Brief addendum from last week. Microsoft has released some Microsoft Security Update revisions for April 19, 2022, which are changes to the documentation of various security updates. Here is an uncommented overview.
Advertising
**********************************************************
Title: Microsoft Security Update Revisions
Issued: April 19, 2022
**********************************************************
Summary
=======
The following CVEs have undergone a revision increment.
==========================================================
* CVE-2022-24543
* CVE-2022-26919
* CVE-2022-26809
* CVE-2022-26832
* CVE-2022-24543
– CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Updated acknowledgment. This is an informational change only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Important
Advertising
* CVE-2022-26919
– CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Removed one of the FAQs. This is an information change only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Critical
* CVE-2022-26809
– CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Removed the Mitigation "Block TCP port 445 at the enterprise
perimeter firewall" and added an FAQ to explain that the mitigation does not directly
protect against all potential attack scenarios for this specific vulnerability.
Added information in FAQs to provide recommended best practices for port blocking
at the perimeter firewall. These are informational changes only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Critical
* CVE-2022-26832
– CVE-2022-26832 | .NET Framework Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added .NET Framework 4.8
installed on Windows Server 2016 and Windows Server 2016 (Server Core installation),
.NET Framework 3.5 and 4.7.2 intalled on Windows Server 2019 and Windows Server 2019
(Server Core installation), and .NET Framework 3.5 and 4.8 installed on Windows
Server 2019 and Windows Server 2019 (Server Core installation) as these versions
of Windows Server with these versions of .NET Framework installed are affected by
this vulnerability. Customers running these versions of .NET Framework should
install the April 2022 security updates to be protected from this vulnerability.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Important
