A big July Patch Tuesday — and the ongoing print nightmare


This week’s Patch Tuesday release from Microsoft is a big one for the Windows ecosystem; it includes 117 patches that handle four publicly reported and four exploited vulnerabilities. The good news: this month’s Microsoft Office and development platform (Visual Studio) patches are relatively straightforward and can be added with minimal risk to your standard patch release schedules, and there are no browser updates. Alas, we have a really serious printer issue (CVE-2021-34527) that was released out of bounds (OOB) and has been updated at least twice in the past few days. That means you need to pay immediate attention to the Windows updates and that you add all of the Windows desktop patches to your “Patch Now” schedule. 

There were multiple updates through the week, and we expect more to the print spooler vulnerabilities in the coming days. Unfortunately, this large and broad-scoped series of patches will require significant testing due to the core system and kernel changes they entail. For further information you can check the Windows 10 health dashboard. You can also find more information on the risk of deploying these Patch Tuesday in this infographic.

Key testing scenarios

There are no reported high-risk changes to the Windows platform. However, there is one reported functional change and an additional feature added this month:

  • Test your printers, with a view to potentially stopping all necessary spooler services.
  • Verify that printing via LOB applications works as expected.
  • Test that Word and PowerPoint files can be downloaded and opened.
  • Test that scripting, especially with JavaScript, works as expected.

I think with the five kernel updates and a particular focus on the server patch CVE-2021-34458, this month, ] a full LOB application test will  be required.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in the latest update cycle. I have referenced a few key issues that relate to the latest Microsoft builds, including:


  • Devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU.
  • ESU Updates (Windows 7 and Server 2008): After installing this update and restarting your device, you might receive the error “Failure to configure Windows updates.” You may receive this notice if you have not activated your ESU MAK add-on key. For more information about activation, you can find out more at this Microsoft blog post.

Resolved Issues with previous patches

  • June Update : After installing KB5003671 or KB5003681 on Windows 8.1 or Windows Server 2012 R2, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain legacy Event Logging APIs. You might receive an error when attempting to connect. Last June, there was a known issue apparently by design.

Major revisions

At this point in July’s update cycle, there have been three major updates to previous released updates: