KB5004237 is a security update with a plethora of fixes. Here are the direct links to download KB5004237 offline installer.
Microsoft released a mandatory security update after the last one the previous week. In fact, the current update, KB5004237, is pretty jam-packed with various security patches and fixes. The previous update, KB5004945, failed to fix the PrintNightmare vulnerability. So, Microsoft released another update today to fully patch up the security hole. If you don’t know, the PrintNightmare vulnerability exploits the Print Spooler service to access your system. Once the attacker has access, they can do almost anything with the System privileges.
Along with a fix for the PrintNightmare vulnerability, the update also contains several other small security patches and improvements to various Windows components. These components include but are not limited to Windows Kernel, Windows Apps, Windows Authentication, Windows Fundamentals, User Access Control, Virtualization, and more. The update also fixes a vulnerability in the Primary Refresh Tokens so that the encryption is stronger and prohibits token reuse.
In addition to the security patches, this update also contains some general fixes and improvements. These include the fixes for printing difficulties with some specific printers and printer connections, updates to verifying usernames and passwords, etc.
All in all, KB5004237 is a pretty significant update. Though this is not a pure security update, I would still recommend installing it as soon as possible to ensure your system is protected from unpatched vulnerabilities. As always, I’m giving you the direct links to download KB5004237 offline installer. Just click on the appropriate links to download the installer. Once downloaded, you can install it like any other software.
Download KB5004237 offline installer
Use the links below to download KB5004237 offline installer from the Microsoft catalog website.
For v21H1:
KB5004237 x86 (32-bit) offline installer (download size: 271.3 MB)
KB5004237 x64 (64-bit) offline installer (download size: 587.6 MB)
For v20H2:
KB5004237 x86 (32-bit) offline installer (download size: 271.3 MB)
KB5004237 x64 (64-bit) offline installer (download size: 587.6 MB)
For v2004:
KB5004237 x86 (32-bit) offline installer (download size: 271.3 MB)
KB5004237 x64 (64-bit) offline installer (download size: 587.6 MB)
If the above direct links did not work or if you want KB5004237 download links for Windows Server, ARM64 based systems, or some other version, then go to the Microsoft update catalog website to find the appropriate links. All you have to do is click on the Download button next to the appropriate version.
KB5004237 changelog
Addresses an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port.
Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.
Adds Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757.
Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed. For more information about this issue, see CVE-2021-33779.
Security updates to Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.
That is it.