{"id":259023,"date":"2021-11-02T15:15:29","date_gmt":"2021-11-02T14:15:29","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=259023"},"modified":"2021-11-02T16:11:24","modified_gmt":"2021-11-02T15:11:24","slug":"microsoft-security-update-releases-nachtrag-vom-oktober-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2021\/11\/02\/microsoft-security-update-releases-nachtrag-vom-oktober-2021\/","title":{"rendered":"Microsoft Security Update Releases – Nachtrag vom Oktober 2021"},"content":{"rendered":"

\"Sicherheit[English<\/a>]Microsoft hat im Oktober 2021 einige Security Update Releases-Benachrichtigungen und auch Revisionen publiziert. Da ich bisher nicht alles thematisieren konnte, fasse ich die betreffenden Meldungen in einem Sammelbeitrag zusammen. Die Sicherheitsinfos reichen von einer \"Windows Key Storage Provider Security Feature Bypass Vulnerability\" bis hin zur\u00a0 Azure AD Security Feature Bypass Vulnerability.<\/p>\n

<\/p>\n

\"\"**********************************************************
\nTitle: Microsoft Security Update Releases
\nIssued: October 12, 2021
\n**********************************************************<\/p>\n

Summary
\n=======<\/p>\n

The following CVEs have undergone a major revision increment:<\/p>\n

* CVE-2021-38624
\n* CVE-2021-33781<\/p>\n

CVE-2021-38624<\/a><\/p>\n

– Windows Key Storage Provider Security Feature Bypass Vulnerability
\n– Version 2.0
\n– Reason for Revision: The following revisions have been made: 1) To comprehensively
\naddress CVE-2021-38624, Microsoft has released the October 2021 Security Updates
\nfor all affected editions of Windows 10 Version 1809 and newer because these versions
\nare also affected by CVE-2021-38624. 2) In the Security Updates table, Windows 11 for
\nx64-based systems and Windows 11 for ARM64-based systems have been added as Windows 11
\nis also affected by this vulnerability. Microsoft strongly recommends that customers
\ninstall the October updates to be fully protected from this vulnerability. Customers
\nwhose systems are configured to receive automatic updates do not need to take any
\nfurther action.
\n– Originally posted: September 14, 2021
\n– Updated: October 12, 2021<\/p>\n

CVE-2021-33781<\/a><\/p>\n

– Azure AD Security Feature Bypass Vulnerability
\n– Version 2.0
\n– Reason for Revision: In the Security Updates table, added all supported versions
\nof Windows 10 Version 1607, Windows Server 2016, and Windows 11 because these versions
\nof Windows 10, Windows Server, and Windows 11 are also affected by this vulnerability.
\nMicrosoft strongly recommends that customers running any of these versions install the
\nupdates to be fully protected from the vulnerability. Customers whose systems are
\nconfigured to receive automatic updates do not need to take any further action.
\n– Originally posted: July 13, 2021
\n– Updated: October 12, 2021<\/p>\n

**********************************************************
\nTitle: Microsoft Security Advisory Notification
\nIssued: October 12, 2021
\n**********************************************************<\/p>\n

Security Advisories Released or Updated on October 12, 2021
\n==========================================================<\/p>\n

* ADV200011<\/p>\n

ADV200011<\/p>\n

ADV200011<\/a> | Microsoft Guidance for Addressing Security Feature Bypass in GRUB
\n– Reason for Revision: The following revisions have been made: 1) Updated FAQ to
\nindicate that Microsoft will release an update to address this vulnerability in
\nSpring of 2022. You can register for the security notifications mailer to be alerted
\nwhen this update is available, and when content changes are made to this advisory.
\nSee\u202fMicrosoft Technical Security Notifications. 2) In the Security Updates table,
\nadded all supported editions of the following versions of Windows and Windows Server,
\nas they are affected by this vulnerability: Windows 10 version 20H2, Windows 10
\nversion 21H1, Windows 11, Windows Server, version 20H2 (Server Core Installation),
\nand Windows Server 2022. 3) In the Executive Summary, corrected location of
\nMitigations section.
\n– Originally posted: July 29, 2021
\n– Updated: October 12, 2021
\n– Version: 3.0<\/p>\n

**********************************************************
\nTitle: Microsoft Security Update Revisions
\nIssued: October 15, 2021
\n**********************************************************<\/p>\n

Summary
\n=======<\/p>\n

The following CVEs have undergone revision increments.<\/p>\n

==========================================================<\/p>\n

The following CVEs have undergone a major revision increment.<\/p>\n

* CVE-2020-0951<\/a><\/p>\n

– CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass
\nVulnerability
\n– Version: 2.0
\n– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
\nand PowerShell 7.1 because these versions of PowerShell 7 are affected by this
\nvulnerability. See https:\/\/github.com\/PowerShell\/Announcements\/issues\/27<\/a> for
\nmore information.
\n– Originally posted: September 8, 2020
\n– Updated: October 14, 2021
\n– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2021-41355<\/p>\n

CVE-2021-41355<\/a> | .NET Core and Visual Studio Information Disclosure Vulnerability
\n– Version: 2.0
\n– Reason for Revision: Revised the Security Updates table to include PowerShell 7.1
\nbecause this version of PowerShell 7 incorporates the version of .NET that
\nare affected by this vulnerability. See
\nhttps:\/\/github.com\/PowerShell\/Announcements\/issues\/26<\/a> for more information.
\n– Originally posted: October 12, 2021
\n– Updated: October 14, 2021
\n– Aggregate CVE Severity Rating: Important<\/p>\n

The following CVE has undergone informational revisions.<\/p>\n

* CVE-2021-41363<\/a><\/p>\n

– CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability
\n– Version: 1.1
\n– Reason for Revision: The following revisions have been made: 1) In the Security
\nUpdates table, Build Number and Article link have been added. 2) FAQs have been
\nupdated to provide information about what to do to be protected from this
\nvulnerability.
\n– Originally posted: October 12, 2021
\n– Updated: October 14, 2021
\n– Aggregate CVE Severity Rating: Important<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Microsoft hat im Oktober 2021 einige Security Update Releases-Benachrichtigungen und auch Revisionen publiziert. Da ich bisher nicht alles thematisieren konnte, fasse ich die betreffenden Meldungen in einem Sammelbeitrag zusammen. Die Sicherheitsinfos reichen von einer \"Windows Key Storage Provider Security Feature … Weiterlesen →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[4328],"class_list":["post-259023","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/259023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=259023"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/259023\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=259023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=259023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=259023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}