{"id":21948,"date":"2021-11-02T16:07:54","date_gmt":"2021-11-02T15:07:54","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21948"},"modified":"2021-11-02T16:07:54","modified_gmt":"2021-11-02T15:07:54","slug":"microsoft-security-update-releases-nachtrag-vom-oktober-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/11\/02\/microsoft-security-update-releases-nachtrag-vom-oktober-2021\/","title":{"rendered":"Microsoft Security Update Releases – October 2021"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Microsoft has published some Security Update Releases notifications and also revisions in October 2021. Since I have not been able to cover everything so far, I am summarizing the relevant notifications in a collective post. The security information ranges from a \"Windows Key Storage Provider Security Feature Bypass Vulnerability\" to the Azure AD Security Feature Bypass Vulnerability.<\/p>\n

<\/p>\n

\"\"**********************************************************
Title: Microsoft Security Update Releases
Issued: October 12, 2021
**********************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment:<\/p>\n

* CVE-2021-38624
* CVE-2021-33781<\/p>\n

CVE-2021-38624<\/a><\/p>\n

– Windows Key Storage Provider Security Feature Bypass Vulnerability
– Version 2.0
– Reason for Revision: The following revisions have been made: 1) To comprehensively
   address CVE-2021-38624, Microsoft has released the October 2021 Security Updates
   for all affected editions of Windows 10 Version 1809 and newer because these versions
   are also affected by CVE-2021-38624. 2) In the Security Updates table, Windows 11 for
   x64-based systems and Windows 11 for ARM64-based systems have been added as Windows 11
   is also affected by this vulnerability. Microsoft strongly recommends that customers
   install the October updates to be fully protected from this vulnerability. Customers
   whose systems are configured to receive automatic updates do not need to take any
   further action.
– Originally posted: September 14, 2021
– Updated: October 12, 2021<\/p>\n

CVE-2021-33781<\/a><\/p>\n

– Azure AD Security Feature Bypass Vulnerability
– Version 2.0
– Reason for Revision: In the Security Updates table, added all supported versions
   of Windows 10 Version 1607, Windows Server 2016, and Windows 11 because these versions
   of Windows 10, Windows Server, and Windows 11 are also affected by this vulnerability.
   Microsoft strongly recommends that customers running any of these versions install the
   updates to be fully protected from the vulnerability. Customers whose systems are
   configured to receive automatic updates do not need to take any further action.
– Originally posted: July 13, 2021
– Updated: October 12, 2021<\/p>\n

**********************************************************
Title: Microsoft Security Advisory Notification
Issued: October 12, 2021
**********************************************************<\/p>\n

Security Advisories Released or Updated on October 12, 2021
==========================================================<\/p>\n

* ADV200011<\/p>\n

ADV200011<\/p>\n

ADV200011<\/a> | Microsoft Guidance for Addressing Security Feature Bypass in GRUB
– Reason for Revision: The following revisions have been made: 1) Updated FAQ to
   indicate that Microsoft will release an update to address this vulnerability in
   Spring of 2022. You can register for the security notifications mailer to be alerted
   when this update is available, and when content changes are made to this advisory.
   See\u202fMicrosoft Technical Security Notifications. 2) In the Security Updates table,
   added all supported editions of the following versions of Windows and Windows Server,
   as they are affected by this vulnerability: Windows 10 version 20H2, Windows 10
   version 21H1, Windows 11, Windows Server, version 20H2 (Server Core Installation),
   and Windows Server 2022. 3) In the Executive Summary, corrected location of
   Mitigations section.
– Originally posted: July 29, 2021
– Updated: October 12, 2021
– Version: 3.0<\/p>\n

**********************************************************
Title: Microsoft Security Update Revisions
Issued: October 15, 2021
**********************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone revision increments.<\/p>\n

==========================================================<\/p>\n

The following CVEs have undergone a major revision increment.<\/p>\n

* CVE-2020-0951<\/a><\/p>\n

– CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass
   Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
   and PowerShell 7.1 because these versions of PowerShell 7 are affected by this
   vulnerability. See https:\/\/github.com\/PowerShell\/Announcements\/issues\/27<\/a> for
   more information.
– Originally posted: September 8, 2020
– Updated: October 14, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

* CVE-2021-41355<\/p>\n

CVE-2021-41355<\/a> | .NET Core and Visual Studio Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.1
   because this version of PowerShell 7 incorporates the version of .NET that
   are affected by this vulnerability. See
   https:\/\/github.com\/PowerShell\/Announcements\/issues\/26<\/a> for more information.
– Originally posted: October 12, 2021
– Updated: October 14, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

The following CVE has undergone informational revisions.<\/p>\n

* CVE-2021-41363<\/a><\/p>\n

– CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability
– Version: 1.1
– Reason for Revision: The following revisions have been made: 1) In the Security
   Updates table, Build Number and Article link have been added. 2) FAQs have been
   updated to provide information about what to do to be protected from this
   vulnerability.
– Originally posted: October 12, 2021
– Updated: October 14, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Microsoft has published some Security Update Releases notifications and also revisions in October 2021. Since I have not been able to cover everything so far, I am summarizing the relevant notifications in a collective post. The security information ranges from … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-21948","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21948","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21948"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21948\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21948"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21948"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21948"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}