Microsoft Updates
2848Warning Date
Severity Level
Warning Number
Target Sector
13 January, 2021
● High
2021-2310
All
Description:
Microsoft has released a security updates to address several vulnerabilities in the following products:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Visual Studio
- SQL Server
- Microsoft Malware Protection Engine
- .NET Core
- .NET Repository
- ASP .NET
- Azure
- Azure Active Directory Pod Identity
- Microsoft Bluetooth Driver
- Microsoft DTV-DVD Video Decoder
- Microsoft Graphics Component
- Microsoft Office SharePoint
- Microsoft RPC
- Microsoft Windows DNS
- SQL Server
- Windows AppX Deployment Extensions
- Windows CryptoAPI
- Windows CSC Service
- Windows Diagnostic Hub
- Windows DP API
- Windows Event Logging Service
- Windows Event Tracing
- Windows Hyper-V
- Windows Installer
- Windows Kernel
- Windows Media
- Windows NTLM
- Windows Print Spooler Components
- Windows Projected File System Filter Driver
- Windows Remote Desktop
- Windows Remote Procedure Call Runtime
- Windows splwow64
- Windows TPM Device Driver
- Windows Update Stack
- Windows WalletService
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Spoofing
- Security feature bypass
- Execute arbitrary code - remotely
- Memory corruption
- Elevation of Privilege
- Unauthorized disclosure of information
- Denial of Service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:
Update Instructions: