{"id":256644,"date":"2021-08-13T06:05:49","date_gmt":"2021-08-13T04:05:49","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=256644"},"modified":"2021-08-14T05:22:19","modified_gmt":"2021-08-14T03:22:19","slug":"microsoft-security-update-revisions-august-2021-patchday-sicherheitsfixes","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2021\/08\/13\/microsoft-security-update-revisions-august-2021-patchday-sicherheitsfixes\/","title":{"rendered":"Microsoft Security Update Revisions, August 2021-Patchday Sicherheitsfixes"},"content":{"rendered":"

\"Sicherheit[English<\/a>]Zum Patchday (10. August 2021) hat Microsoft ja eine Reihe an Schwachstellen durch Updates geschlossen. Mir liegt eine \u00dcbersicht vor, die ich der Vollst\u00e4ndigkeit halber einstelle. Zudem hat Microsoft die Tage in Mails zwei Security Update Revisions verteilt, die ich hier ebenfalls ver\u00f6ffentliche. Vielleicht ist das f\u00fcr jemanden von Interesse.<\/p>\n

<\/p>\n

Microsoft Security Update Revisions<\/h2>\n

\"\"Zum 11. August hat Microsoft die nachfolgende Information zur Print-Spooler-Dienst-Schwachstelle ver\u00f6ffentlicht.<\/p>\n

***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 11, 2021
***********************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVE has been published to the Security Update Guide.<\/p>\n

=======================================================================<\/p>\n

* CVE-2021-36958<\/p>\n

CVE-2021-36958<\/a> | Windows Print Spooler Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: August 11, 2021
– Updated: N\/A
– Aggregate CVE Severity Rating: Important<\/p>\n

Zu diesem Sachverhalt hatte ich bereits etwas im Artikel Windows PrintNightmare, neue Runde mit CVE-2021-36958<\/a> geschrieben. Die PrintNightmare-Schwachstellen werden bereits in freier Wildbahn ausgenutzt (siehe Ransomware-Gang nutzt PrintNightmare f\u00fcr Angriffe auf Windows Server<\/a>). Zudem wurde das nachfolgende Dokument mit Hinweisen auf weitere Revisionen ver\u00f6ffentlicht.<\/p>\n

***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 11, 2021
***********************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment.<\/p>\n

=======================================================================<\/p>\n

* CVE-2021-34524
* CVE-2021-36949<\/p>\n

CVE-2021-34524<\/a> | Microsoft Dynamics 365 (on-premises) Remote Code Execution
Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security
updates for Microsoft Dynamics 365 (on-premises) version 9.1. Customers running
affected Dynamics software should install the update for their product to be
protected from this vulnerability. Customers running other versions of Microsoft
Dynamics 365 (on-premises) do not need to take any action. See the KB4618809
for more information and download links.
– Originally posted: August 10, 2021
– Updated: August 11, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-36949<\/a> | Microsoft Azure Active Directory Connect Authentication Bypass
Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Azure Active Directory Connect Provisioning Agent as it
is also affected by this vulnerability 2) Updated FAQs.
– Originally posted: August 10, 2021
– Updated: August 10, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 12, 2021
***********************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVE has undergone informational revisions.<\/p>\n

=======================================================================<\/p>\n

The following CVEs have undergone a major revision increment.<\/p>\n

CVE-2021-26423<\/a> | .NET Core and Visual Studio Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
   and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions
   of .NET Core that are affected by this vulnerability. See
   https:\/\/github.com\/PowerShell\/Announcements\/issues\/25<\/a> for more information.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2021-34485<\/p>\n

CVE-2021-34485<\/a> | .NET Core and Visual Studio Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
   and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions
   of .NET Core that are affected by this vulnerability. See
   https:\/\/github.com\/PowerShell\/Announcements\/issues\/24<\/a> for more information.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

The following CVEs have undergone informational revisions.<\/p>\n

CVE-2021-26432<\/a> | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution
   Vulnerability
– Version: 1.1
– Reason for Revision: Added FAQ to provide further vulnerability details.
   This is an informational change only.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Critical<\/p>\n

CVE-2021-36934<\/a> | Windows Elevation of Privilege Vulnerability
– Version: 5.1
– Reason for Revision: Updated FAQ information. This is an informational change
   only.
– Originally posted: July 20, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

Qualys August 2021 Patchday-\u00dcbersicht<\/h2>\n

Microsoft und Adobe haben am Patch Tuesday (10 August 2021) Sicherheitsupdates f\u00fcr diverse Produkte freigegeben. Von Microsoft wurden 51 Schwachstellen, davon 7 kritisch, und 3 waren 0-days, geschlossen. Adobe hat 29 Schwachstellen durch Sicherheitsupdate geschlossen. Eine detaillierte \u00dcbersicht der gepatchten Schwachstellen findet sich in diesem Qualys-Bericht<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Zum Patchday (10. August 2021) hat Microsoft ja eine Reihe an Schwachstellen durch Updates geschlossen. Mir liegt eine \u00dcbersicht vor, die ich der Vollst\u00e4ndigkeit halber einstelle. Zudem hat Microsoft die Tage in Mails zwei Security Update Revisions verteilt, die ich … Weiterlesen →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[8271,4328,4315],"class_list":["post-256644","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-patchday-8-2021","tag-sicherheit","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/256644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=256644"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/256644\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=256644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=256644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=256644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}