Microsoft Security Update Revisions (Feb. 8, 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]Microsoft emailed admins about various revisions to its security advisories as of Feb. 8. The talk about a Remote Desktop Services remote code execution vulnerability, a Windows Kernel Memory Information Disclosure vulnerability, a Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege vulnerability and a Microsoft Power BI Information Disclosure vulnerability. In addition, there was a new Servicing Stack Update (SSU) in Feb. 2022, see ADV990001. However, everything has only informal character, Microsoft only adjusted the descriptions. I'll just post the relevant information here in the blog without comment.

*********************************************************************
Title: Microsoft Security Update Revisions
Issued: February 8, 2022
*********************************************************************

Summary
=======

The following CVEs have undergone revision increments.
=====================================================================

* CVE-2019-0887
* CVE-2021-34500
* CVE-2022-21871
* CVE-2022-23254

CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability
–  Version: 3.0
– Reason for Revision: In the Security Updates table, added Remote Desktop client
   for Windows Desktop as it is also affected by this vulnerability. Customers
   running Remote Desktop client for Windows Desktop should ensure that they have
   version 1.2.2691 or higher to be protected from this vulnerability.
– Originally posted: July 9, 2019
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2021-34500, Microsoft
   has released Febuary 2022 security updates for the following supported
   editions of Microsoft Windows: Windows 10, Windows 10 Version 1607, Windows 8.1,
   Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, 
   and Windows Server 2008. Microsoft strongly recommends that customers install the
   updates to be fully protected from the vulnerability. Customers whose systems are
   configured to receive automatic updates do not need to take any further action.
– Originally posted: July 13, 2021
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of
   Privilege Vulnerability
– Version: 2.0
– Reason for Revision: In the Security Updates table, added the following versions
   of Visual Studio as they also affected by CVE-2022-21871: Microsoft Visual Studio
   2019 version 16.9, Microsoft Visual Studio 2019 version 16.7, Microsoft Visual
   Studio 2017 version 15.9, and Microsoft Visual Studio 2015 Update 3. Microsoft
   strongly recommends that customers running any of these versions of Visual Studio
   install the updates to be fully protected from the vulnerability. Customers whose
   systems are configured to receive automatic updates do not need to take any
   further action.
– Originally posted: January 11, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

CVE-2022-23254 | Microsoft Power BI Information Disclosure Vulnerability
– Version: 1.1
– Reason for Revision: Corrected the CVE title and description to address the
   vulnerability as Information Disclosure. In the Affected Products table, corrected
   the Impact to Information Disclosure. This is an informational change only.
– Originally posted: February 8, 2022
– Updated: February 8, 2022
– Aggregate CVE Severity Rating: Important

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *