-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
*******************************************************************************
*******
Title: Microsoft Security Update Releases
Issued: March 16, 2021 ********************************************************
******************************
Summary
=======
The following CVEs have undergone a major revision increment:
Critical CVEs
============================
* CVE-2021-26855 -
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
* CVE-2021-27065 -
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065
* CVE-2021-26857 -
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
Important CVEs
============================
* CVE-2021-26858 -
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858
Publication information
===========================
- Microsoft Exchange Server Remote Code Execution Vulnerability
- See preceding list for links
- Version 5.0
- Reason for Revision: Microsoft is releasing a security update for
CVE-2021-27065,
CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange
Server
2013 Service Pack 1. This update addresses only those CVEs. Customers who
want to be
protected from these vulnerabilities can apply this update if they are not on
a
supported cumulative update. Microsoft strongly recommends that customers
update to
the latest supported cumulative updates.
- Originally posted: March 2, 2021
- Updated: March 16, 2021
===============================================================================
========
The following Chrome CVEs have been released on March 15, 2021.
These CVE were assigned by Chrome. Microsoft Edge (Chromium-based) ingests
Chromium,
which addresses these vulnerabilities. Please see Google Chrome Releases
(https://chromereleases.googleblog.com/2021) for more information.
See https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-
cves-assigned-by-industry-partners/
for more information about third-party CVEs in the Security Update Guide.
*CVE-2021-21191
*CVE-2021-21192
*CVE-2021-21193
Revision Information:
=====================
- Version 1.0
- Reason for Revision: Information published.
- Originally posted: March 15, 2021
===============================================================================
========
The following CVEs have undergone revision increments:
*CVE-2021-27054
*CVE-2021-27057
*CVE-2021-26701
*CVE-2020-16996
*CVE-2020-17163
*CVE-2021-26887
*CVE-2021-27084
- CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27054
- Version 2.0
- Reason for Revision: Microsoft is announcing the availability of the security
updates
for Microsoft Office for Mac. Customers running affected Mac software should
install
the update for their product to be protected from this vulnerability.
Customers
running other Microsoft Office software do not need to take any action. See
the
[Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
information
and download links.
- Originally posted: March 9, 2021
- Updated: March 16, 2021
- Aggregate CVE Severity Rating: Important
- CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27057
- Version 2.0
- Reason for Revision: Microsoft is announcing the availability of the security
updates
for Microsoft Office for Mac. Customers running affected Mac software should
install
the update for their product to be protected from this vulnerability.
Customers
running other Microsoft Office software do not need to take any action. See
the
[Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
information
and download links.
- Originally posted: March 9, 2021
- Updated: March 16, 2021
- Aggregate CVE Severity Rating: Important
- CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701
- Version 3.0
- Reason for Revision: Revised the Security Updates table to include PowerShell
Core 7.0
and PowerShell Core 7.1 because these versions of PowerShell Core are also
affected by
this vulnerability. See
https://github.com/PowerShell/Announcements-Internal/issues/23
for more information. Added Visual Studio 2019 for Mac to the Security
Updates table
as it is also affected by this vulnerability.
- Originally posted: February 9, 2021
- Updated: March 12, 2021
- Aggregate CVE Severity Rating: Critical
- CVE-2020-16996 | Kerberos Security Feature Bypass Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16996
- Version 2.0
- Reason for Revision: Microsoft is announcing the release of the second phase
of the
Windows security updates to address this vulnerability. March 9, 2021 and
superseding Windows updates enable enforcement mode on all Active Directory
domain
controllers (DCs). These DCs will now be in Enforcement mode unless the
enforcement
mode registry key is set to 1 (Disabled). If the Enforcement mode registry
key is set,
the setting will be honored. Going to Enforcement mode requires that all
Active
Directory domain controllers have the December 8, 2020 update or a later
update installed.
Microsoft strongly recommends that customers install the March 9. 2021
updates to be
fully protected from this vulnerability. Customers whose Windows devices are
configured
to receive automatic updates do not need to take any further action.
- Originally posted: December 8, 2020
- Updated: March 12, 2021
- Aggregate CVE Severity Rating: Important
- CVE-2020-17163 | Visual Studio Code Python Extension Remote Code Execution
Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27084
- Version 1.0
- Reason for Revision: Information published.
- Originally posted: March 16, 2021
- Updated: N/A
- Aggregate CVE Severity Rating: Important
- CVE-2021-26887 | Microsoft Windows Folder Redirection Elevation of Privilege
Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26887
- Version 1.1
- Reason for Revision: The instructions in the article,
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-se
rver-2012-R2-and-2012/jj649078(v%3dws.11),
have been updated since this CVE was released on March 9, 2021. Microsoft
recommends
that customers re-visit the article ensure their systems are properly
configured to be
protected against this vulnerability. This elevation of privilege
vulnerability can only
be addressed by reconfiguring Folder Redirection with Offline files and
restricting
permissions, and NOT via a security update for affected Windows Servers.
- Originally posted: March 9, 2021
- Updated: March 15, 2021
- Aggregate CVE Severity Rating: Important
- CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution
Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27084
- Version 1.1
- Reason for Revision: Corrected Download and Article links in the Security
Updates
table. This is an informational change only.
- Originally posted: March 9, 2021
- Updated: March 12, 2021
- Aggregate CVE Severity Rating: Important
*******************************************************************************
*******
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers: ==================
====================================================================
If you receive an email message that claims to be distributing a Microsoft
security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all
security
notifications. However, PGP is not required for reading security notifications,
reading security bulletins, or installing security updates. You can obtain the
MSRC
public PGP key at <https://technet.microsoft.com/security/dn753714>.
*******************************************************************************
*******
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS"
WITHOUT
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
IMPLIED,
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE
BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. **************
************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at
<http://go.microsoft.com/fwlink/?LinkId=81184>.
If you would prefer not to receive future technical security notification alerts
by
email from Microsoft and its family of companies please visit the following
website
to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.
These settings will not affect any newsletters you�ve requested or any
mandatory
service communications that are considered part of certain Microsoft services.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
We would love to get your feedback on your experience with these
security notifications. Please help us improve your security
notifications experience by filling out the form here: https://forms.office.co
m/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR4ekF0eHYitGhfGrzmE_ydpUQUdMQU
kzMFQwQzdYSjFBOTlXTjZWMDRRTi4u
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
https://account.microsoft.com/profile/unsubscribe?CTID=0&ECID=gWznSSnomZayXY0aa
LqBOfTcW1ofI1Ww8Tvx5luTwqo%3D&K=84ddd0b0-0a6a-4c50-ae96-804c907230a4&CMID=null&
D=637515116129287113&PID=18015&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEg0iscncjmT22JxoVtl38EsTnIbgFAmBRSU4ACgkQtl38EsTn
Ibg+sAf+Ka6JCKLdlDFvmeaVPIAyHi4mt0vNdXTN1Z3XFemeaONJk8KdAQ3Cc84t
zB4O++gzJjooEJaPVd+xEobeCx8W99EvVTd22XtR1XWkqTxfZbE2Y+DVCC37Wi0+
5jL1geviJgFqwSDhKTycBulHmPBrWRxjHoYD1m6bS4EUS9v06p+lkIyGjrBugJaG
2Dtn3Hpes816aU+d23LLGeF4JejMrN94RPL30ObboBdTSKCHIlHBfUkqKJqTVhc1
vuBrl5kUCgg3FvZUCYETntChEWwDvy129fMyO7qXaTO3Pu7S9KCvFf8TKqHopBWS
651rW7g3cOsCo6XlZy0wof/qPgw/Kw==
=ugke
-----END PGP SIGNATURE-----
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
https://account.microsoft.com/profile/unsubscribe?CTID=0&ECID=gWznSSnomZayXY0aa
LqBOfTcW1ofI1Ww8Tvx5luTwqo%3D&K=84ddd0b0-0a6a-4c50-ae96-804c907230a4&CMID=null&
D=637515116129287113&PID=18015&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
|
