[German]Small addendum from this week: Microsoft has published a summary of changed security descriptions for Excel RCE vulnerabilities and also points to revised servicing stack updates. Here is a brief overview of the info I received via email on 2/18/2021.
Advertising
**********************************************************************
Title: Microsoft Security Update Releases Issued: February 17, 2021
**********************************************************************
Summary
=======
The following CVEs and advisory have undergone a major revision increment:
* CVE-2021-24067
* CVE-2021-24069
* ADV990001
Microsoft Excel RCE Vulnerabilities
For Microsoft Excel, two remote code execution vulnerabilities were fixed by security updates as of February 9, 2021 (I had listed the patches in the postBeitrag Patchday Microsoft Office Updates (February 9, 2021). References to the RCE vulnerabilities were given in the article Windows/Office: Patchday review February 2021. In the Microsoft Security Update Releases from February 17, 2021, Microsoft points out the following change in the security rating to Important.
- CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability - Version 2.0 - Reason for Revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the Release Notes for more information and download links. - Originally posted: February 9, 2021 - Updated: February 16, 2021 - Aggregate CVE Severity Rating: Important - CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability - Version 2.0 - Reason for Revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the Release Notes for more information and download links. - Originally posted: February 9, 2021 - Updated: February 16, 2021 - Aggregate CVE Severity Rating: Important
Servicing Stack Update (SSU) Revisions
In addition, SSU KB5001078 for Windows 10 (Nov132020) had a revision of the CVE rating to critical. The latest SSUs should therefore be installed in any case.
- ADV990001 | Latest Servicing Stack Updates - Version 33.0 - Reason for Revision: To address known issues customers might have experienced when installing security updates released on February 9, 2021, Microsoft has released the following servicing stack updates (SSUs): KB5001078 for all affected editions of Windows 10; KB5001079 for all affected editions of Windows 10 Version 1607 and Windows Server 2016. Customers must install the new SSU before installing the applicable February 9, 2021 security update. - Originally posted: November 13, 2021 - Updated: February 16, 2021 - Aggregate CVE Severity Rating: Critical
Above revision has nothing to do with the withdrawn SSUs for Windows 10, which have been addressed in subsequent posts.
Advertising
Similar articles:
Fix for Windows 10/Server 1607 update hang at 24% due to SSU KB4601392
Windows 10: SSU KB4601390 pulled, revised SSU KB5001079 released
Advertising
