[German]One more quick piece of info from this week's post. Microsoft has released some security description revisions as of June 14, 2022, which I'll just post here on the blog.
Advertising
********************************************************************
Title: Microsoft Security Update Revisions
Issued: June 14, 2022
********************************************************************
Summary
=======
The following CVEs have undergone a revision increment.
====================================================================
* CVE-2021-26414
* CVE-2022-23267
* CVE-2022-24513
* CVE-2022-24527
* CVE-2022-26832
* CVE-2022-30190
– CVE-2021-26414 | Windows DCOM Server Security Feature Bypass
– Version: 2.0
– Reason for Revision: Microsoft is announcing the release of the June 14, 2022
Windows security updates to address the second phase of hardening changes for this
vulnerability. After these updates are installed, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
on DCOM servers will be enabled by default. Customers who need to do so can still
disable it by using the RequireIntegrityActivationAuthenticationLevel registry key.
Microsoft strongly recommends that customers install the June 14, 2022 updates,
complete testing in your environment, and enable these hardening changes as soon
as possible.
– Originally posted: June 8, 2021
– Updated: June 14, 2022
– Aggregate CVE Severity Rating: Important
Advertising
– CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability
– Version: 3.0
– Reason for Revision: Revised the Security Updates table to include Visual Studio
2019 for Mac and Visual Studio 2022 for Mac because these versions of Visual
Studio for Mac are affected by this vulnerability. Microsoft strongly recommends
that customers running these versions of Visual Studio install the updates to be
fully protected from the vulnerability.
– Originally posted: May 10, 2022
– Updated: June 14, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability
– Version: 3.0
– Reason for Revision: Microsoft has released the June 2022 security updates to
further address CVE-2022-24513 for the following supported versions of Visual Studio:
Visual Studio 2017 version 15.9, Visual Studio 2019 version 16.9, Visual Studio 2019
version 16.11, Microsoft Visual Studio 2022 version 17.0, and Visual Studio 2019 for
Mac version 8.10. In addition, Visual Studio 2022 for Mac version 17.0 has been added
to the Security Updates table as it is also affected by this vulnerability. Microsoft
strongly recommends that customers install these updates to be fully protected from
the vulnerability.
– Originally posted: April 12, 2022
– Updated: June 14, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-24527 | Microsoft Endpoint Configuration Manager Elevation of Privilege
Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) Added Microsoft
Endpoint Configuration Manager to the Security Updates table as it is affected by this
vulnerability. 2) Removed all versions of Windows from the Security Updates table,
because the update to address this vulnerability is not available via the Windows
security updates. 3) Updated the FAQs to provide information about how customers can
get the hotfix for Microsoft Endpoint Configuration Manager that addresses this
vulnerability. 4) Corrected the CVE title.
– Originally posted: April 12, 2022
– Updated: June 14, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-26832 | .NET Framework Denial of Service Vulnerability
– Version: 3.0
– Reason for Revision: In the Security Updates table, added .NET Framework
4.6.2/4.7/4.7.1/4.7.2 installed on Windows 10 version 1607, Windows Server 2016, and
Windows Server 2016 (Server Core installation) as these versions of Window 10 and Windows
Server with .NET Framework 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this
vulnerability. Customers running these versions of .NET Framework should install the
April 2022 security updates to be protected from this vulnerability.
– Originally posted: April 12, 2022
– Updated: June 14, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution Vulnerability
– Version: 2.0
– Reason for Revision: The update for this vulnerability is in the June 2022
cumulative Windows Updates. Microsoft strongly recommends that customers install
the updates to be fully protected from the vulnerability. Customers whose systems are
configured to receive automatic updates do not need to take any further action.
– Originally posted: May 30, 2022
– Updated: June 14, 2022
– Aggregate CVE Severity Rating: Important
