Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0010
Microsoft Patch Tuesday update for Windows for January 2021
13 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Windows
Operating System: Windows
Impact/Access: Increased Privileges -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Existing Account
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1710 CVE-2021-1709 CVE-2021-1708
CVE-2021-1706 CVE-2021-1704 CVE-2021-1703
CVE-2021-1702 CVE-2021-1701 CVE-2021-1700
CVE-2021-1699 CVE-2021-1697 CVE-2021-1696
CVE-2021-1695 CVE-2021-1694 CVE-2021-1693
CVE-2021-1692 CVE-2021-1691 CVE-2021-1690
CVE-2021-1689 CVE-2021-1688 CVE-2021-1687
CVE-2021-1686 CVE-2021-1685 CVE-2021-1684
CVE-2021-1683 CVE-2021-1682 CVE-2021-1681
CVE-2021-1680 CVE-2021-1679 CVE-2021-1678
CVE-2021-1676 CVE-2021-1674 CVE-2021-1673
CVE-2021-1672 CVE-2021-1671 CVE-2021-1670
CVE-2021-1669 CVE-2021-1668 CVE-2021-1667
CVE-2021-1666 CVE-2021-1665 CVE-2021-1664
CVE-2021-1663 CVE-2021-1662 CVE-2021-1661
CVE-2021-1660 CVE-2021-1659 CVE-2021-1658
CVE-2021-1657 CVE-2021-1656 CVE-2021-1655
CVE-2021-1654 CVE-2021-1653 CVE-2021-1652
CVE-2021-1651 CVE-2021-1650 CVE-2021-1649
CVE-2021-1648 CVE-2021-1646 CVE-2021-1645
CVE-2021-1644 CVE-2021-1643 CVE-2021-1642
CVE-2021-1638 CVE-2021-1637
Member content until: Friday, February 12 2021
Reference: ASB-2021.0006
ASB-2021.0005
ASB-2021.0003
OVERVIEW
Microsoft has released its monthly security patch update for the
month of January 2021.
This update resolves 65 vulnerabilities across the following
products: [1]
HEVC Video Extensions
Microsoft Remote Desktop
Remote Desktop client
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2021-1637 Information Disclosure Important
CVE-2021-1638 Security Feature Bypass Important
CVE-2021-1642 Elevation of Privilege Important
CVE-2021-1643 Remote Code Execution Critical
CVE-2021-1644 Remote Code Execution Important
CVE-2021-1645 Information Disclosure Important
CVE-2021-1646 Elevation of Privilege Important
CVE-2021-1648 Elevation of Privilege Important
CVE-2021-1649 Elevation of Privilege Important
CVE-2021-1650 Elevation of Privilege Important
CVE-2021-1651 Elevation of Privilege Important
CVE-2021-1652 Elevation of Privilege Important
CVE-2021-1653 Elevation of Privilege Important
CVE-2021-1654 Elevation of Privilege Important
CVE-2021-1655 Elevation of Privilege Important
CVE-2021-1656 Information Disclosure Important
CVE-2021-1657 Remote Code Execution Important
CVE-2021-1658 Remote Code Execution Critical
CVE-2021-1659 Elevation of Privilege Important
CVE-2021-1660 Remote Code Execution Critical
CVE-2021-1661 Elevation of Privilege Important
CVE-2021-1662 Elevation of Privilege Important
CVE-2021-1663 Information Disclosure Important
CVE-2021-1664 Remote Code Execution Important
CVE-2021-1665 Remote Code Execution Critical
CVE-2021-1666 Remote Code Execution Critical
CVE-2021-1667 Remote Code Execution Critical
CVE-2021-1668 Remote Code Execution Critical
CVE-2021-1669 Security Feature Bypass Important
CVE-2021-1670 Information Disclosure Important
CVE-2021-1671 Remote Code Execution Important
CVE-2021-1672 Information Disclosure Important
CVE-2021-1673 Remote Code Execution Critical
CVE-2021-1674 Security Feature Bypass Important
CVE-2021-1676 Information Disclosure Important
CVE-2021-1678 Security Feature Bypass Important
CVE-2021-1679 Denial of Service Important
CVE-2021-1680 Elevation of Privilege Important
CVE-2021-1681 Elevation of Privilege Important
CVE-2021-1682 Elevation of Privilege Important
CVE-2021-1683 Security Feature Bypass Important
CVE-2021-1684 Security Feature Bypass Important
CVE-2021-1685 Elevation of Privilege Important
CVE-2021-1686 Elevation of Privilege Important
CVE-2021-1687 Elevation of Privilege Important
CVE-2021-1688 Elevation of Privilege Important
CVE-2021-1689 Elevation of Privilege Important
CVE-2021-1690 Elevation of Privilege Important
CVE-2021-1691 Denial of Service Important
CVE-2021-1692 Denial of Service Important
CVE-2021-1693 Elevation of Privilege Important
CVE-2021-1694 Elevation of Privilege Important
CVE-2021-1695 Elevation of Privilege Important
CVE-2021-1696 Information Disclosure Important
CVE-2021-1697 Elevation of Privilege Important
CVE-2021-1699 Information Disclosure Important
CVE-2021-1700 Remote Code Execution Important
CVE-2021-1701 Remote Code Execution Important
CVE-2021-1702 Elevation of Privilege Important
CVE-2021-1703 Elevation of Privilege Important
CVE-2021-1704 Elevation of Privilege Important
CVE-2021-1706 Elevation of Privilege Important
CVE-2021-1708 Information Disclosure Important
CVE-2021-1709 Elevation of Privilege Important
CVE-2021-1710 Remote Code Execution Important
MITIGATION
Microsoft recommends updating the software to the latest available
version available on the Microsoft Update Catalog. [1].
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX/5hHONLKJtyKPYoAQimCRAAlY5cPY9l4LfUeOfYlYTfxp5cqgW1y7IV
xCnFUKklL2Rk3T+qUDH85W4x+BNeGdV4bPY8sVOcMPTPrVQwTxRnjAyIFY04MdSa
Rj8NvSl3IBZzGOJ76+E9323ndV7Z1xRRYP0hRxT0MnVcHYHBtjG00VGHHCcbMEU3
uA09SJXAP+sVqYPXKncK6SGTSr9lKtnN7u9Rh8u1GMzyXcsvKItIgCqnisvXonO7
93NL5eWcs3wqxeLZ7lsac8oA8dhPfqes4nKbRv2+AwFMMKSwRXQ1eZpEi2ITlJWL
BNjYTNPZbYlFsENrMmBqaACqhy5AsGknqUGMkLj+lxWPPm4TcRqbv4uqRzKHwkw1
HVj6XuChaOPKdV8p4yGQLUqA6KzjGqQEzBBWd0v5i2moS7+a4C+Mk0oref1hXmar
VwEenH2ibwJaRChfBXdXxifN88fCP9Kgeqixy+UEn3UalmW7hMCUnBgsRSkeMa+K
yXizmEe4WTY4jpR629RdnE+Lk2NGpTFrbXGi326aU5A41aBjSdqAI9XcnjrTKivZ
30bnaQsM4dQYzbWvm3LqG9xN4+BGFq84I2QcLH7cddggr3CDRABotYxJGa2v2pam
sP9NNCbYkgESCWC5UATrhQoxvS6Mcu+4zL5sRhAbWafglObXXrweVqSbCB6JCju9
KJM1f8RI1Q4=
=E9U7
-----END PGP SIGNATURE-----