Security 10816 Published by

Microsoft has update the following CVEs: CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability, CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability, ADV990001 Latest Servicing Stack Updates, and Chrome CVEs for Microsoft Edge.





The following CVEs and advisory have undergone a major revision increment:

* CVE-2021-24067
* CVE-2021-24069
* ADV990001


 - CVE-2021-24067 | Microsoft Excel Remote Code Execution Vulnerability
 -  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24067
 - Version 2.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Microsoft Office for Mac. Customers running affected Mac software
   should install the update for their product to be protected from this vulnerability. 
   Customers running other Microsoft Office software do not need to take any action. 
   See the Release Notes for more information and download links.
 - Originally posted: February 9, 2021
 - Updated: February 16, 2021
 - Aggregate CVE Severity Rating: Important

 - CVE-2021-24069 | Microsoft Excel Remote Code Execution Vulnerability
 -  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24069
 - Version 2.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Microsoft Office for Mac. Customers running affected Mac software
   should install the update for their product to be protected from this vulnerability. 
   Customers running other Microsoft Office software do not need to take any action. 
   See the Release Notes for more information and download links.
 - Originally posted: February 9, 2021
 - Updated: February 16, 2021
 - Aggregate CVE Severity Rating: Important

 - ADV990001 | Latest Servicing Stack Updates
 -  https://msrc.microsoft.com/update-guide/vulnerability/ADV990001
 - Version 33.0
 - Reason for Revision: To address known issues customers might have experienced when
   installing security updates released on February 9, 2021, Microsoft has released
   the following servicing stack updates (SSUs): KB5001078 for all affected editions
   of Windows 10; KB5001079 for all affected editions of Windows 10 Version 1607 and 
   Windows Server 2016. Customers must install the new SSU before installing the
   applicable February 9, 2021 security update.
 - Originally posted: November 13, 2021
 - Updated: February 16, 2021
 - Aggregate CVE Severity Rating: Critical
The following Chrome CVEs have been released on February 17, 2021.

These CVE were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, 
which addresses these vulnerabilities. Please see Google Chrome Releases
( https://chromereleases.googleblog.com/2021) for more information.

See 
 https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/
for more information about third-party CVEs in the Security Update Guide.

* CVE-2021-21149
* CVE-2021-21150
* CVE-2021-21151
* CVE-2021-21152
* CVE-2021-21153
* CVE-2021-21154
* CVE-2021-21155
* CVE-2021-21156
* CVE-2021-21157


Revision Information:
=====================

 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: February 17, 2021
Win10