Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0192 Microsoft Patch Tuesday update for Microsoft Developer Tools for October 2021 13 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET 5.0 Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Operating System: Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-41355 CVE-2021-3450 CVE-2021-3449 CVE-2020-1971 Reference: ASB-2021.0145 ASB-2021.0139 ASB-2021.0135 ASB-2021.0134 ESB-2021.2259.2 ESB-2021.1075 OVERVIEW Microsoft has released its monthly security patch update for the month of October 2021. This update resolves 4 vulnerabilities across the following products: [1] .NET 5.0 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Microsoft Visual Studio 2019 version 16.7 (includes 16.0 ? 16.6) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-1971 Denial of Service Important CVE-2021-3449 Denial of Service Important CVE-2021-3450 Information Disclosure Important CVE-2021-41355 Information Disclosure Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYWZsPONLKJtyKPYoAQh9dw/9EK32JHalGq6brqaRwPWkFsnYkfKEnJzV DBJcnLonup3y3Kj21UrZGp8aEHQgREs0QX5JPLjtok3slPmZba41bqI4HKVBKMiC SPNfvCf2+oSMM1h1d/WQxgjQA6Q1Bq3aO9AyW1mKG/Jxsmlw0f3hp15+3l1NHvVb aYDTMKLB0Xe38tNBn81wV5MTwSPPtZ7uAD35JpeTgml2FIJRN8ny6xTxs+niL5/f hLSZy+hiXkuyjUCgaDiM95z6lq41px/J8qJLsVYh4IFCJtKuEwdpXIoE38i7HFoB fW96Wo0puQb7On0hMvXZmyxOoUdvBvyqTESyeS5gXtmW2JOQmuXiXLOv9sbk6X0y mk5xYxxhHP9UmaQSnDFCmmj/h7rMUUcUp9VL94cF2UqfewzvJb+Vgytanjfgc0W3 8iP63dn/yuq3ZfS7oUsPtGwLCwfMHZ7wC6uSO7BwAJ/WJBDlm3af3hx1cm5l6Vwv 2E6lWCcPHnxyfnqFu5B5YmA4ZzmZgEomew4vQA5f0Ac1DGVDmZV2zWUt6kRk6U/V 9h80nTFr86IGlYBR1DEavpWjWPc5aCwtn2AympKrIgpfGg3vom+z6pXNBAEbqbu1 UpxjaKSlUzi23DULETtuqXwIgXLZdL4khp6keaQKg4j8h1LPoabUwdvQ+k56m3AR 2kwLbqQOXcs= =KA7T -----END PGP SIGNATURE-----