{"id":22226,"date":"2021-11-21T01:17:40","date_gmt":"2021-11-21T00:17:40","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22226"},"modified":"2021-11-21T01:17:40","modified_gmt":"2021-11-21T00:17:40","slug":"windows-10-elevation-of-privilege-vulnerabilities-in-update-assistant-and-cve-revisions","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/11\/21\/windows-10-elevation-of-privilege-vulnerabilities-in-update-assistant-and-cve-revisions\/","title":{"rendered":"Windows 10: Elevation of Privilege Vulnerabilities in Update Assistant; and CVE Revisions"},"content":{"rendered":"

\"Windows\"[German<\/a>]Short addendum from this week. Microsoft has issued a security warning for November 16, 2021. It states that the Windows 10 Update Assistant Elevation of Privilege has security vulnerabilities. Specifically, it is about two vulnerabilities CVE-2021-42297 and CVE-2021-43211. In addition, there were some update revisions to vulnerabilities in Excel, etc.<\/p>\n

<\/p>\n

Elevation of Privilege in Windows 10 Update Assistant <\/h3>\n

\"\"Two vulnerabilities were found in the Windows 10  Update Assistant Elevation of Privilege. Here is the security advisory:<\/p>\n

CVE-2021-42297<\/a> | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: November 16, 2021
– Updated: N\/A
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-43211<\/a> | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: November 16, 2021
– Updated: N\/A
– Aggregate CVE Severity Rating: Important<\/p>\n

An attacker would only be able to delete targeted files on a system via both vulnerabilities. He would not gain permission to view or modify file contents. Microsoft rates the exploitability of this vulnerability, which has been reported by several security researchers, as low. However, Microsoft has updated the Windows 10 Update Assistant and is offering the revised version on the Windows 10 download page<\/a>. <\/p>\n

More CVE revisions <\/h2>\n

In addition, some revisions have been made to the description\/classification of previous security alerts. Here is the information in question:<\/p>\n

* CVE-2021-40442
* CVE-2021-42292
* CVE-2021-42321<\/p>\n

CVE-2021-40442<\/a> | Microsoft Excel Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security updates
   for Microsoft Office for Mac. Customers running affected Mac software should install
   the update for their product to be protected from this vulnerability. Customers
   running other Microsoft Office software do not need to take any action. See the
   Release Notes for more information and download links.
– Originally posted: November 9, 2021
– Updated: November 16, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-42292<\/a> | Microsoft Excel Security Feature Bypass Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security updates
   for Microsoft Office for Mac. Customers running affected Mac software should install
   the update for their product to be protected from this vulnerability. Customers
   running other Microsoft Office software do not need to take any action. See the
   Release Notes for more information and download links.
– Originally posted: November 9, 2021
– Updated: November 16, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2021-42321<\/a> | Microsoft Exchange Server Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Added Microsoft Exchange Server 2013 to the Security Updates
   table. Customers that are using this version of Microsoft Exchange should install
   this update to be protected from this vulnerability.
– Originally posted: November 9, 2021
– Updated: November 16, 2021
– Aggregate CVE Severity Rating: Important<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Short addendum from this week. Microsoft has issued a security warning for November 16, 2021. It states that the Windows 10 Update Assistant Elevation of Privilege has security vulnerabilities. Specifically, it is about two vulnerabilities CVE-2021-42297 and CVE-2021-43211. In addition, … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69,195,76],"class_list":["post-22226","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security","tag-update","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22226"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22226\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}