• Megan Haybyrne

55 vulnerabilities and six zero-days included in Microsoft’s November 2021 Patch Tuesday Release

Description

Microsoft have released November 2021 Patch Tuesday that highlights the fix for fifty-five vulnerabilities including six Critical and forty-nine important vulnerabilities. Successful exploitation of these vulnerabilities could allow Remote Code Execution (RCE), Denial of Service (DoS) and Privilege Escalation attacks. Notable vulnerabilities: CVE-2021-42292 - Microsoft Excel Security Feature Bypass Vulnerability CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-41371 - Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2021-43209 - 3D Viewer Remote Code Execution Vulnerability CVE-2021-43208 - 3D Viewer Remote Code Execution Vulnerability CVE-2021-38631 - Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Affected Products: The below products were affected by this patch release:

  • 3D Viewer

  • Azure

  • Azure RTOS

  • Azure Sphere

  • Microsoft Dynamics

  • Microsoft Edge (Chromium-based) in IE Mode

  • Microsoft Exchange Server

  • Microsoft Office Access

  • Microsoft Office Excel

  • Microsoft Office Word

  • Microsoft Windows

  • Microsoft Windows Codecs Library

  • Power BI

  • Role: Windows Hyper-V

  • Visual Studio

  • Visual Studio Code

  • Windows Active Directory

  • Windows COM

  • Windows Core Shell

  • Windows Cred SSProvider Protocol

  • Windows Defender

  • Windows Desktop Bridge

  • Windows Diagnostic Hub

  • Windows Feedback Hub

  • Windows Hello

  • Windows Installer

  • Windows Kernel

  • Windows NTFS

  • Windows RDP

  • Windows Scripting

  • Windows Virtual Machine Bus

Recommendation Permanent Fix: 1. Keep applications and operating systems running at the current released patch level. 2. Run software with the least privileges. Reference URL:

  • Https://msrc.microsoft.com/update-guide

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42292

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42321

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41371

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43209

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43208

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38631





0 views0 comments