{"id":238793,"date":"2020-12-11T07:14:26","date_gmt":"2020-12-11T06:14:26","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=238793"},"modified":"2020-12-11T07:30:13","modified_gmt":"2020-12-11T06:30:13","slug":"microsoft-update-und-sicherheitshinweise-8-und-10-dez-2020","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2020\/12\/11\/microsoft-update-und-sicherheitshinweise-8-und-10-dez-2020\/","title":{"rendered":"Microsoft Update- und Sicherheitshinweise 8. und 10. Dez. 2020"},"content":{"rendered":"

[English<\/a>]Microsoft hat zum 8. Dezember und nochmals zum 10. Dezember 2020 einige Hinweise zu Sicherheitupdates und Revisionen ver\u00f6ffentlicht. Ich trage diese unkommentiert hier im Blog nach. <\/p>\n

<\/p>\n

\"\"Hier die Security Update Releases zum 8. Dezember 2020.<\/p>\n

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: December 8, 2020
<\/strong>**************************************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment:<\/p>\n

* CVE-2020-1325
* CVE-2020-1596
* CVE-2020-17049
 <\/p>\n

Revision Information:
=====================<\/p>\n

* CVE-2020-1325<\/p>\n

CVE-2020-1325 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability<\/a>
– Version 2.0
– Reason for Revision: Microsoft is announcing the availability of the security update
   for Azure DevOps Server 2019 Update 1.1 to address this vulnerability. Customers
   running Azure DevOps Server 2019 Update 1.1 should install the update to be protected
   from this vulnerability.
– Originally posted: November 10, 2020
– Updated: December 8, 2020
– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2020-1596<\/p>\n

CVE-2020-1596 | TLS Information Disclosure Vulnerability<\/a>
– Version 3.0
– Reason for Revision: To address a known issue customers running Windows Server 2008
   experienced after installing the September 2020 security updates, Microsoft has
   released the December 2020 Monthly Rollup and Security Only updates for all affected
   versions of Windows Server 2008. Microsoft strongly recommends that customers
   enrolled in the Extended Security Update (ESU) program install the updates to
   correct this known issue.
– Originally posted: September 8, 2020
– Updated: December 8, 2020
– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2020-17049<\/p>\n

CVE-2020-17049 | Kerberos KDC Security Feature Bypass Vulnerability<\/a>
–  Version 3.0
– Reason for Revision: To comprehensively address CVE-2020-17049, Microsoft has
   released the following: December 2020 Security Updates for all affected Windows 10
   servers, Windows Server 2012 R2, and Windows Server 2012; December 2020 Monthly
   Rollup updates and Security Only updates for all affected versions of Windows
   Server 2008 R2 and Windows Server 2008. These updates include fixes for all known
   issues originally introduced by the November 10, 2020 security updates for
   CVE-2020-17049. Microsoft strongly recommends that customers running any of these
   versions of Windows Server install the updates and then follow the steps outlined
   in https:\/\/support.microsoft.com\/help\/4598347<\/a> to enable full protection on domain
   controller servers.
– Originally posted: November 10, 2020
– Updated: December 8, 2020
– Aggregate CVE Severity Rating: Important<\/p>\n

Das Thema hatte ich im Blog-Beitrag Microsoft patcht Windows Kerberos-Schwachstelle CVE-2020-16996 mit Dez. 2020-Updates<\/a> angesprochen. <\/p>\n

***************************************************************
Title: Microsoft Security Update Releases
Issued: December 10, 2020<\/strong>
***************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment:<\/p>\n

* CVE-2020-17002
* CVE-2020-17049
* CVE-2020-17160<\/p>\n

Revision Information:
=====================<\/p>\n

* CVE-2020-17002<\/p>\n

CVE-2020-17002 | Azure SDK for C Security Feature Bypass Vulnerability<\/a>
– Version 2.0
– Reason for Revision: In the Security Updates table, added the following:
   azure-c-shared-utility Release LTS_07_2020 and LTS_02_2020; C SDK for Azure
   IoT Release LTS_07_2020 and LTS_02_2020; all supported releases of the following
   protocol submodules: azure-uamqp-c, azure-umqtt-c, azure-uhttp-c, and azure-utpm-c.
   These releases all contain a security fix, addressed by CVE-2020-17002, affecting
   applications using c-utility in conjunction with OpenSSL or WolfSSL.
– Originally posted: December 8, 2020
– Updated: December 10, 2020
– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2020-17049<\/p>\n

CVE-2020-17049 | Kerberos KDC Security Feature Bypass Vulnerability<\/a>
– Version 4.0
– Reason for Revision: In the Security Updates table, corrected the Download and
   Article links for all affected Windows 10 servers, Windows Server 2012 R2, and
   Windows Server 2012 R2. Note that the December 2020 Security Updates supercede
   the security updates released on November 10, 2020 and the updates released
   between November 17, 2020 and November 19, 2020 to address this vulnerability.
– Originally posted: November 10, 2020
– Updated: December 8, 2020
– Aggregate CVE Severity Rating: Important<\/p>\n

Das Thema hatte ich im Blog-Beitrag Microsoft patcht Windows Kerberos-Schwachstelle CVE-2020-16996 mit Dez. 2020-Updates<\/a> angesprochen.<\/p>\n

Hier die Sicherheitshinweise zum 8. Dezember, wobei die letzten SSUs und der Edge bereits in separaten Beitr\u00e4gen behandelt wurden. <\/p>\n

*************************************************************************
Title: Microsoft Security Advisory Notification
Issued: December 8, 2020<\/strong>
*************************************************************************<\/p>\n

Security Advisories Released or Updated on December 8, 2020
=========================================================================<\/p>\n

*ADV200013<\/p>\n

ADV200013 | Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver<\/a>
– Reason for Revision: Information published.
– Originally posted: December 8, 2020
– Updated: N\/A
– Version: 1.0<\/p>\n

* ADV990001<\/p>\n

ADV990001 | Latest Servicing Stack Updates<\/a>
– Reason for Revision: Advisory updated to announce new versions of Servicing Stack
   Updates are available. Please see the FAQ for details.
– Originally posted: November 13, 2018
– Updated: December 8, 2020
– Version: 29.0<\/p>\n

* ADV200002<\/p>\n

ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based)<\/a>
– Reason for Revision: Updated advisory to announce a new version of Microsoft
   Edge (Chromium-based). Please see the table for more information.
– Originally posted: January 28, 2020
– Updated: December 8, 2020
– Version: 30.0<\/p>\n

* CVE-2020-17160<\/p>\n

CVE-2020-17160 | RETRACTED<\/a>  – Version 2.0
– Reason for Revision: This CVE was published in error and has been retracted.
   For the correct CVE information see
   https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2020-17002<\/a>.
– Originally posted: December 8, 2020
– Updated: December 9, 2020
– Aggregate CVE Severity Rating: N\/A<\/p>\n

Die CVE zur Azure SDK for C Security Feature Bypass Vulnerability wurde f\u00e4lschlich herausgegeben<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Microsoft hat zum 8. Dezember und nochmals zum 10. Dezember 2020 einige Hinweise zu Sicherheitupdates und Revisionen ver\u00f6ffentlicht. Ich trage diese unkommentiert hier im Blog nach.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,185],"tags":[4328,4315],"class_list":["post-238793","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-update","tag-sicherheit","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/238793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=238793"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/238793\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=238793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=238793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=238793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}