Kurzer Nachtrag von voriger Woche. Microsoft hat zum 19. April 2022 einige Microsoft Security Update Revisionen veröffentlicht, bei denen es sich um Änderungen an der Dokumentation verschiedener Sicherheits-Updates geht. Hier ein unkommentierter Überblick.
Anzeige
**********************************************************
Title: Microsoft Security Update Revisions
Issued: April 19, 2022
**********************************************************
Summary
=======
The following CVEs have undergone a revision increment.
==========================================================
* CVE-2022-24543
* CVE-2022-26919
* CVE-2022-26809
* CVE-2022-26832
* CVE-2022-24543
Anzeige
– CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Updated acknowledgment. This is an informational change only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Important
* CVE-2022-26919
– CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Removed one of the FAQs. This is an information change only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Critical
* CVE-2022-26809
– CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
– Version: 1.1
– Reason for Revision: Removed the Mitigation "Block TCP port 445 at the enterprise
perimeter firewall" and added an FAQ to explain that the mitigation does not directly
protect against all potential attack scenarios for this specific vulnerability.
Added information in FAQs to provide recommended best practices for port blocking
at the perimeter firewall. These are informational changes only.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Critical
* CVE-2022-26832
– CVE-2022-26832 | .NET Framework Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added .NET Framework 4.8
installed on Windows Server 2016 and Windows Server 2016 (Server Core installation),
.NET Framework 3.5 and 4.7.2 intalled on Windows Server 2019 and Windows Server 2019
(Server Core installation), and .NET Framework 3.5 and 4.8 installed on Windows
Server 2019 and Windows Server 2019 (Server Core installation) as these versions
of Windows Server with these versions of .NET Framework installed are affected by
this vulnerability. Customers running these versions of .NET Framework should
install the April 2022 security updates to be protected from this vulnerability.
– Originally posted: April 12, 2022
– Updated: April 19, 2022
– Aggregate CVE Severity Rating: Important
Anzeige