CVEs have been published or revised in the Security Update Guide

April 11, 2023

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2021-26414

· Title: Windows DCOM Server Security Feature Bypass

· Version: 4.0

· Reason for revision: Microsoft is announcing the release of the March 14, 2023 Windows security updates for all supported editions. These updates address the third phase of hardening changes for this vulnerability. After these updates are installed, hardening is enabled by default and customers will no longer have the ability to disable it. Microsoft strongly recommends that customers install the March 14, 2023 updates, but before doing so customers should resolve any compatibility issues with the hardening changes and applications in your environment. For more information see [Managing changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)](https://support.microsoft.com/help/5004442).

· Originally released: June 8, 2021

· Last updated: March 14, 2023

· Aggregate CVE Severity Rating:

CVE-2022-23257

· Title: Windows Hyper-V Remote Code Execution Vulnerability

· Version: 2.0

· Reason for revision: In the Security Updates table, added Windows 11 Version 22H2 for x64-based Systems as this version of Windows is affected by this vulnerability. Microsoft strongly recommends that customers install the March 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

· Originally released: April 12, 2022

· Last updated: March 14, 2023

· Aggregate CVE Severity Rating:

CVE-2022-23816

· Title: AMD: CVE-2022-23816 AMD CPU Branch Type Confusion

· Version: 2.0

· Reason for revision: The following updates have been made to this CVE: 1) Microsoft is announcing the availability of the March 2023 security updates to address this vulnerability for all supported versions of Windows, with the exception of Windows Server 2022 and Windows Server 2022 (Server Core installation). The updates for Windows Server 2022 were released on February 14, 2023. 2) In the Security Updates table, removed all versions of Windows 7 and Windows 8.1 as these versions are no longer in support.

· Originally released: July 12, 2022

· Last updated: March 14, 2023

· Aggregate CVE Severity Rating: Important

CVE-2022-23825

· Title: AMD: CVE-2022-23825 AMD CPU Branch Type Confusion

· Version: 2.0

· Reason for revision: The following updates have been made to this CVE: 1) Microsoft is announcing the availability of the March 2023 security updates to address this vulnerability for all supported versions of Windows, with the exception of Windows Server 2022 and Windows Server 2022 (Server Core installation). The updates for Windows Server 2022 were released on February 14, 2023. 2) In the Security Updates table, removed all versions of Windows 7 and Windows 8.1 as these versions are no longer in support.

· Originally released: July 12, 2022

· Last updated: March 14, 2023

· Aggregate CVE Severity Rating: Important

CVE-2022-41127

· Title: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

· Version: 2.0

· Reason for revision: In the Security Updates table, added added the following supported editions of Microsoft Dynamics NAV as they are affected by this vulnerability: Microsoft Dynamics NAV 2013 R2 and Microsoft Dynamics NAV 2015. Microsoft strongly recommends that customers install the updates to be fully protected from this vulnerability.

· Originally released: December 13, 2022

· Last updated: March 14, 2023

· Aggregate CVE Severity Rating: Critical

CVE-2022-43552

· Title: Open Source Curl Remote Code Execution Vulnerability

· Version: 3.0

· Reason for revision: Microsoft is announcing the availability of the April 2023 security updates to address this vulnerability for all supported versions of Windows 10 version 1809, Windows 10 version 20H2, Windows 10 version 21H2, Windows 10 version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows Server 2019, and Windows Server 2022. Microsoft strongly recommends that customers install the April 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

· Originally released: February 10, 2023

· Last updated: April 11, 2023

· Aggregate CVE Severity Rating: Important