Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0010 Microsoft Patch Tuesday update for Windows for January 2021 13 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Increased Privileges -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Remote with User Interaction Access Confidential Data -- Existing Account Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-1710 CVE-2021-1709 CVE-2021-1708 CVE-2021-1706 CVE-2021-1704 CVE-2021-1703 CVE-2021-1702 CVE-2021-1701 CVE-2021-1700 CVE-2021-1699 CVE-2021-1697 CVE-2021-1696 CVE-2021-1695 CVE-2021-1694 CVE-2021-1693 CVE-2021-1692 CVE-2021-1691 CVE-2021-1690 CVE-2021-1689 CVE-2021-1688 CVE-2021-1687 CVE-2021-1686 CVE-2021-1685 CVE-2021-1684 CVE-2021-1683 CVE-2021-1682 CVE-2021-1681 CVE-2021-1680 CVE-2021-1679 CVE-2021-1678 CVE-2021-1676 CVE-2021-1674 CVE-2021-1673 CVE-2021-1672 CVE-2021-1671 CVE-2021-1670 CVE-2021-1669 CVE-2021-1668 CVE-2021-1667 CVE-2021-1666 CVE-2021-1665 CVE-2021-1664 CVE-2021-1663 CVE-2021-1662 CVE-2021-1661 CVE-2021-1660 CVE-2021-1659 CVE-2021-1658 CVE-2021-1657 CVE-2021-1656 CVE-2021-1655 CVE-2021-1654 CVE-2021-1653 CVE-2021-1652 CVE-2021-1651 CVE-2021-1650 CVE-2021-1649 CVE-2021-1648 CVE-2021-1646 CVE-2021-1645 CVE-2021-1644 CVE-2021-1643 CVE-2021-1642 CVE-2021-1638 CVE-2021-1637 Member content until: Friday, February 12 2021 Reference: ASB-2021.0006 ASB-2021.0005 ASB-2021.0003 OVERVIEW Microsoft has released its monthly security patch update for the month of January 2021. This update resolves 65 vulnerabilities across the following products: [1] HEVC Video Extensions Microsoft Remote Desktop Remote Desktop client Windows 10 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-1637 Information Disclosure Important CVE-2021-1638 Security Feature Bypass Important CVE-2021-1642 Elevation of Privilege Important CVE-2021-1643 Remote Code Execution Critical CVE-2021-1644 Remote Code Execution Important CVE-2021-1645 Information Disclosure Important CVE-2021-1646 Elevation of Privilege Important CVE-2021-1648 Elevation of Privilege Important CVE-2021-1649 Elevation of Privilege Important CVE-2021-1650 Elevation of Privilege Important CVE-2021-1651 Elevation of Privilege Important CVE-2021-1652 Elevation of Privilege Important CVE-2021-1653 Elevation of Privilege Important CVE-2021-1654 Elevation of Privilege Important CVE-2021-1655 Elevation of Privilege Important CVE-2021-1656 Information Disclosure Important CVE-2021-1657 Remote Code Execution Important CVE-2021-1658 Remote Code Execution Critical CVE-2021-1659 Elevation of Privilege Important CVE-2021-1660 Remote Code Execution Critical CVE-2021-1661 Elevation of Privilege Important CVE-2021-1662 Elevation of Privilege Important CVE-2021-1663 Information Disclosure Important CVE-2021-1664 Remote Code Execution Important CVE-2021-1665 Remote Code Execution Critical CVE-2021-1666 Remote Code Execution Critical CVE-2021-1667 Remote Code Execution Critical CVE-2021-1668 Remote Code Execution Critical CVE-2021-1669 Security Feature Bypass Important CVE-2021-1670 Information Disclosure Important CVE-2021-1671 Remote Code Execution Important CVE-2021-1672 Information Disclosure Important CVE-2021-1673 Remote Code Execution Critical CVE-2021-1674 Security Feature Bypass Important CVE-2021-1676 Information Disclosure Important CVE-2021-1678 Security Feature Bypass Important CVE-2021-1679 Denial of Service Important CVE-2021-1680 Elevation of Privilege Important CVE-2021-1681 Elevation of Privilege Important CVE-2021-1682 Elevation of Privilege Important CVE-2021-1683 Security Feature Bypass Important CVE-2021-1684 Security Feature Bypass Important CVE-2021-1685 Elevation of Privilege Important CVE-2021-1686 Elevation of Privilege Important CVE-2021-1687 Elevation of Privilege Important CVE-2021-1688 Elevation of Privilege Important CVE-2021-1689 Elevation of Privilege Important CVE-2021-1690 Elevation of Privilege Important CVE-2021-1691 Denial of Service Important CVE-2021-1692 Denial of Service Important CVE-2021-1693 Elevation of Privilege Important CVE-2021-1694 Elevation of Privilege Important CVE-2021-1695 Elevation of Privilege Important CVE-2021-1696 Information Disclosure Important CVE-2021-1697 Elevation of Privilege Important CVE-2021-1699 Information Disclosure Important CVE-2021-1700 Remote Code Execution Important CVE-2021-1701 Remote Code Execution Important CVE-2021-1702 Elevation of Privilege Important CVE-2021-1703 Elevation of Privilege Important CVE-2021-1704 Elevation of Privilege Important CVE-2021-1706 Elevation of Privilege Important CVE-2021-1708 Information Disclosure Important CVE-2021-1709 Elevation of Privilege Important CVE-2021-1710 Remote Code Execution Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/5hHONLKJtyKPYoAQimCRAAlY5cPY9l4LfUeOfYlYTfxp5cqgW1y7IV xCnFUKklL2Rk3T+qUDH85W4x+BNeGdV4bPY8sVOcMPTPrVQwTxRnjAyIFY04MdSa Rj8NvSl3IBZzGOJ76+E9323ndV7Z1xRRYP0hRxT0MnVcHYHBtjG00VGHHCcbMEU3 uA09SJXAP+sVqYPXKncK6SGTSr9lKtnN7u9Rh8u1GMzyXcsvKItIgCqnisvXonO7 93NL5eWcs3wqxeLZ7lsac8oA8dhPfqes4nKbRv2+AwFMMKSwRXQ1eZpEi2ITlJWL BNjYTNPZbYlFsENrMmBqaACqhy5AsGknqUGMkLj+lxWPPm4TcRqbv4uqRzKHwkw1 HVj6XuChaOPKdV8p4yGQLUqA6KzjGqQEzBBWd0v5i2moS7+a4C+Mk0oref1hXmar VwEenH2ibwJaRChfBXdXxifN88fCP9Kgeqixy+UEn3UalmW7hMCUnBgsRSkeMa+K yXizmEe4WTY4jpR629RdnE+Lk2NGpTFrbXGi326aU5A41aBjSdqAI9XcnjrTKivZ 30bnaQsM4dQYzbWvm3LqG9xN4+BGFq84I2QcLH7cddggr3CDRABotYxJGa2v2pam sP9NNCbYkgESCWC5UATrhQoxvS6Mcu+4zL5sRhAbWafglObXXrweVqSbCB6JCju9 KJM1f8RI1Q4= =E9U7 -----END PGP SIGNATURE-----