Microsoft has released revisions to its security alerts and update descriptions as of March 17, 2022. Here is a summary of these revisions that I received by mail.
Advertising
*********************************************************
Title: Microsoft Security Update Revisions
Issued: March 17, 2022
*********************************************************
Summary
=======
The following CVEs have undergone revision increments.
=========================================================
* CVE-2020-8927
* CVE-2022-24512
* CVE-2022-24511
– CVE-2020-8927 | Brotli Library Buffer Overflow Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0,
PowerShell 7.1, and PowerShell 7.2 because these versions of PowerShell 7 are
affected by this vulnerability. See
Github for more information.
– Originally posted: March 8, 2022
– Updated: March 16, 2022
– Aggregate CVE Severity Rating: Important
Advertising
– CVE-2022-24512 | .NET and Visual Studio Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0,
PowerShell 7.1, and PowerShell 7.2 because these versions of PowerShell 7 are
affected by this vulnerability. See
Github for more information.
– Originally posted: March 8, 2022
– Updated: March 16, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-24511 | Microsoft Office Word Tampering Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security
updates for Microsoft Office for Mac. Customers running affected Mac software
should install the update for their product to be protected from this
vulnerability. Customers running other Microsoft Office software do not need to
take any action. See the Release Notes for more information and download links.
– Originally posted: March 8, 2022
– Updated: March 16, 2022
– Aggregate CVE Severity Rating: Important
Reason for Revision for the following CVEs: Corrected Download and Article links
in the Security Updates table. This is an informational change only.
* CVE-2022-21977
* CVE-2022-22010
* CVE-2022-23283
* CVE-2022-23285
* CVE-2022-23299
– CVE-2022-21977 | Media Foundation Information Disclosure Vulnerability
– Version: 1.2
– Originally posted: March 8, 2022
– Updated: March 16, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-22010 | Media Foundation Information Disclosure Vulnerability
– Version: 1.1
– Originally posted: March 8, 2022
– Updated: March 16, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-23283 | Windows ALPC Elevation of Privilege Vulnerability
– Version: 1.1
– Originally posted: March 8, 2022
– Updated: March 16, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-23285 | Remote Desktop Client Remote Code Execution Vulnerability
– Version: 1.1
– Originally posted: March 8, 2022
– Updated: March 17, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-23299 | Windows PDEV Elevation of Privilege Vulnerability
– Version: 1.1
– Updated: March 17, 2022
– Aggregate CVE Severity Rating: Important
