[English]Microsoft hat zum 8. Februar per Mail über diverse Revisionen seiner Sicherheitshinweise hingewiesen. Es geht um eine Remote Desktop Services Remote Code Execution-Schwachstelle, einen Windows Kernel Memory Information Disclosure-Schwachstelle, eine Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege-Schwachstelle und eine Microsoft Power BI Information Disclosure-Schwachstelle. Zudem gab es im Feb. 2022 ein neues Servicing Stack Update (SSU), siehe ADV990001. Alles hat aber nur informellen Charakter, Microsoft hat nur die Beschreibungen angepasst. Ich stelle die betreffenden Informationen einfach mal unkommentiert hier im Blog ein.
Anzeige
*********************************************************************Title: Microsoft Security Update Revisions
Issued: February 8, 2022
*********************************************************************
Summary
=======
The following CVEs have undergone revision increments.
=====================================================================
* CVE-2019-0887
* CVE-2021-34500
* CVE-2022-21871
* CVE-2022-23254
Anzeige
– CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability
– Version: 3.0
– Reason for Revision: In the Security Updates table, added Remote Desktop client
for Windows Desktop as it is also affected by this vulnerability. Customers
running Remote Desktop client for Windows Desktop should ensure that they have
version 1.2.2691 or higher to be protected from this vulnerability.
– Originally posted: July 9, 2019
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2021-34500, Microsoft
has released Febuary 2022 security updates for the following supported
editions of Microsoft Windows: Windows 10, Windows 10 Version 1607, Windows 8.1,
Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2,
and Windows Server 2008. Microsoft strongly recommends that customers install the
updates to be fully protected from the vulnerability. Customers whose systems are
configured to receive automatic updates do not need to take any further action.
– Originally posted: July 13, 2021
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of
Privilege Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added the following versions
of Visual Studio as they also affected by CVE-2022-21871: Microsoft Visual Studio
2019 version 16.9, Microsoft Visual Studio 2019 version 16.7, Microsoft Visual
Studio 2017 version 15.9, and Microsoft Visual Studio 2015 Update 3. Microsoft
strongly recommends that customers running any of these versions of Visual Studio
install the updates to be fully protected from the vulnerability. Customers whose
systems are configured to receive automatic updates do not need to take any
further action.
– Originally posted: January 11, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-23254 | Microsoft Power BI Information Disclosure Vulnerability
– Version: 1.1
– Reason for Revision: Corrected the CVE title and description to address the
vulnerability as Information Disclosure. In the Affected Products table, corrected
the Impact to Information Disclosure. This is an informational change only.
– Originally posted: February 8, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
Anzeige
