Windows 10 KB5003637 Update May Block Remote Access to Event Logs

Microsoft says that apps may encounter issues accessing event logs on remote Windows 10 devices unless KB5003637 or later updates are installed on both systems.

“Event logs might not be accessible from remote devices unless both devices have updates released June 8, 2021 or later,” Microsoft states on the Windows 10 health dashboard.

“This issue is resolved if the local and remote devices both have KB5003637 installed.”

This Windows 10 known issue impacts only applications using specific legacy Event Logging APIs. Event Viewer and other apps using current non-legacy APIs to access Windows event logs remotely are not affected.

When trying to connect to or from a Windows 10 device on which the  KB5003637 cumulative update was not yet installed, you might see one of the following errors:

• error 5: access is denied
• error 1764: The requested operation is not supported.
• System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand
• Windows has not provided an error code.

Impacted platforms include both client and server Windows 10 version:

• Client: Windows 10 21H1; Windows 10 20H2; Windows 10 2004; Windows 10 1909; Windows 10 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• Server: Windows Server 20H2; Windows Server 2004; Windows Server 1909; Windows Server 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

Known issue caused by security hardening changes

According to Microsoft, this is an expected result after Event Tracing for Windows (ETW) security hardening changes addressing the CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability.

Microsoft released CVE-2021-31958 security updates during the June Patch Tuesday to address the flaw discovered by Gal Levy and Yuval Sarel from Armis Security.

KB5003637 comes with security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Kernel, Windows HTML Platform, and Windows Storage and Filesystems.

This Windows 10 cumulative update also improves Windows OLE (compound documents) security and when Windows performs basic operations.

“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website,” Redmond explains in the security advisory.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

“An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”