Hash: SHA256

                         AUSCERT Security Bulletin

        Microsoft Patch Tuesday update for Windows for January 2021
                              13 January 2021


        AusCERT Security Bulletin Summary

Product:              Microsoft Windows
Operating System:     Windows
Impact/Access:        Increased Privileges            -- Remote/Unauthenticated      
                      Execute Arbitrary Code/Commands -- Existing Account            
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Existing Account            
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2021-1710 CVE-2021-1709 CVE-2021-1708
                      CVE-2021-1706 CVE-2021-1704 CVE-2021-1703
                      CVE-2021-1702 CVE-2021-1701 CVE-2021-1700
                      CVE-2021-1699 CVE-2021-1697 CVE-2021-1696
                      CVE-2021-1695 CVE-2021-1694 CVE-2021-1693
                      CVE-2021-1692 CVE-2021-1691 CVE-2021-1690
                      CVE-2021-1689 CVE-2021-1688 CVE-2021-1687
                      CVE-2021-1686 CVE-2021-1685 CVE-2021-1684
                      CVE-2021-1683 CVE-2021-1682 CVE-2021-1681
                      CVE-2021-1680 CVE-2021-1679 CVE-2021-1678
                      CVE-2021-1676 CVE-2021-1674 CVE-2021-1673
                      CVE-2021-1672 CVE-2021-1671 CVE-2021-1670
                      CVE-2021-1669 CVE-2021-1668 CVE-2021-1667
                      CVE-2021-1666 CVE-2021-1665 CVE-2021-1664
                      CVE-2021-1663 CVE-2021-1662 CVE-2021-1661
                      CVE-2021-1660 CVE-2021-1659 CVE-2021-1658
                      CVE-2021-1657 CVE-2021-1656 CVE-2021-1655
                      CVE-2021-1654 CVE-2021-1653 CVE-2021-1652
                      CVE-2021-1651 CVE-2021-1650 CVE-2021-1649
                      CVE-2021-1648 CVE-2021-1646 CVE-2021-1645
                      CVE-2021-1644 CVE-2021-1643 CVE-2021-1642
                      CVE-2021-1638 CVE-2021-1637 
Member content until: Friday, February 12 2021
Reference:            ASB-2021.0006


        Microsoft has released its monthly security patch update for the
        month of January 2021.
        This update resolves 65 vulnerabilities across the following
        products: [1]
         HEVC Video Extensions
         Microsoft Remote Desktop
         Remote Desktop client
         Windows 10
         Windows 8.1
         Windows RT 8.1
         Windows Server
         Windows Server 2012
         Windows Server 2012 R2
         Windows Server 2016
         Windows Server 2019


        Microsoft has given the following details regarding these vulnerabilities.
         Details         Impact                   Severity
         CVE-2021-1637   Information Disclosure   Important
         CVE-2021-1638   Security Feature Bypass  Important
         CVE-2021-1642   Elevation of Privilege   Important
         CVE-2021-1643   Remote Code Execution    Critical
         CVE-2021-1644   Remote Code Execution    Important
         CVE-2021-1645   Information Disclosure   Important
         CVE-2021-1646   Elevation of Privilege   Important
         CVE-2021-1648   Elevation of Privilege   Important
         CVE-2021-1649   Elevation of Privilege   Important
         CVE-2021-1650   Elevation of Privilege   Important
         CVE-2021-1651   Elevation of Privilege   Important
         CVE-2021-1652   Elevation of Privilege   Important
         CVE-2021-1653   Elevation of Privilege   Important
         CVE-2021-1654   Elevation of Privilege   Important
         CVE-2021-1655   Elevation of Privilege   Important
         CVE-2021-1656   Information Disclosure   Important
         CVE-2021-1657   Remote Code Execution    Important
         CVE-2021-1658   Remote Code Execution    Critical
         CVE-2021-1659   Elevation of Privilege   Important
         CVE-2021-1660   Remote Code Execution    Critical
         CVE-2021-1661   Elevation of Privilege   Important
         CVE-2021-1662   Elevation of Privilege   Important
         CVE-2021-1663   Information Disclosure   Important
         CVE-2021-1664   Remote Code Execution    Important
         CVE-2021-1665   Remote Code Execution    Critical
         CVE-2021-1666   Remote Code Execution    Critical
         CVE-2021-1667   Remote Code Execution    Critical
         CVE-2021-1668   Remote Code Execution    Critical
         CVE-2021-1669   Security Feature Bypass  Important
         CVE-2021-1670   Information Disclosure   Important
         CVE-2021-1671   Remote Code Execution    Important
         CVE-2021-1672   Information Disclosure   Important
         CVE-2021-1673   Remote Code Execution    Critical
         CVE-2021-1674   Security Feature Bypass  Important
         CVE-2021-1676   Information Disclosure   Important
         CVE-2021-1678   Security Feature Bypass  Important
         CVE-2021-1679   Denial of Service        Important
         CVE-2021-1680   Elevation of Privilege   Important
         CVE-2021-1681   Elevation of Privilege   Important
         CVE-2021-1682   Elevation of Privilege   Important
         CVE-2021-1683   Security Feature Bypass  Important
         CVE-2021-1684   Security Feature Bypass  Important
         CVE-2021-1685   Elevation of Privilege   Important
         CVE-2021-1686   Elevation of Privilege   Important
         CVE-2021-1687   Elevation of Privilege   Important
         CVE-2021-1688   Elevation of Privilege   Important
         CVE-2021-1689   Elevation of Privilege   Important
         CVE-2021-1690   Elevation of Privilege   Important
         CVE-2021-1691   Denial of Service        Important
         CVE-2021-1692   Denial of Service        Important
         CVE-2021-1693   Elevation of Privilege   Important
         CVE-2021-1694   Elevation of Privilege   Important
         CVE-2021-1695   Elevation of Privilege   Important
         CVE-2021-1696   Information Disclosure   Important
         CVE-2021-1697   Elevation of Privilege   Important
         CVE-2021-1699   Information Disclosure   Important
         CVE-2021-1700   Remote Code Execution    Important
         CVE-2021-1701   Remote Code Execution    Important
         CVE-2021-1702   Elevation of Privilege   Important
         CVE-2021-1703   Elevation of Privilege   Important
         CVE-2021-1704   Elevation of Privilege   Important
         CVE-2021-1706   Elevation of Privilege   Important
         CVE-2021-1708   Information Disclosure   Important
         CVE-2021-1709   Elevation of Privilege   Important
         CVE-2021-1710   Remote Code Execution    Important


        Microsoft recommends updating the software to the latest available
        version available on the Microsoft Update Catalog. [1].


        [1] Microsoft Security Update Guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967