Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0183.2 Microsoft Patch Tuesday update for Azure for September 2021 21 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Accessibility Insights for Android Azure Open Management Infrastructure Azure Sphere Azure Automation Update Management Azure Automation State Configuration, DSC Extension Azure Stack Hub Azure Sentinel Container Monitoring Solution Azure Diagnostics (LAD) Log Analytics Agent System Center Operations Manager (SCOM) Operating System: Windows Android UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-40448 CVE-2021-38649 CVE-2021-38648 CVE-2021-38647 CVE-2021-38645 CVE-2021-36956 Revision History: September 21 2021: Added additional affected products for CVE-2021-38647 September 15 2021: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of September 2021. This update resolves 6 vulnerabilities across the following product(s): [1] Accessibility Insights for Android Azure Open Management Infrastructure Azure Sphere --------------------UPDATE 21/09/2021-------------------- Additional affected products listed for CVE-2021-38647: [1] Azure Automation Update Management Azure Automation State Configuration, DSC Extension Azure Stack Hub Azure Sentinel Container Monitoring Solution Azure Diagnostics (LAD) Log Analytics Agent System Center Operations Manager (SCOM) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-36956 Information Disclosure Important CVE-2021-38645 Elevation of Privilege Important CVE-2021-38647 Remote Code Execution Critical CVE-2021-38648 Elevation of Privilege Important CVE-2021-38649 Elevation of Privilege Important CVE-2021-40448 Information Disclosure Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUlsZuNLKJtyKPYoAQhR/g//ZefMDXqRU3UFaAyg7cFnFlgXL/Fpw2J9 ohBYz8T51m944i0aZt4vZe5UHAajO/E+FHKiYc2kxuREpK1bpw5SFTfRg2XcNUpz 6VzlRh4i83HUb4go3Fb8NyWGtRtc4CmBs2Ks9oqJMcM//hKVvc0T0JNFjHcVM7qS 5vM4RHvHE5qhnVWAqQn26toaqRYHNg7CPz8oqUcovPBTpMxe6JNuaDejqcBy1O3K COaiKI9CyP+gu6bMLZJaIJHgGIf/NI5/xQ6SNn8SzuK7SeE6xQ3/f1zWjw52yczN buYYkrZJhwEpCOLx6exudAR03OJJKtMzbCVMVn4HV4vo3Zps2HFIU57+oBXGEHXA oEt2TA+9TJFOBbhJjFGkhBjXj0iXTLzeXji43LvilRL2PXiI2acH0RaxrKZ8Fo4b ABIvA4ZzIYswR0YAvV+Eyo/N3yMaeKOcZD/nLJEU6DkIWl21edkgtI2m7xUm+r/x ISDfVDV6//xptRefVp0SYBCFuWkfQc3uf9kmV4Q0Qb9QtYE6me5PWxe42mSH2SIb a0q7fUf4RyGZPJGwuBPaxBOvOPnTfqEBeTeASM6LXvb20ehU93hpAkpCyQ7kGOnc MPyPUyHcrJgttliB+hsw+njvHJtRZZ3k3K08FaxA9QRRh5PDjAHsKS59LobSVoxF 8FoQ0Q5hAbo= =kM4B -----END PGP SIGNATURE-----