Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0132 Microsoft Patch Tuesday update for Microsoft Developer Tools for July 2021 14 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Developer Tool Products Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Provide Misleading Information -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-34529 CVE-2021-34528 CVE-2021-34479 CVE-2021-34477 CVE-2021-33767 OVERVIEW Microsoft has released its monthly security patch update for the month of July 2021. This update resolves 5 vulnerabilities across the following products: [1] .NET Education Bundle SDK Install Tool .NET Install Tool for Extension Authors Open Enclave SDK Visual Studio Code IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-33767 Elevation of Privilege Important CVE-2021-34477 Elevation of Privilege Important CVE-2021-34479 Spoofing Important CVE-2021-34528 Remote Code Execution Important CVE-2021-34529 Remote Code Execution Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYO5YeeNLKJtyKPYoAQgjqw//fGI19G6XH13ywls6OQSn2qvXLGwdLp3P WFbsgbC0jlkaseY2o7Vgxx+pw1aV77tkGrLrTJttClpzrB7R6A/x5JVDQH+4Vggs mw5RjpAl7q1KjP/w8nwTGF2yfocROK3G7VSlhmtppVbMFo3uHjwa0jmxvB9OOuMn c3ENBgmHqCnq4CrMSgpPr/s/yjO++Vq5gZ01nnqtIafdtHcfPTtSsMi5z2PSftOj 4T1wXaXkB9c46Cufvbarlt4yIcz33x/mjli3AH/kAQLAV5i/ewL29FjW66+1bI2O DqvZgwpTKZYjpVUMn/hRLPv7D3Mo/cm2YKrCZdCW+OogKLXva5IoUHTvrnXxD2WV 2bcB/mCw22FEZL+C3Vjku7TZLfilmsUtGCYtwLxVl4EtZVUXPu7VV+DOvavn6lc7 oJeP64/NwgByWf3wqkPtshkKxijJeRHs/vGArVO8NprTM6LX2vtA0kt4N7N1iKY/ fIYvAweWdEl/PYN5ZOEQmP5nqWlprKEQSPrp9fyXF8skp80J4uw05Nd7HRxA5hbh BZEIGmasi0w+YK9etuwHNyV23Xpy9qFQXkbB1i3rLMvviKbKELrR7Uiua9o4FLCQ b9zv84Gacfql2TuOAKYakvpG7iTObBieT88YleO+3DPjY8u4E1enb6HPHnyOWk9O oLjIVqRrW5M= =OB3U -----END PGP SIGNATURE-----