[English]Kleiner Nachtrag vom Oktober 2020: Microsoft hatte einige Sicherheitshinweise zu Sicherheitsupdates veröffentlicht. Sind hier liegen geblieben, ich stelle sie mal zur Sicherheit hier ein.
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: October 13, 2020
**************************************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2019-1181
* CVE-2019-1182
* CVE-2020-1147
Revision Information:
=====================
* CVE-2019-1181
– CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability-
– Version 2.0
– Reason for Revision: Revised the Security Updates table to add Microsoft Remote
Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
for Mac IoS because these apps are affected by this vulnerability. Microsoft
recommends that customers running any of these apps install the latest security
update to be fully protected from this vulnerability. Please see the FAQ section
for information on how to get these updates.
– Originally posted: August 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical
* CVE-2019-1182
– CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
– Version 2.0
– Reason for Revision: Revised the Security Updates table to add Microsoft Remote
Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
for Mac IoS because these apps are affected by this vulnerability. Microsoft
recommends that customers running any of these apps install the latest security
update to be fully protected from this vulnerability. Please see the FAQ section
for information on how to get these updates.
– Originally posted: August 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical
* CVE-2020-1147
– CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code
Execution Vulnerability
– Version 2.0
– Reason for Revision: To comprehensively address CVE-2020-1147, Microsoft has released
the following: October Security Updates for all affected versions of .NET Framework
installed on Windows 10; October 2020 Monthly Rollup updates AND updated versions of
the Security Only updates released in July 2020 for all affected versions of .NET
Framework installed on Windows 8.1, Windows Server 2012 R2, Windows Server 2012,
Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft strongly
recommends that customers install the updates to be fully protected from the
vulnerability. Customers who install the Security Only updates should ensure that
they re-install the updates after October 13. Customers whose systems are configured
to receive automatic updates do not need to take any further action.
– Originally posted: July 14, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: October 15, 2020
**************************************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2020-16943
* CVE-2020-17022
* CVE-2020-17023
Revision Information:
=====================
* CVE-2020-16943
– CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability
– Version 2.0
– Reason for Revision: In the Security Updates table, removed the Article and Download
links because an update is not yet available for Dynamics 365 Commerce. Customers
will be notified via a revision to this CVE information when an update becomes
available.
– Originally posted: October 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Important
* CVE-2020-17022
– CVE-2020-17022 | Remote Desktop Services Remote Code Execution Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: October 15, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Important
* CVE-2020-17023
– CVE-2020-17023 | Visual Studio JSON Remote Code Execution Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: October 15, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Important
