Microsoft Sicherheitsrevisionen (8.2.2022)

Sicherheit (Pexels, allgemeine Nutzung)[English]Microsoft hat zum 8. Februar per Mail über diverse Revisionen seiner Sicherheitshinweise hingewiesen. Es geht um eine Remote Desktop Services Remote Code Execution-Schwachstelle, einen Windows Kernel Memory Information Disclosure-Schwachstelle, eine Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege-Schwachstelle und eine Microsoft Power BI Information Disclosure-Schwachstelle. Zudem gab es im Feb. 2022 ein neues Servicing Stack Update (SSU), siehe ADV990001. Alles hat aber nur informellen Charakter, Microsoft hat nur die Beschreibungen angepasst. Ich stelle die betreffenden Informationen einfach mal unkommentiert hier im Blog ein.


Anzeige

*********************************************************************
Title: Microsoft Security Update Revisions
Issued: February 8, 2022
*********************************************************************

Summary
=======

The following CVEs have undergone revision increments.
=====================================================================

* CVE-2019-0887
* CVE-2021-34500
* CVE-2022-21871
* CVE-2022-23254

CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability
–  Version: 3.0
– Reason for Revision: In the Security Updates table, added Remote Desktop client
   for Windows Desktop as it is also affected by this vulnerability. Customers
   running Remote Desktop client for Windows Desktop should ensure that they have
   version 1.2.2691 or higher to be protected from this vulnerability.
– Originally posted: July 9, 2019
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2021-34500, Microsoft
   has released Febuary 2022 security updates for the following supported
   editions of Microsoft Windows: Windows 10, Windows 10 Version 1607, Windows 8.1,
   Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, 
   and Windows Server 2008. Microsoft strongly recommends that customers install the
   updates to be fully protected from the vulnerability. Customers whose systems are
   configured to receive automatic updates do not need to take any further action.
– Originally posted: July 13, 2021
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of
   Privilege Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added the following versions
   of Visual Studio as they also affected by CVE-2022-21871: Microsoft Visual Studio
   2019 version 16.9, Microsoft Visual Studio 2019 version 16.7, Microsoft Visual
   Studio 2017 version 15.9, and Microsoft Visual Studio 2015 Update 3. Microsoft
   strongly recommends that customers running any of these versions of Visual Studio
   install the updates to be fully protected from the vulnerability. Customers whose
   systems are configured to receive automatic updates do not need to take any
   further action.
– Originally posted: January 11, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

CVE-2022-23254 | Microsoft Power BI Information Disclosure Vulnerability
– Version: 1.1
– Reason for Revision: Corrected the CVE title and description to address the
   vulnerability as Information Disclosure. In the Affected Products table, corrected
   the Impact to Information Disclosure. This is an informational change only.
– Originally posted: February 8, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important


Anzeige


Cookies blockieren entzieht uns die Finanzierung: Cookie-Einstellungen

Dieser Beitrag wurde unter Sicherheit abgelegt und mit verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Hinweis: Bitte beachtet die Regeln zum Kommentieren im Blog (Erstkommentare und Verlinktes landet in der Moderation, gebe ich alle paar Stunden frei, SEO-Posts/SPAM lösche ich rigoros). Kommentare abseits des Themas bitte unter Diskussion.