Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft November 2021 Patch Tuesday

Published: 2021-11-09
Last Updated: 2021-11-09 18:24:18 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 55 vulnerabilities. Of these, 6 are critical, 4 were previously disclosed and 2 are being exploited according to Microsoft.

One of the exploited vulnerabilities is a remote code execution affecting Microsoft Exchange Server (CVE-2021-42321). According to the advisory, the vulnerability occurs due to improper validation of cmdlet arguments and, to exploit the vulnerability, an attacker need to be in an authenticated role in the Exchange Server. The CVSS v3 score for this vulnerability is 8.8 (out of 10).

The other exploited vulnerability is a security feature bypass affecing Microsoft Excel (CVE-2021-42292). According to the advisory, to sucessfully exploit the vulnerability, an attacker requres user interaction. This vulnerabilty affects Microsoft Excel in different product bundles, including Excel for Mac OS. 

The highest CVSS v3 this month (9.0) was associated a remote code execution vulnerability affecting Microsoft Virtual Machine Bus (VMBus) (CVE-2021-26443). According to the advisory, to exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Host. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

Last but not least, there is another vulnerability worth mentioning. A critical remote code execution vulnerabilty was fixed on Remote Desktop Client (CVE-2021-38666). According to the advisory, there is no known exploit for this vulnerability but it is more likely to be exploited. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

November 2021 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
3D Viewer Remote Code Execution Vulnerability
CVE-2021-43208 Yes No Less Likely Less Likely Important 7.8 6.8
CVE-2021-43209 Yes No Less Likely Less Likely Important 7.8 6.8
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42278 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-42282 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-42287 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-42291 No No Less Likely Less Likely Important 7.5 6.5
Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42302 No No Less Likely Less Likely Important 6.6 5.8
CVE-2021-42303 No No Less Likely Less Likely Important 6.6 5.8
CVE-2021-42304 No No Less Likely Less Likely Important 6.6 5.8
Azure RTOS Information Disclosure Vulnerability
CVE-2021-42301 No No Less Likely Less Likely Important 3.3 2.9
CVE-2021-42323 No No Less Likely Less Likely Important 3.3 2.9
CVE-2021-26444 No No Less Likely Less Likely Important 3.3 2.9
Azure Sphere Information Disclosure Vulnerability
CVE-2021-41374 No No Less Likely Less Likely Important 6.7 5.8
CVE-2021-41375 No No Less Likely Less Likely Important 4.4 3.9
CVE-2021-41376 No No Less Likely Less Likely Important 2.3 2.0
Azure Sphere Tampering Vulnerability
CVE-2021-42300 No No Less Likely Less Likely Important 6.0 5.2
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2021-42279 No No - - Critical 4.2 3.8
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2021-41366 No No Less Likely Less Likely Important 7.8 6.8
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-42277 No No Less Likely Less Likely Important 5.5 4.8
FSLogix Information Disclosure Vulnerability
CVE-2021-41373 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Access Remote Code Execution Vulnerability
CVE-2021-41368 No No Less Likely Less Likely Important 6.1 5.3
Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2021-42275 No No Less Likely Less Likely Important 8.8 7.7
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-42298 No No More Likely More Likely Critical 7.8 6.8
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-42316 No No Less Likely Less Likely Critical 8.7 7.6
Microsoft Edge (Chrome based) Spoofing on IE Mode
CVE-2021-41351 No No Less Likely Less Likely Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40442 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2021-42292 No Yes Detected Detected Important 7.8 7.0
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-42321 No Yes Detected Detected Important 8.8 7.7
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-41349 No No Less Likely Less Likely Important 6.5 5.7
CVE-2021-42305 No No Less Likely Less Likely Important 6.5 5.7
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
CVE-2021-26443 No No Less Likely Less Likely Critical 9.0 7.8
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-42276 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-42296 No No Less Likely Less Likely Important 7.8 6.8
NTFS Elevation of Privilege Vulnerability
CVE-2021-41367 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-41370 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-42283 No No Less Likely Less Likely Important 8.8 7.7
OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow
CVE-2021-3711 No No Less Likely Less Likely Critical    
Power BI Report Server Spoofing Vulnerability
CVE-2021-41372 No No Less Likely Less Likely Important 7.6 6.8
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-38666 No No More Likely More Likely Critical 8.8 7.7
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38665 No No Less Likely Less Likely Important 7.4 6.4
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2021-42322 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Elevation of Privilege Vulnerability
CVE-2021-42319 No No Less Likely Less Likely Important 4.7 4.1
Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
CVE-2021-42286 No No Less Likely Less Likely Important 7.8 6.8
Windows Denial of Service Vulnerability
CVE-2021-41356 No No More Likely More Likely Important 7.5 6.7
Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-36957 No No Less Likely Less Likely Important 7.8 6.8
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2021-41377 No No Less Likely Less Likely Important 7.8 6.8
Windows Feedback Hub Elevation of Privilege Vulnerability
CVE-2021-42280 No No Less Likely Less Likely Important 5.5 4.8
Windows Hello Security Feature Bypass Vulnerability
CVE-2021-42288 No No Less Likely Less Likely Important 5.7 5.1
Windows Hyper-V Denial of Service Vulnerability
CVE-2021-42284 No No Less Likely Less Likely Important 6.8 6.1
Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
CVE-2021-42274 No No Less Likely Less Likely Important 6.8 5.9
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-41379 No No Less Likely Less Likely Important 5.5 4.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-42285 No No Less Likely Less Likely Important 7.8 6.8
Windows NTFS Remote Code Execution Vulnerability
CVE-2021-41378 No No Less Likely Less Likely Important 7.8 6.8
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-38631 Yes No Less Likely Less Likely Important 4.4 3.9
CVE-2021-41371 Yes No Less Likely Less Likely Important 4.4 3.9

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
Diary Archives