[German]Microsoft emailed admins about various revisions to its security advisories as of Feb. 8. The talk about a Remote Desktop Services remote code execution vulnerability, a Windows Kernel Memory Information Disclosure vulnerability, a Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege vulnerability and a Microsoft Power BI Information Disclosure vulnerability. In addition, there was a new Servicing Stack Update (SSU) in Feb. 2022, see ADV990001. However, everything has only informal character, Microsoft only adjusted the descriptions. I'll just post the relevant information here in the blog without comment.
*********************************************************************
Title: Microsoft Security Update Revisions
Issued: February 8, 2022
*********************************************************************
Summary
=======
The following CVEs have undergone revision increments.
=====================================================================
* CVE-2019-0887
* CVE-2021-34500
* CVE-2022-21871
* CVE-2022-23254
– CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability
– Version: 3.0
– Reason for Revision: In the Security Updates table, added Remote Desktop client
for Windows Desktop as it is also affected by this vulnerability. Customers
running Remote Desktop client for Windows Desktop should ensure that they have
version 1.2.2691 or higher to be protected from this vulnerability.
– Originally posted: July 9, 2019
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2021-34500, Microsoft
has released Febuary 2022 security updates for the following supported
editions of Microsoft Windows: Windows 10, Windows 10 Version 1607, Windows 8.1,
Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2,
and Windows Server 2008. Microsoft strongly recommends that customers install the
updates to be fully protected from the vulnerability. Customers whose systems are
configured to receive automatic updates do not need to take any further action.
– Originally posted: July 13, 2021
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of
Privilege Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added the following versions
of Visual Studio as they also affected by CVE-2022-21871: Microsoft Visual Studio
2019 version 16.9, Microsoft Visual Studio 2019 version 16.7, Microsoft Visual
Studio 2017 version 15.9, and Microsoft Visual Studio 2015 Update 3. Microsoft
strongly recommends that customers running any of these versions of Visual Studio
install the updates to be fully protected from the vulnerability. Customers whose
systems are configured to receive automatic updates do not need to take any
further action.
– Originally posted: January 11, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important
– CVE-2022-23254 | Microsoft Power BI Information Disclosure Vulnerability
– Version: 1.1
– Reason for Revision: Corrected the CVE title and description to address the
vulnerability as Information Disclosure. In the Affected Products table, corrected
the Impact to Information Disclosure. This is an informational change only.
– Originally posted: February 8, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important