News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Microsoft Security Response Center

    Home Forums Admin IT Lounge Microsoft Security Response Center

    Viewing 1 reply thread
    • Author
      Posts
      • #2348182
        Alex5723
        AskWoody Plus

        Security Update Guide Supports CVEs Assigned by Industry Partners

        Hi Folks,

        This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA.

        First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was started back in 1999 and is funded by the US federal government, currently out of the Cybersecurity and Infrastructure Security Agency (CISA). The MITRE Corporation is paid by CISA to administer the program. There is a board which consists of numerous cybersecurity-related organizations, including commercial security tool vendors, academia, research institutions, government departments and agencies, and other security experts, as well as end users of vulnerability information…

        The days of closed, single source proprietary products are really behind us now. This can make the job of ensuring that vulnerabilities are patched in a complex enterprise environment quite challenging. It is with this thought in mind that we are introducing this new Assigning CNA field. We will use this field if a vulnerability has been identified and addressed in an Open Source Library that is bundled in a Microsoft product…

        Microsoft: The following Chrome CVEs have been released on March 4, 2021.

        These CVE were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium,
        which addresses these vulnerabilities. Please see Google Chrome Releases
        (https://chromereleases.googleblog.com/2021
        ) for more information.

        See
        for more information about third-party CVEs in the Security Update Guide.

        *CVE-2021-21159 *CVE-2021-21175
        *CVE-2021-21160 *CVE-2021-21176
        *CVE-2021-21161 *CVE-2021-21177
        *CVE-2021-21162 *CVE-2021-21178
        *CVE-2021-21163 *CVE-2021-21179
        *CVE-2021-21164 *CVE-2021-21180
        *CVE-2021-21165 *CVE-2021-27844
        *CVE-2021-21166 *CVE-2020-21181
        *CVE-2021-21167 *CVE-2021-21182
        *CVE-2021-21168 *CVE-2021-21183
        *CVE-2021-21169 *CVE-2021-21184
        *CVE-2021-21170 *CVE-2021-21185
        *CVE-2021-21171 *CVE-2021-21186
        *CVE-2021-21172 *CVE-2021-21187
        *CVE-2021-21173 *CVE-2021-21188
        *CVE-2021-21174 *CVE-2021-21189
        *CVE-2021-21190
        Revision Information:
        =====================

        – Version 1.0
        – Reason for Revision: Information published.
        – Originally posted: March 4, 2021

        • This topic was modified 1 month, 1 week ago by Alex5723.
      • #2348236
        Susan Bradley
        Manager

        I don’t like their new format.  Let information, more for me to have to dig out and interpret.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Microsoft Security Response Center

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.