Microsoft Security Update Releases (Feb. 17, 2021)

[German]Small addendum from this week: Microsoft has published a summary of changed security descriptions for Excel RCE vulnerabilities and also points to revised servicing stack updates. Here is a brief overview of the info I received via email on 2/18/2021.


Advertising

**********************************************************************
Title: Microsoft Security Update Releases Issued: February 17, 2021
**********************************************************************
Summary
=======
The following CVEs and advisory have undergone a major revision increment:

* CVE-2021-24067
* CVE-2021-24069
* ADV990001

Microsoft Excel RCE Vulnerabilities

For Microsoft Excel, two remote code execution vulnerabilities were fixed by security updates as of February 9, 2021 (I had listed the patches in the postBeitrag Patchday Microsoft Office Updates (February 9, 2021). References to the RCE vulnerabilities were given in the article Windows/Office: Patchday review February 2021. In the Microsoft Security Update Releases from February 17, 2021, Microsoft points out the following change in the security rating to Important.

 - CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability
 - Version 2.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Microsoft Office for Mac. Customers running affected Mac software
   should install the update for their product to be protected from this vulnerability. 
   Customers running other Microsoft Office software do not need to take any action. 
   See the Release Notes for more information and download links.
 - Originally posted: February 9, 2021
 - Updated: February 16, 2021
 - Aggregate CVE Severity Rating: Important

 - CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability
 - Version 2.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Microsoft Office for Mac. Customers running affected Mac software
   should install the update for their product to be protected from this vulnerability. 
   Customers running other Microsoft Office software do not need to take any action. 
   See the Release Notes for more information and download links.
 - Originally posted: February 9, 2021
 - Updated: February 16, 2021
 - Aggregate CVE Severity Rating: Important

Servicing Stack Update (SSU) Revisions

In addition, SSU KB5001078 for Windows 10 (Nov132020) had a revision of the CVE rating to critical. The latest SSUs should therefore be installed in any case.

 - ADV990001 | Latest Servicing Stack Updates
 - Version 33.0
 - Reason for Revision: To address known issues customers might have experienced when
   installing security updates released on February 9, 2021, Microsoft has released
   the following servicing stack updates (SSUs): KB5001078 for all affected editions
   of Windows 10; KB5001079 for all affected editions of Windows 10 Version 1607 and 
   Windows Server 2016. Customers must install the new SSU before installing the
   applicable February 9, 2021 security update.
 - Originally posted: November 13, 2021
 - Updated: February 16, 2021
 - Aggregate CVE Severity Rating: Critical

Above revision has nothing to do with the withdrawn SSUs for Windows 10, which have been addressed in subsequent posts.


Advertising

Similar articles:
Fix for Windows 10/Server 1607 update hang at 24% due to SSU KB4601392
Windows 10: SSU KB4601390 pulled, revised SSU KB5001079 released


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Office, Security, Software, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *