On this August Patch Tuesday of 2021, a new cumulative update from Microsoft, comes with important fixes and updates to all the Microsoft products including Windows 10. The latest update finally fixes the PrintNightmare vulnerabiligy (CVE-34527) which has been haunting Windows users for quite sometime. Basically, the default installation privilege requirement for printers has been changed.
Since these are important updates, they should be installed automatically if the automatic update is enabled on your computer.
As always, we recommend waiting for a while and getting a backup of your important files before installing the updates. There is no guarantee from Microsoft that the updates will be installed smoothly on the computer. Although Microsoft does extensive testing before releasing the updates, it is possible that the update may make your computer unusable.
In this article, we will talk about Windows 10 cumulative updates for August 2021, KB5005033 which covers Windows 10 Version 21H1, 20H2 and 2004.
After installing this update, all users who want to install the printer will have to have administrative privileges on the computer to continue. This is mainly to make sure that the PrintNightmare vulnerability is fixed once and for all.
In an article about how to manage the new Point and Print default driver installation behavior, Microsoft states:
Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August 10, 2021 for all supported versions of Windows, and is documented as CVE-2021-34481.
This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies this change. While not recommended, customers can manually disable this mitigation with a registry key, which is outlined in the following KB Article:Source
KB5005652 – How to manage new Point and Print default driver installation behavior
Additionally, an issue has been resolved that prevents Game Mode and power plans from working properly, resulting in lower frame rates and reduced gaming performance.
Also, a problem where a network device in File Explorer would lose focus when a new network device is mapped has been resolved.
Other fixes and quality improvements include the following:
- When using Point and Print, the default privilege requirement for installing drivers has been changed. In order to install drivers after installing this update, you must have administrative privileges. For more information about Point and Print, please refer to KB5005652, Point and Print Default Behavior Change, and CVE-2021-34481.
- An issue that prevented users of gaming services from accessing certain games on desktop computers has been fixed.
- The bug in the Input Method Editor (IME) has been fixed. Once you have configured the power options to shut down your laptop by closing the lid, this may occur after startup.
- In an MDM service, certain junk mail rules were not being correctly applied.
- An issue where the update build revision (UBR) was always reported as zero (0) when enrolling a device in an MDM service has been resolved.
- Auditing events 4624 and 5142 that displayed the wrong event template when Dutch is the display language has been resolved.
- The issue that caused System Integrity to leak memory has been resolved.
- There was an issue in which the trigger button on a controller played the sound for selecting something when you pressed it loudly.
- The issue that led to the inability to use power plans and Game Mode has been resolved.
- A bug was fixed that prevented you from accessing a network drive that maps to a Distributed File System (DFS) root after you logged out.
For more information about the updates, you can check out the following KB articles:
After installing this update, the updated OS builds for all three Windows versions will become:
- Windows 10 Version 21H1 >> 19043.1165
- Windows 10 Version 20H2 >> 19042.1165
- Windows 10 Version 2004 >> 19041.1165
Download Windows Cumulative Update KB5005033 offline installers
For Windows 10 Version 21H1
For Windows 10 Version 20H2
For Windows 10 Version 2004
To install the update, simply run the downloaded MSU file and Windows will automatically install the cumulative update.
You can check out your current Windows build by launching Run and then typing winver.
To download any other updates related to any of the above, please check the Microsoft Catalog.
Uninstall the cumulative updates
Here is a quick guide on how you can uninstall the updates on your computer if you face any issues with them:
Uninstall updates using Windows Update History tool
- Navigate to the following:
Start Menu ->Settings –> Update & Security –> Windows Update.
- From the right-hand pane, click on View Update History.
- Now click on Uninstall updates.
- Select Update for Microsoft Windows with the relevant update name and press the Uninstall button.
Uninstall updates using command-line
You can also delete the update by entering several commands in the Command Prompt. Here is how:
- Open Command Prompt (Run –> cmd)
- Run the following command:
wmic qfe list brief /format:table
- This will show all the updates installed on the computer. Make sure the relevant updates are on the list.
- To uninstall the update, run the following command
wusa /uninstall /kb:UpdateName
Replace UpdateName with the number from the update. For example, if the update you want to uninstall is KB5001337, you will enter the following command:
wusa /uninstall /kb:5005033
Restart your computer once the update is uninstalled.