Microsoft released some Security Update revisions to vulnerabilities on December 14 and 16. I am simply posting the relevant information as an uncommented addendum on the blog for your information.
Advertising
********************************************************************
Title: Microsoft Security Update Revisions
Issued: December 14, 2021
********************************************************************
Summary
=======
The following CVEs have undergone revision increments.
==================================================
* CVE-2019-0887
* CVE-2020-0655
* CVE-2021-1669
* CVE-2021-24084
– CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Windows 11 for x64-based Systems, Windows 11 for ARM64-based
Systems, Windows Server 2022, and Windows Server 2022 (Server Core installation)
as these versions of Windows are affected by this vulnerability. Customers running
Windows 11 or Windows Server 2022 should install the December 2021 security updates
to be protected from this vulnerability. 2) Added an acknowledgement.
– Originally posted: July 9, 2019
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important
Advertising
– CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Windows 11 for x64-based Systems, Windows 11 for ARM64-based
Systems, Windows Server 2022, and Windows Server 2022 (Server Core installation)
as these versions of Windows are affected by this vulnerability. Customers running
Windows 11 or Windows Server 2022 should install the December 2021 security updates
to be protected from this vulnerability. 2) Added an acknowledgement.
– Originally posted: February 11, 2020
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-1669 | Windows Remote Desktop Security Feature Bypass Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Microsoft Remote Desktop for iOS and Microsoft Remote Desktop
for Mac as these versions are affected by CVE-2021-1669. 2) New updates are available
that comprehensively address this vulnerability for the following: Microsoft Remote
Desktop, Microsoft Remote Desktop for Android, and Remote Desktop client for Windows
Desktop. Customers running any of these versions of Remote Desktop should check for
updates and ensure that they have the most recent update installed. Links to the
updates on the respective app stores are listed in the Security Updates table.
– Originally posted: January 12, 2021
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-24084 | Windows Mobile Device Management Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2021-24084, Microsoft has released
December 2021 security updates for all supported editions of Microsoft Windows.
Microsoft strongly recommends that customers install the updates to be fully protected
from the vulnerability. Customers whose systems are configured to receive automatic
updates do not need to take any further action.
– Originally posted: February 9, 2021
– Updated: December 14, 2021
– Aggregate CVE Severity Rating: Important
********************************************************************
Title: Microsoft Security Update Revisions
Issued: December 16, 2021
********************************************************************
Summary
=======
The following CVE has been published to the Security Update Guide.
==================================================
* CVE-2021-44228
– CVE-2021-44228 | Apache Log4j Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: December 16, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
The following CVEs have undergone revision increments.
===================================================================
* CVE-2021-43236
* CVE-2021-43883
* CVE-2021-43893
* CVE-2021-43905
– CVE-2021-43236 | Microsoft Message Queuing Information Disclosure Vulnerability
– Version: 1.1
– Reason for Revision: Updated FAQ information. This is an informational change only.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-43883 | Windows Installer Elevation of Privilege Vulnerability
– Version: 1.1
– Reason for Revision: Corrected the Download and Article links in the Affected
Products table. This is an informational change only.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-43893 | Windows Encrypting File System (EFS) Elevation of Privilege
Vulnerability
– Version: 1.1
– Reason for Revision: Corrected Article and Download entries in the Affected
Products table. This is an informational change only.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-43905 | Microsoft Office app Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Added an FAQ to indicate the app version that contains
the update.
– Originally posted: December 14, 2021
– Updated: December 16, 2021
– Aggregate CVE Severity Rating: Critical
