{"id":259660,"date":"2021-11-21T00:52:11","date_gmt":"2021-11-20T23:52:11","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=259660"},"modified":"2021-11-21T01:19:18","modified_gmt":"2021-11-21T00:19:18","slug":"windows-10-elevation-of-privilege-sicherheitslcken-im-update-assistant-und-weitere-revisionen","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2021\/11\/21\/windows-10-elevation-of-privilege-sicherheitslcken-im-update-assistant-und-weitere-revisionen\/","title":{"rendered":"Windows 10: Elevation of Privilege Sicherheitslücken im Update Assistant und weitere Revisionen"},"content":{"rendered":"

\"Windows\"[English<\/a>]Kurzer Nachtrag von dieser Woche. Microsoft hat zum 16. November 2021 eine Sicherheitswarnung herausgegeben. Es wird dort mitgeteilt, das der Windows 10 Update Assistant Elevation of Privilege Sicherheitsl\u00fccken aufweist. Konkret geht es um zwei Schwachstellen CVE-2021-42297 und CVE-2021-43211. Zudem gab es einige Update-Revisionen zu Schwachstellen in Excel etc.<\/p>\n

<\/p>\n

Elevation of Privilege im Windows 10 Update Assistant<\/h3>\n

\"\"Im Windows 10 Update Assistant Elevation of Privilege wurden zwei Schwachstellen gefunden, die eine Ausweitung der Rechte erm\u00f6glichen. Hier die Sicherheitsmeldung:<\/p>\n

CVE-2021-42297<\/a> | Windows 10 Update Assistant Elevation of Privilege Vulnerability
\n– Version: 1.0
\n– Reason for Revision: Information published.
\n– Originally posted: November 16, 2021
\n– Updated: N\/A
\n– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-43211<\/a> | Windows 10 Update Assistant Elevation of Privilege Vulnerability
\n– Version: 1.0
\n– Reason for Revision: Information published.
\n– Originally posted: November 16, 2021
\n– Updated: N\/A
\n– Aggregate CVE Severity Rating: Important<\/p>\n

Ein Angreifer w\u00e4re \u00fcber beide Schwachstellen nur in der Lage, gezielt Dateien auf einem System zu l\u00f6schen. Er w\u00fcrde keine Berechtigung zum Anzeigen oder \u00c4ndern von Dateiinhalten erhalten. Microsoft stuft die Ausnutzbarkeit dieser Schwachstelle, die von mehreren Sicherheitsforschern gemeldet wurden, als niedrig ein. Microsoft hat aber den Windows 10 Update Assistant aktualisiert und bietet die revidierte Version auf der Windows 10-Download-Seite<\/a> an.<\/p>\n

Weitere CVE-Revisionen<\/h2>\n

Zudem wurden an fr\u00fcheren Sicherheitswarnungen einige Revisionen in der Beschreibung\/Einstufung vorgenommen. Hier die betreffenden Informationen:<\/p>\n

* CVE-2021-40442
\n* CVE-2021-42292
\n* CVE-2021-42321<\/p>\n

CVE-2021-40442<\/a> | Microsoft Excel Remote Code Execution Vulnerability
\n– Version: 2.0
\n– Reason for Revision: Microsoft is announcing the availability of the security updates
\nfor Microsoft Office for Mac. Customers running affected Mac software should install
\nthe update for their product to be protected from this vulnerability. Customers
\nrunning other Microsoft Office software do not need to take any action. See the
\nRelease Notes for more information and download links.
\n– Originally posted: November 9, 2021
\n– Updated: November 16, 2021
\n– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-42292<\/a> | Microsoft Excel Security Feature Bypass Vulnerability
\n– Version: 2.0
\n– Reason for Revision: Microsoft is announcing the availability of the security updates
\nfor Microsoft Office for Mac. Customers running affected Mac software should install
\nthe update for their product to be protected from this vulnerability. Customers
\nrunning other Microsoft Office software do not need to take any action. See the
\nRelease Notes for more information and download links.
\n– Originally posted: November 9, 2021
\n– Updated: November 16, 2021
\n– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-42321<\/a> | Microsoft Exchange Server Remote Code Execution Vulnerability
\n– Version: 1.1
\n– Reason for Revision: Added Microsoft Exchange Server 2013 to the Security Updates
\ntable. Customers that are using this version of Microsoft Exchange should install
\nthis update to be protected from this vulnerability.
\n– Originally posted: November 9, 2021
\n– Updated: November 16, 2021
\n– Aggregate CVE Severity Rating: Important<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Kurzer Nachtrag von dieser Woche. Microsoft hat zum 16. November 2021 eine Sicherheitswarnung herausgegeben. Es wird dort mitgeteilt, das der Windows 10 Update Assistant Elevation of Privilege Sicherheitsl\u00fccken aufweist. Konkret geht es um zwei Schwachstellen CVE-2021-42297 und CVE-2021-43211. Zudem gab … Weiterlesen →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,185,3694],"tags":[4328,4315,4378],"class_list":["post-259660","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-update","category-windows-10","tag-sicherheit","tag-update","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/259660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=259660"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/259660\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=259660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=259660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=259660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}