Microsoft Security Update Revisions (April 19, 2022)

Posted on 2022-04-20 by guenni

Brief addendum from last week. Microsoft has released some Microsoft Security Update revisions for April 19, 2022, which are changes to the documentation of various security updates. Here is an uncommented overview.

Advertising

**********************************************************
Title: Microsoft Security Update Revisions
Issued: April 19, 2022
**********************************************************

Summary
=======

The following CVEs have undergone a revision increment.
==========================================================
* CVE-2022-24543
* CVE-2022-26919
* CVE-2022-26809
* CVE-2022-26832

* CVE-2022-24543

CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Updated acknowledgment. This is an informational change only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Important

Advertising

* CVE-2022-26919

CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Removed one of the FAQs. This is an information change only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Critical

* CVE-2022-26809

CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Removed the Mitigation "Block TCP port 445 at the enterprise
   perimeter firewall" and added an FAQ to explain that the mitigation does not directly
   protect against all potential attack scenarios for this specific vulnerability.
   Added information in FAQs to provide recommended best practices for port blocking
   at the perimeter firewall. These are informational changes only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Critical

* CVE-2022-26832

CVE-2022-26832 | .NET Framework Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added .NET Framework 4.8
   installed on Windows Server 2016 and Windows Server 2016 (Server Core installation),
   .NET Framework 3.5 and 4.7.2 intalled on Windows Server 2019 and Windows Server 2019
   (Server Core installation), and .NET Framework 3.5 and 4.8 installed on Windows
   Server 2019 and Windows Server 2019 (Server Core installation) as these versions
   of Windows Server with these versions of .NET Framework installed are affected by
   this vulnerability. Customers running these versions of .NET Framework should
   install the April 2022 security updates to be protected from this vulnerability.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Important

Advertising
This entry was posted in Security, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).