[English]Microsoft hat zum 25. Feb. 2021 verschiedene Sicherheitshinweise aktualisiert. Das reicht von einer Exchange Spoofing-Schwachstelle bis hin zu Python Extension RCE in Visual Studio.
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: February 25, 2021
**************************************************************************************
Summary
=======
The following CVEs have undergone a revision increment:
* CVE-2021-1730
* CVE-2021-24112
* CVE-2020-16977
* CVE-2020-1171
– CVE-2021-1730 | Microsoft Exchange Server Spoofing Vulnerability
– Version 1.1
– Reason for Revision: Added an FAQ detailing further steps that must be performed
to enable the prodections from this vulnerability.
– Originally posted: February 9, 2021
– Updated: February 24, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-24112 | .NET Core Remote Code Execution Vulnerability
– Version 2.0
– Reason for Revision: In the Security Updates table, added Visual Studio 2019 for
Mac and Mono 6.12.0 because they are also affected by CVE-2021-24112. Microsoft
recommends that customers running either of these products install the updates to be
fully protected from the vulnerability.
– Originally posted: February 9, 2021
– Updated: February 24, 2021
– Aggregate CVE Severity Rating: Critical
– CVE-2020-16977 | Visual Studio Code Python Extension Remote Code Execution
Vulnerability
– Version 1.1
– Reason for Revision: In the Security Updates table, corrected product name.
– Originally posted: October 13, 2020
– Updated: February 25, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2020-1171 | Visual Studio Code Python Extension Remote Code Execution
Vulnerability
– Version 1.1
– Reason for Revision: In the Security Updates table, corrected product name.
– Originally posted: May 12, 2020
– Updated: February 25, 2021
– Aggregate CVE Severity Rating: Important
MVP: 2013 – 2016
