MA-826.012022: MyCERT Advisory - Microsoft January 2022 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 11 newly reported vulnerabilities, where 8 have been rated critical while the remaining classified as important.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Windows 11
- Windows 10 v21H2, v21H1, v20H2, v1909
- Windows Server 2022
- Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2)
- Windows 8.1, Windows Server 2012 R2, Windows Server 2012
- Microsoft Office
- Microsoft SharePoint
- Microsoft Exchange Server
- Microsoft .NET
- Microsoft Dynamics 365
- Remote Desktop Client for Windows Desktop
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-822.112021: MyCERT Advisory - Microsoft November 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 13 newly reported vulnerabilities, where 8 have been rated critical while the remaining classified as important.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Windows 11
- Windows 10 v21H1, v20H2, v2004, v1909
- Windows Server 2022
- Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, and v2004)
- Windows 8.1, Windows Server 2012 R2, Windows Server 2012
- Visual Studio
- Dynamics 365
- Microsoft Malware Protection Engine
- Microsoft Office
- Microsoft SharePoint
- Microsoft Exchange Server
- Power BI Report Server
- Azure-related software
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2021-Nov
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-820.102021: MyCERT Advisory - Microsoft October 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 12 newly reported vulnerabilities, where 6 have been rated critical while the remaining classified as important.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
Windows 11
Windows Server 2022
Windows 10 v21H1, v20H2, v2004, and v1909
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, and v2004)
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012
Microsoft Office
Microsoft SharePoint
Microsoft Exchange Server
Microsoft .NET
Microsoft Visual Studio
Microsoft Dynamics 365
Microsoft System Center
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-816.092021: MyCERT Advisory - Microsoft September 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 8 newly reported vulnerabilities, where 4 have been rated critical while the remaining classified as important.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Windows 10 v21H1, v20H2, v2004, and v1909
- Windows Server 2022, Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, and v2004)
- Windows 8.1, Windows Server 2012 R2, and Windows Server 2012
- Microsoft Azure-related software
- Microsoft Office-related software
- Microsoft SharePoint-related software
- Microsoft Visual Studio-related software
- Microsoft Dynamics 365-related software
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-813.082021: MyCERT Advisory - Microsoft August 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 11 newly reported vulnerabilities, where 4 have been rated critical while the remaining classified as important.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Windows 10 v21H1, v20H2, v2004, and v1909
- Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, and v2004)
- Windows 8.1, Windows Server 2012 R2, and Windows Server 2012
- Internet Explorer
- Microsoft Office-related software
- Microsoft SharePoint-related software
- Microsoft Visual Studio-related software
- Microsoft Dynamics-related software
- Microsoft .NET-related software
- Microsoft Azure-related software
- Microsoft Malware Protection Engine
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide
https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-812.072021: MyCERT Advisory - Microsoft July 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. Among the critical vulnerability is the official fix for the PrintNightmare print spooler flaw in most versions of Windows (CVE-2021-34527). The detail about this vulnerability can be found at https://www.mycert.org.my/portal/advisory?id=MA-811.072021.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Windows 10 v21H1, v20H2, v2004, and v1909
- Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, and v2004)
- Windows 8.1, Windows Server 2012 R2, and Windows Server 2012 (including Internet Explorer 11)
- Internet Explorer
- Microsoft Office-related software
- Microsoft SharePoint-related software
- Microsoft Exchange Server
- Power BI Report Server
- Microsoft Dynamics 365-related software
- Microsoft .NET-related software
- Microsoft Visual Studio-related software
- Microsoft Malware Protection Engine
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
- https://msrc.microsoft.com/update-guide
- https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-811.072021: MyCERT Advisory - Critical Windows PrintNightmare Vulnerability
1.0 Introduction
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service.
2.0 Impact
A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- All versions of Windows
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:
Generally, MyCERT advises the users of these software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-808.062021: MyCERT Advisory - Microsoft June 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
2.0 Impact
A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- .NET Core & Visual Studio
- 3D Viewer
- Microsoft DWM Core Library
- Microsoft Intune
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Scripting Engine
- Microsoft Windows Codecs Library
- Paint 3D
- Role: Hyper-V
- Visual Studio Code - Kubernetes Tools
- Windows Bind Filter Driver
- Windows Common Log File System Driver
- Windows Cryptographic Services
- Windows DCOM Server
- Windows Defender
- Windows Drivers
- Windows Event Logging Service
- Windows Filter Manager
- Windows HTML Platform
- Windows Installer
- Windows Kerberos
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows Network File System
- Windows NTFS
- Windows NTLM
- Windows Print Spooler Components
- Windows Remote Desktop
- Windows TCP/IP
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:
- https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun
- https://msrc.microsoft.com/update-guide/deployments
Generally, MyCERT advises the users of these applications to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-805.052021: MyCERT Advisory - Microsoft May 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- .NET Core & Visual Studio
- HTTP.sys
- Internet Explorer
- Microsoft Accessibility Insights for Web
- Microsoft Bluetooth Driver
- Microsoft Dynamics Finance & Operations
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Access
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft Windows Codecs Library
- Microsoft Windows IrDA
- Open Source Software
- Role: Hyper-V
- Skype for Business and Microsoft Lync
- Visual Studio
- Visual Studio Code
- Windows Container Isolation FS Filter Driver
- Windows Container Manager Service
- Windows Cryptographic Services
- Windows CSC Service
- Windows Desktop Bridge
- Windows OLE
- Windows Projected File System FS Filter
- Windows RDP Client
- Windows SMB
- Windows SSDP Service
- Windows WalletService
- Windows Wireless Networking
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2021-May
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further inquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2021-May
MA-804.042021: MyCERT Advisory - Microsoft April 2021 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Azure AD Web Sign-in
- Azure DevOps
- Azure Sphere
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Internet Messaging API
- Microsoft NTFS
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft Windows Codecs Library
- Microsoft Windows Speech
- Open Source Software
- Role: DNS Server
- Role: Hyper-V
- Visual Studio
- Visual Studio Code
- Visual Studio Code - GitHub Pull Requests and Issues Extension
- Visual Studio Code - Kubernetes Tools
- Visual Studio Code - Maven for Java Extension
- Windows Application Compatibility Cache
- Windows AppX Deployment Extensions
- Windows Console Driver
- Windows Diagnostic Hub
- Windows Early Launch Antimalware Driver
- Windows ELAM
- Windows Event Tracing
- Windows Installer
- Windows Kernel
- Windows Media Player
- Windows Network File System
- Windows Overlay Filter
- Windows Portmapping
- Windows Registry
- Windows Remote Procedure Call Runtime
- Windows Resource Manager
- Windows Secure Kernel Mode
- Windows Services and Controller App
- Windows SMB Server
- Windows TCP/IP
- Windows Win32K
- Windows WLAN Auto Config Service
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update.
- https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr
- https://us-cert.cisa.gov/ncas/current-activity/2021/04/13/apply-microsoft-april-2021-security-update-mitigate-newly
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further inquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References