-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: November 22, 2021
**************************************************************************************
Summary
=======
The following CVEs have undergone revision increments.
- CVE-2021-42308 | Microsoft Edge (HTML-based) Spoofing Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308
- Version 1.1
- Reason for Revision: Added an FAQ. This is an information change only.
- Originally posted: November 19, 2021
- Updated: November 22, 2021
- Aggregate CVE Severity Rating: Important
- CVE-2021-43220 | Microsoft Edge for iOS Spoofing Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43220
- Version 1.1
- Reason for Revision: The following revisions have been made: 1) Updated CVSS scores.
2) In the FAQ, corrected the Microsoft Edge (Chromium-based) version number. These
are informational changes only.
- Originally posted: November 19, 2021
- Updated: November 22, 2021
- Aggregate CVE Severity Rating: Moderate
- CVE-2021-43221 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221
- Versions 1.1
- Reason for Revision: The following revisions have been made: 1) Updated CVSS scores.
2) In the FAQ, corrected the Microsoft Edge (Chromium-based) version number. These
are informational changes only.
- Originally posted: November 19, 2021
- Updated: November 22, 2021
- Aggregate CVE Severity Rating: Important
The following CVEs were assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see
Google Chrome Releases (https://chromereleases.googleblog.com/2021) for more information.
See
for more information about third-party CVEs in the Security Update Guide.
* CVE-2021-38005
* CVE-2021-38006
* CVE-2021-38007
* CVE-2021-38008
* CVE-2021-38009
* CVE-2021-38010
* CVE-2021-38011
* CVE-2021-38012
* CVE-2021-38013
* CVE-2021-38014
* CVE-2021-38015
* CVE-2021-38016
* CVE-2021-38017
* CVE-2021-38018
* CVE-2021-38019
* CVE-2021-38020
* CVE-2021-38021
* CVE-2021-38022
Revision Information:
=====================
- Version 1.1
- Reason for Revision: Corrected the Microsoft Edge (Chromium-based) version number.
This is an informational change only.
- Originally posted: November 19, 2021
- Updated: November 22, 2021
**************************************************************************************
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================
If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email.
