Download Windows 10 Cumulative Update KB5007186 and KB5007189: Fixes Zero-Day Vulnerabilities

It is time for Microsoft’s Patch Tuesday where the company releases updates for its Windows and Server products. On 9 November 2021, Microsoft has released Cumulative Update KB5007186 for Windows 10 version 21H1, 20H2, and 2004. Simultaneously, Microsoft has also released KB5007189 for Windows 10 version 1909.

These are security updates that have addressed several vulnerabilities in the different versions of Windows 10. That said, KB5007186 also addressed key zero-day vulnerabilities for the OS. Zero-day vulnerabilities are those that have been regularly exploited by the attackers or have been made aware of publicly.

A total of 6 zero-day vulnerabilities have been addressed with these updates, 2 of which have reportedly been actively exploited by attackers involving Microsoft Excel Security Feature Bypass and Microsoft Exchange Server Remote Code Execution. Below is the list of the zero-day vulnerabilities addressed:

Installing these updates on your Windows 10 device will secure your devices from the active threats on the internet today. Moreover, Microsoft has also given a heads-up to its users regarding the upcoming holiday season. They intimated that there will not be a preview release in December (C release), but rather only the security release (B release).

The table below indicates your updated OS build number when the respective update will be installed:

Update KBWindows 10 versionUpdated Build
Updated OS build number

You can check your Windows 10 version and build number by typing in winver in Run.

Let’s continue to see what both of these updates have to offer besides the security patches, and then proceed to how you can install it.

Fixes and Improvements

KB5007186: 21H1, 20H2, 2004

Since the same update applies to the 3 different versions of Windows 10, it has the same impact on all of them. However, it only fixes one critical issue in all of them.

KB5007186 fixes a problem where a user may experience unexpected behavior from certain applications using GDI+ and the width of the pen object is set to zero on display devices with a high DPI or resolution while rendering some User Interface (UI) elements or drawing in the app.

Apart from this fix, the Servicing Stack has also been updated that improves the Windows Updates installation quality for the users.

We would like to remind our readers that Windows 10 version 2004 will reach end-of-support on 14th November 2021. Therefore, it is better to update your device to a more recent build.

KB5007189: 1909

The following fixes and improvements have been made with this update in Windows 10 version 1909:

  • An issue preventing the successful installation of printers using the Internet Printing Protocol (IPP) has been fixed.
  • An issue of a zero width Pen to render one pixel regardless of transformation has been addressed.
  • A feature to facilitate certain cross-browser data transfers has been added.
  • An issue in JScript9.dll with PropertyGet has been addressed.
  • An issue in which Assigned Access kiosks configured with Microsoft Edge as a kiosk application would occasionally fail to restart Microsoft Edge has been addressed.
  • Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks has been improved.
  • An issue where the File Explorer stops responding and an Event 1000 with the exception code 0xc0000005 is logged automatically in the Application event log has been fixed.
  • The Servicing Stack has been updated.

Let us now move on to the known issue which Microsoft is currently aware of for both these updates.

Known Issues

KB5007186: 21H1, 20H2, 2004

An issue with the standalone (clean) installation of Windows 10 with this update is causing Microsoft Edge Legacy to be removed. However, it is not being replaced by the new Chromium-based Edge. This occurs only when Windows has a custom offline media or an ISO image installed that does not include the 29th March 2021 SSU update.

Microsoft suggests that you either install the March SSU update through slipstreaming or simply update an existing OS through Windows Update, so you will not be facing this issue. Alternatively, you can simply download and install the new Microsoft Edge if you have already encountered this problem.

Another issue that users might face with this update is that they are unable to install it entirely. This may be because of a previously installed update KB5003690. If that is the case, you can find a workaround for it here in Microsoft’s post.

Users may also see an error message “Your credentials did not work. The credentials that were used to connect to (device name) did not work. Please enter new credentials” when connecting to devices in an untrusted domain using Remote Desktop while using smart card authentication. Microsoft has found a temporary fix around the issue which you can find here.

Another issue is, after installing this update, users may encounter the following errors while connecting to a remote printer shared on a Windows Print Server:

  • 0x000006e4 (RPC_S_CANNOT_SUPPORT)
  • 0x0000007c (ERROR_INVALID_LEVEL)

For this, Microsoft has suggested a workaround while they work a permanent fix. Below are the fixes for this issue respective of your operating system’s build:

Workaround for version 21H1

Workaround for version 20H2

Workaround for version 2004

KB5007189: 1909

An issue similar to KB5007186 has been discovered in this update:

After installing this update, users may encounter the following errors while connecting to a remote printer shared on a Windows Print Server:

  • 0x000006e4 (RPC_S_CANNOT_SUPPORT)
  • 0x0000007c (ERROR_INVALID_LEVEL)

For this, Microsoft has suggested a workaround while they work a permanent fix.

Download and Install Windows 10 KB5007186 and KB5007189

Offline Installers

For Windows 10 Version 21H1

Download KB5007186 for Windows 10 Version 21H1 64-Bit [643.2 MB]

Download KB5007186 for Windows 10 Version 21H1 32-Bit [301.9 MB]

For Windows 10 Version 20H2

Download KB5007186 for Windows 10 Version 20H2 64-Bit [643.2 MB]

Download KB5007186 for Windows 10 Version 20H2 32-Bit [301.9 MB]

For Windows 10 Version 2004

Download KB5007186 for Windows 10 Version 2004 64-Bit [643.2 MB]

Download KB5007186 for Windows 10 Version 2004 32-Bit [301.9 MB]

For Windows 10 Version 1909

Download KB5007189 for Windows 10 Version 2004 64-Bit [583.7 MB]

Download KB5007189 for Windows 10 Version 2004 32-Bit [359.5 MB]

To install the update, simply run the downloaded MSU file and Windows will automatically install the update. To download any other updates related to any of the above, please check the Microsoft Catalog.

Windows Update

To install these updates via Windows Update, you need to be running Windows 10 version 21H1, 20H2, or 2004 for KB5007186, and version 1909 for KB 5007189. To check your version of the operating system, type in winver in Run and press Enter.

Once confirmed, navigate to the Settings app and then click Windows Update on the left. Then click Check for updates on the right side of the page. Once the scan is finished, the respective update will begin to download and install automatically. Once installed, click Restart Now.

restart now 2
KB5007186 ready to be installed

You can then confirm that the update has been installed successfully through winver.

updated 1
Windows 10 21H1 updated successfully

Rollback/remove Windows 10 Insider Preview update

If you do not wish to keep the installed preview update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.

To roll back after 10 days, you will need to apply this trick.

Cleanup after installing Windows Updates

If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:

dism.exe /Online /Cleanup-Image /AnalyzeComponentStore
dism.exe /Online /Cleanup-Image /StartComponentCleanup
DISM Cleanup

Also see:

Leave a Reply

You have to agree to the comment policy.