Рекомендации по обновлению ПО
История обновлений
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10. KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv). If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible. The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available. In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described. An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
December 2021 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE: February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be foundhere and includes all security patches released up until April 2016.
Security Rollup ID: 5008282
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43234, CVE-2021-43235
Microsoft Important Rated CVEs: CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43241, CVE-2021-43242, CVE-2021-43243, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43249, CVE-2021-43250
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1
In the month of December 2021, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5008207
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2021-43215, CVE-2021-43217, CVE-2021-43233
Microsoft Important Rated CVEs: CVE-2021-43207, CVE-2021-41333, CVE-2021-43216, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5008218
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43217, CVE-2021-43215
Microsoft Important Rated CVEs: CVE-2021-43248, CVE-2021-43247, CVE-2021-43246, CVE-2021-43244, CVE-2021-43238, CVE-2021-43236, CVE-2021-43235, CVE-2021-43234, CVE-2021-43232, CVE-2021-43231, CVE-2021-43230, CVE-2021-43229, CVE-2021-43228, CVE-2021-43227, CVE-2021-43226, CVE-2021-43224, CVE-2021-43223, CVE-2021-43222, CVE-2021-43216, CVE-2021-41333, CVE-2021-43207, CVE-2021-43219, CVE-2021-43883, CVE-2021-43893
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in December 2021
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10. KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv). If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible. The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available. In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described. An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
December 2021 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE: February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be foundhere and includes all security patches released up until April 2016.
Security Rollup ID: 5008282
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43234, CVE-2021-43235
Microsoft Important Rated CVEs: CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43241, CVE-2021-43242, CVE-2021-43243, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43249, CVE-2021-43250
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1
In the month of December 2021, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5008207
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2021-43215, CVE-2021-43217, CVE-2021-43233
Microsoft Important Rated CVEs: CVE-2021-43207, CVE-2021-41333, CVE-2021-43216, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5008218
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43217, CVE-2021-43215
Microsoft Important Rated CVEs: CVE-2021-43248, CVE-2021-43247, CVE-2021-43246, CVE-2021-43244, CVE-2021-43238, CVE-2021-43236, CVE-2021-43235, CVE-2021-43234, CVE-2021-43232, CVE-2021-43231, CVE-2021-43230, CVE-2021-43229, CVE-2021-43228, CVE-2021-43227, CVE-2021-43226, CVE-2021-43224, CVE-2021-43223, CVE-2021-43222, CVE-2021-43216, CVE-2021-41333, CVE-2021-43207, CVE-2021-43219, CVE-2021-43883, CVE-2021-43893
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in December 2021
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.