven (7) days after the installation of KB5011493 to fully address the issue and prevent files from persisting after a reset. For immediate effect, you can manually trigger Windows Update Troubleshooter using the instructions in Windows Update Troubleshooter. If you are part of an organization that manages devices or prepared OS images for deployment, you can also address this issue by applying a compatibility update for installing and recovering Windows. Doing that makes improvements to the “safe operating system” (SafeOS) that is used to update the Windows recovery environment (WinRE). You can deploy these updates using the instructions in Add an update package to Windows RE using KB5012414 for Windows 11 (original release).ImportantIf devices have already been reset and OneDrive files have persisted, you must use a workaround above or perform another reset after applying one of the workarounds above. |
IT admins | Universal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including: |
Before installing this updateMicrosoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.Install this update****Release Channel | Available | Next Step |
---|---|---|
Windows Update and Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Windows Update for Business | Yes | None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. |
Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) | Yes | This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 11Classification: Security Updates |
If you want to remove the LCUTo remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command:DISM /online /get-packages.Running Windows Update Standalone Installer (wusa.exe) with the**/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File informationFor a list of the files that are provided in this update, download the file information for cumulative update 5007215. For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 22000.280.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.7%