[German]Short addendum from this week. Microsoft has issued a security warning for November 16, 2021. It states that the Windows 10 Update Assistant Elevation of Privilege has security vulnerabilities. Specifically, it is about two vulnerabilities CVE-2021-42297 and CVE-2021-43211. In addition, there were some update revisions to vulnerabilities in Excel, etc.
Advertising
Elevation of Privilege in Windows 10 Update Assistant
Two vulnerabilities were found in the Windows 10 Update Assistant Elevation of Privilege. Here is the security advisory:
– CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: November 16, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
– CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: November 16, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
An attacker would only be able to delete targeted files on a system via both vulnerabilities. He would not gain permission to view or modify file contents. Microsoft rates the exploitability of this vulnerability, which has been reported by several security researchers, as low. However, Microsoft has updated the Windows 10 Update Assistant and is offering the revised version on the Windows 10 download page.
More CVE revisions
In addition, some revisions have been made to the description/classification of previous security alerts. Here is the information in question:
Advertising
* CVE-2021-40442
* CVE-2021-42292
* CVE-2021-42321
– CVE-2021-40442 | Microsoft Excel Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security updates
for Microsoft Office for Mac. Customers running affected Mac software should install
the update for their product to be protected from this vulnerability. Customers
running other Microsoft Office software do not need to take any action. See the
Release Notes for more information and download links.
– Originally posted: November 9, 2021
– Updated: November 16, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security updates
for Microsoft Office for Mac. Customers running affected Mac software should install
the update for their product to be protected from this vulnerability. Customers
running other Microsoft Office software do not need to take any action. See the
Release Notes for more information and download links.
– Originally posted: November 9, 2021
– Updated: November 16, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Added Microsoft Exchange Server 2013 to the Security Updates
table. Customers that are using this version of Microsoft Exchange should install
this update to be protected from this vulnerability.
– Originally posted: November 9, 2021
– Updated: November 16, 2021
– Aggregate CVE Severity Rating: Important
Advertising
