KEEP IN TOUCH
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
 
															



 
								
Microsoft says that apps may encounter issues accessing event logs on remote Windows 10 devices unless KB5003637 or later updates are installed on both systems.
“Event logs might not be accessible from remote devices unless both devices have updates released June 8, 2021 or later,” Microsoft states on the Windows 10 health dashboard.
“This issue is resolved if the local and remote devices both have KB5003637 installed.”
This Windows 10 known issue impacts only applications using specific legacy Event Logging APIs. Event Viewer and other apps using current non-legacy APIs to access Windows event logs remotely are not affected.
When trying to connect to or from a Windows 10 device on which the KB5003637 cumulative update was not yet installed, you might see one of the following errors:
Impacted platforms include both client and server Windows 10 version:
Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches
According to Microsoft, this is an expected result after Event Tracing for Windows (ETW) security hardening changes addressing the CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability.
Microsoft released CVE-2021-31958 security updates during the June Patch Tuesday to address the flaw discovered by Gal Levy and Yuval Sarel from Armis Security.
KB5003637 comes with security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Kernel, Windows HTML Platform, and Windows Storage and Filesystems.
This Windows 10 cumulative update also improves Windows OLE (compound documents) security and when Windows performs basic operations.
“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website,” Redmond explains in the security advisory.
Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings
“An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”