*******************************************************************************
*******
Title: Microsoft Security Update Releases
Issued: January 12, 2021 ******************************************************
********************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2018-8455
* CVE-2020-0689
* CVE-2020-17087
Revision Information:
=====================
* CVE-2018-8455
- CVE-2018-8455 | Windows Kernel Elevation of Privilege Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8455
- Version 2.0
- Reason for Revision: To comprehensively address CVE-2018-8455, Microsoft has
released
the following: January 2021 Security Update (4598243) for all affected
versions of
Windows 10 version 1607 and Windows Server 2016; January 2021 Monthly Rollup
(4598285)
and Security Only (4598275) updates for all affected versions of Windows 8.1
and
Windows Server 2012 R2. Microsoft strongly recommends that customers install
the
updates to be fully protected from the vulnerability. Customers whose systems
are
configured to receive automatic updates do not need to take any further
action.
- Originally posted: September 11, 2018
- Updated: January 12, 2021
- Aggregate CVE Severity Rating: Important
* CVE-2020-0689
- CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0689
- Version 2.0
- Reason for Revision: To comprehensively address CVE-2020-0689, Microsoft has
released
Security Update 4535680 for all affected versions of Windows 10; Windows 8.1
and
Server 2012 R2, and Windows Server 2012. In addition, the following revisions
have
been made: 1) Updated Servicing Stack Updates (SSU) to reflect the most
recent SSU
for affected Windows versions. 2) Removed all 32-bit and ARM64-based versions
of
Windows from the Security Updates table as these architectures are not
affected by
the vulnerability. 3) Removed versions of Windows that are no longer in
support
from the Security Updates table as there is no update available for them.
- Originally posted: February 11, 2020
- Updated: January 12, 2021
- Aggregate CVE Severity Rating: Important
* CVE-2020-17087
- CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17087
- Version 2.0
- Reason for Revision: To comprehensively address CVE-2020-17087 for supported
editions of Windows Server 2012, Microsoft is releasing security updates
4598278
(Monthly Rollup) and 4598297 (Security Only). We recommend that customers
running
Windows Server 2012 install the appropriate January 2021 update to be fully
protected
from this vulnerability.
- Originally posted: November 10, 2020
- Updated: January 12, 2021
- Aggregate CVE Severity Rating: Important
*******************************************************************************
*******
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers: ==================
====================================================================
If you receive an email message that claims to be distributing a Microsoft
security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all
security
notifications. However, PGP is not required for reading security notifications,
reading security bulletins, or installing security updates. You can obtain the
MSRC
public PGP key at <https://technet.microsoft.com/security/dn753714>.
*******************************************************************************
*******
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS"
WITHOUT
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
IMPLIED,
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE
BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. **************
************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at
<http://go.microsoft.com/fwlink/?LinkId=81184>.
If you would prefer not to receive future technical security notification alerts
by
email from Microsoft and its family of companies please visit the following
website
to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.
These settings will not affect any newsletters you've requested or any mandatory
service communications that are considered part of certain Microsoft services.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
We would love to get your feedback on your experience with these
security notifications. Please help us improve your security
notifications experience by filling out the form here: https://forms.office.co
m/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR4ekF0eHYitGhfGrzmE_ydpUQUdMQU
kzMFQwQzdYSjFBOTlXTjZWMDRRTi4u
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
https://account.microsoft.com/profile/unsubscribe?CTID=0&ECID=dQeZrwYhKWsUli7Fo
U9fFue%2FkSrxDeUe%2BHxwSvghNGs%3D&K=40900990-449e-455d-b664-4bbcba8e5582&CMID=n
ull&D=637460089340659443&PID=18015&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
|
