Microsoft Security Update Releases – Nachtrag vom Oktober 2021

[English]Microsoft hat im Oktober 2021 einige Security Update Releases-Benachrichtigungen und auch Revisionen publiziert. Da ich bisher nicht alles thematisieren konnte, fasse ich die betreffenden Meldungen in einem Sammelbeitrag zusammen. Die Sicherheitsinfos reichen von einer "Windows Key Storage Provider Security Feature Bypass Vulnerability" bis hin zur  Azure AD Security Feature Bypass Vulnerability.

**********************************************************
Title: Microsoft Security Update Releases
Issued: October 12, 2021
**********************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2021-38624
* CVE-2021-33781

CVE-2021-38624

– Windows Key Storage Provider Security Feature Bypass Vulnerability
– Version 2.0
– Reason for Revision: The following revisions have been made: 1) To comprehensively
address CVE-2021-38624, Microsoft has released the October 2021 Security Updates
for all affected editions of Windows 10 Version 1809 and newer because these versions
are also affected by CVE-2021-38624. 2) In the Security Updates table, Windows 11 for
x64-based systems and Windows 11 for ARM64-based systems have been added as Windows 11
is also affected by this vulnerability. Microsoft strongly recommends that customers
install the October updates to be fully protected from this vulnerability. Customers
whose systems are configured to receive automatic updates do not need to take any
further action.
– Originally posted: September 14, 2021
– Updated: October 12, 2021

CVE-2021-33781

– Azure AD Security Feature Bypass Vulnerability
– Version 2.0
– Reason for Revision: In the Security Updates table, added all supported versions
of Windows 10 Version 1607, Windows Server 2016, and Windows 11 because these versions
of Windows 10, Windows Server, and Windows 11 are also affected by this vulnerability.
Microsoft strongly recommends that customers running any of these versions install the
updates to be fully protected from the vulnerability. Customers whose systems are
configured to receive automatic updates do not need to take any further action.
– Originally posted: July 13, 2021
– Updated: October 12, 2021

**********************************************************
Title: Microsoft Security Advisory Notification
Issued: October 12, 2021
**********************************************************

Security Advisories Released or Updated on October 12, 2021
==========================================================

* ADV200011

ADV200011

– ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB
– Reason for Revision: The following revisions have been made: 1) Updated FAQ to
indicate that Microsoft will release an update to address this vulnerability in
Spring of 2022. You can register for the security notifications mailer to be alerted
when this update is available, and when content changes are made to this advisory.
See Microsoft Technical Security Notifications. 2) In the Security Updates table,
added all supported editions of the following versions of Windows and Windows Server,
as they are affected by this vulnerability: Windows 10 version 20H2, Windows 10
version 21H1, Windows 11, Windows Server, version 20H2 (Server Core Installation),
and Windows Server 2022. 3) In the Executive Summary, corrected location of
Mitigations section.
– Originally posted: July 29, 2021
– Updated: October 12, 2021
– Version: 3.0

**********************************************************
Title: Microsoft Security Update Revisions
Issued: October 15, 2021
**********************************************************

Summary
=======

The following CVEs have undergone revision increments.

==========================================================

The following CVEs have undergone a major revision increment.

* CVE-2020-0951

– CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass
Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
and PowerShell 7.1 because these versions of PowerShell 7 are affected by this
vulnerability. See https://github.com/PowerShell/Announcements/issues/27 for
more information.
– Originally posted: September 8, 2020
– Updated: October 14, 2021
– Aggregate CVE Severity Rating: Important

* CVE-2021-41355

– CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.1
because this version of PowerShell 7 incorporates the version of .NET that
are affected by this vulnerability. See
https://github.com/PowerShell/Announcements/issues/26 for more information.
– Originally posted: October 12, 2021
– Updated: October 14, 2021
– Aggregate CVE Severity Rating: Important

The following CVE has undergone informational revisions.

* CVE-2021-41363

– CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability
– Version: 1.1
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, Build Number and Article link have been added. 2) FAQs have been
updated to provide information about what to do to be protected from this
vulnerability.
– Originally posted: October 12, 2021
– Updated: October 14, 2021
– Aggregate CVE Severity Rating: Important