Microsoft Security Update Revisions 14./16. Dez. 2021

Microsoft hat zum 14. und 16. Dezember einige Security Update-Revisions zu Schwachstellen veröffentlicht. Ich stelle die betreffenden Informationen einfach als unkommentierten Nachtrag im Blog zur Information ein.


Anzeige

********************************************************************
Title: Microsoft Security Update Revisions
Issued: December 14, 2021
********************************************************************

Summary
=======

The following CVEs have undergone revision increments.
====================================================================

* CVE-2019-0887
* CVE-2020-0655
* CVE-2021-1669
* CVE-2021-24084


Anzeige

CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Windows 11 for x64-based Systems, Windows 11 for ARM64-based
Systems, Windows Server 2022, and Windows Server 2022 (Server Core installation)
as these versions of Windows are affected by this vulnerability. Customers running
Windows 11 or Windows Server 2022 should install the December 2021 security updates
to be protected from this vulnerability. 2) Added an acknowledgement.
– Originally posted: July 9, 2019
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important

CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Windows 11 for x64-based Systems, Windows 11 for ARM64-based
Systems, Windows Server 2022, and Windows Server 2022 (Server Core installation)
as these versions of Windows are affected by this vulnerability. Customers running
Windows 11 or Windows Server 2022 should install the December 2021 security updates
to be protected from this vulnerability. 2) Added an acknowledgement.
– Originally posted: February 11, 2020
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important

CVE-2021-1669 | Windows Remote Desktop Security Feature Bypass Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Microsoft Remote Desktop for iOS and Microsoft Remote Desktop
for Mac as these versions are affected by CVE-2021-1669. 2) New updates are available
that comprehensively address this vulnerability for the following: Microsoft Remote
Desktop, Microsoft Remote Desktop for Android, and Remote Desktop client for Windows
Desktop. Customers running any of these versions of Remote Desktop should check for
updates and ensure that they have the most recent update installed. Links to the
updates on the respective app stores are listed in the Security Updates table.
– Originally posted: January 12, 2021
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important

CVE-2021-24084 | Windows Mobile Device Management Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2021-24084, Microsoft has released
December 2021 security updates for all supported editions of Microsoft Windows.
Microsoft strongly recommends that customers install the updates to be fully protected
from the vulnerability. Customers whose systems are configured to receive automatic
updates do not need to take any further action.
– Originally posted: February 9, 2021
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important

********************************************************************
Title: Microsoft Security Update Revisions
Issued: December 16, 2021
********************************************************************

Summary
=======

The following CVE has been published to the Security Update Guide.
====================================================================

* CVE-2021-44228

CVE-2021-44228 | Apache Log4j Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: December 16, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important

The following CVEs have undergone revision increments.
======================================================================================

* CVE-2021-43236
* CVE-2021-43883
* CVE-2021-43893
* CVE-2021-43905

CVE-2021-43236 | Microsoft Message Queuing Information Disclosure Vulnerability
– Version: 1.1
– Reason for Revision: Updated FAQ information. This is an informational change only.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Important

CVE-2021-43883 | Windows Installer Elevation of Privilege Vulnerability
– Version: 1.1
– Reason for Revision: Corrected the Download and Article links in the Affected
Products table. This is an informational change only.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Important

CVE-2021-43893 | Windows Encrypting File System (EFS) Elevation of Privilege
Vulnerability
– Version: 1.1
– Reason for Revision: Corrected Article and Download entries in the Affected
Products table. This is an informational change only.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Important

CVE-2021-43905 | Microsoft Office app Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Added an FAQ to indicate the app version that contains
the update.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Critical


Anzeige

Dieser Beitrag wurde unter Sicherheit abgelegt und mit verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Hinweis: Bitte beachtet die Regeln zum Kommentieren im Blog (Erstkommentare und Verlinktes landet in der Moderation, gebe ich alle paar Stunden frei, SEO-Posts/SPAM lösche ich rigoros). Kommentare abseits des Themas bitte unter Diskussion.

Du findest den Blog gut, hast aber Werbung geblockt? Du kannst diesen Blog auch durch eine Spende unterstützen.