[English]Zum Patchday (10. August 2021) hat Microsoft ja eine Reihe an Schwachstellen durch Updates geschlossen. Mir liegt eine Übersicht vor, die ich der Vollständigkeit halber einstelle. Zudem hat Microsoft die Tage in Mails zwei Security Update Revisions verteilt, die ich hier ebenfalls veröffentliche. Vielleicht ist das für jemanden von Interesse.
Anzeige
Microsoft Security Update Revisions
Zum 11. August hat Microsoft die nachfolgende Information zur Print-Spooler-Dienst-Schwachstelle veröffentlicht.
***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 11, 2021
***********************************************************************
Summary
=======
The following CVE has been published to the Security Update Guide.
Anzeige
=======================================================================
* CVE-2021-36958
– CVE-2021-36958 | Windows Print Spooler Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: August 11, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
Zu diesem Sachverhalt hatte ich bereits etwas im Artikel Windows PrintNightmare, neue Runde mit CVE-2021-36958 geschrieben. Die PrintNightmare-Schwachstellen werden bereits in freier Wildbahn ausgenutzt (siehe Ransomware-Gang nutzt PrintNightmare für Angriffe auf Windows Server). Zudem wurde das nachfolgende Dokument mit Hinweisen auf weitere Revisionen veröffentlicht.
***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 11, 2021
***********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment.
=======================================================================
* CVE-2021-34524
* CVE-2021-36949
– CVE-2021-34524 | Microsoft Dynamics 365 (on-premises) Remote Code Execution
Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft is announcing the availability of the security
updates for Microsoft Dynamics 365 (on-premises) version 9.1. Customers running
affected Dynamics software should install the update for their product to be
protected from this vulnerability. Customers running other versions of Microsoft
Dynamics 365 (on-premises) do not need to take any action. See the KB4618809
for more information and download links.
– Originally posted: August 10, 2021
– Updated: August 11, 2021
– Aggregate CVE Severity Rating: Important
– CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass
Vulnerability
– Version: 2.0
– Reason for Revision: The following revisions have been made: 1) In the Security
Updates table, added Azure Active Directory Connect Provisioning Agent as it
is also affected by this vulnerability 2) Updated FAQs.
– Originally posted: August 10, 2021
– Updated: August 10, 2021
– Aggregate CVE Severity Rating: Important
***********************************************************************
Title: Microsoft Security Update Revisions
Issued: August 12, 2021
***********************************************************************
Summary
=======
The following CVE has undergone informational revisions.
=======================================================================
The following CVEs have undergone a major revision increment.
– CVE-2021-26423 | .NET Core and Visual Studio Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions
of .NET Core that are affected by this vulnerability. See
https://github.com/PowerShell/Announcements/issues/25 for more information.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important
* CVE-2021-34485
– CVE-2021-34485 | .NET Core and Visual Studio Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include PowerShell 7.0
and PowerShell 7.1 because these versions of PowerShell 7 incorporate the versions
of .NET Core that are affected by this vulnerability. See
https://github.com/PowerShell/Announcements/issues/24 for more information.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important
The following CVEs have undergone informational revisions.
– CVE-2021-26432 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution
Vulnerability
– Version: 1.1
– Reason for Revision: Added FAQ to provide further vulnerability details.
This is an informational change only.
– Originally posted: August 10, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Critical
– CVE-2021-36934 | Windows Elevation of Privilege Vulnerability
– Version: 5.1
– Reason for Revision: Updated FAQ information. This is an informational change
only.
– Originally posted: July 20, 2021
– Updated: August 12, 2021
– Aggregate CVE Severity Rating: Important
Qualys August 2021 Patchday-Übersicht
Microsoft und Adobe haben am Patch Tuesday (10 August 2021) Sicherheitsupdates für diverse Produkte freigegeben. Von Microsoft wurden 51 Schwachstellen, davon 7 kritisch, und 3 waren 0-days, geschlossen. Adobe hat 29 Schwachstellen durch Sicherheitsupdate geschlossen. Eine detaillierte Übersicht der gepatchten Schwachstellen findet sich in diesem Qualys-Bericht.
Anzeige