Microsoft November 2021 Patch Tuesday
This month we got patches for 55 vulnerabilities. Of these, 6 are critical, 4 were previously disclosed and 2 are being exploited according to Microsoft.
One of the exploited vulnerabilities is a remote code execution affecting Microsoft Exchange Server (CVE-2021-42321). According to the advisory, the vulnerability occurs due to improper validation of cmdlet arguments and, to exploit the vulnerability, an attacker need to be in an authenticated role in the Exchange Server. The CVSS v3 score for this vulnerability is 8.8 (out of 10).
The other exploited vulnerability is a security feature bypass affecing Microsoft Excel (CVE-2021-42292). According to the advisory, to sucessfully exploit the vulnerability, an attacker requres user interaction. This vulnerabilty affects Microsoft Excel in different product bundles, including Excel for Mac OS.
The highest CVSS v3 this month (9.0) was associated a remote code execution vulnerability affecting Microsoft Virtual Machine Bus (VMBus) (CVE-2021-26443). According to the advisory, to exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Host. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
Last but not least, there is another vulnerability worth mentioning. A critical remote code execution vulnerabilty was fixed on Remote Desktop Client (CVE-2021-38666). According to the advisory, there is no known exploit for this vulnerability but it is more likely to be exploited. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
November 2021 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) | 
| 3D Viewer Remote Code Execution Vulnerability | |||||||
| CVE-2021-43208 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| CVE-2021-43209 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42278 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | 
| CVE-2021-42282 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | 
| CVE-2021-42287 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | 
| CVE-2021-42291 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | 
| Azure RTOS Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42302 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 | 
| CVE-2021-42303 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 | 
| CVE-2021-42304 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 | 
| Azure RTOS Information Disclosure Vulnerability | |||||||
| CVE-2021-42301 | No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 | 
| CVE-2021-42323 | No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 | 
| CVE-2021-26444 | No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 | 
| Azure Sphere Information Disclosure Vulnerability | |||||||
| CVE-2021-41374 | No | No | Less Likely | Less Likely | Important | 6.7 | 5.8 | 
| CVE-2021-41375 | No | No | Less Likely | Less Likely | Important | 4.4 | 3.9 | 
| CVE-2021-41376 | No | No | Less Likely | Less Likely | Important | 2.3 | 2.0 | 
| Azure Sphere Tampering Vulnerability | |||||||
| CVE-2021-42300 | No | No | Less Likely | Less Likely | Important | 6.0 | 5.2 | 
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2021-42279 | No | No | - | - | Critical | 4.2 | 3.8 | 
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||||
| CVE-2021-41366 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42277 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | 
| FSLogix Information Disclosure Vulnerability | |||||||
| CVE-2021-41373 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 | 
| Microsoft Access Remote Code Execution Vulnerability | |||||||
| CVE-2021-41368 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 | 
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||||
| CVE-2021-42275 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 | 
| Microsoft Defender Remote Code Execution Vulnerability | |||||||
| CVE-2021-42298 | No | No | More Likely | More Likely | Critical | 7.8 | 6.8 | 
| Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | |||||||
| CVE-2021-42316 | No | No | Less Likely | Less Likely | Critical | 8.7 | 7.6 | 
| Microsoft Edge (Chrome based) Spoofing on IE Mode | |||||||
| CVE-2021-41351 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 | 
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2021-40442 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Microsoft Excel Security Feature Bypass Vulnerability | |||||||
| CVE-2021-42292 | No | Yes | Detected | Detected | Important | 7.8 | 7.0 | 
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
| CVE-2021-42321 | No | Yes | Detected | Detected | Important | 8.8 | 7.7 | 
| Microsoft Exchange Server Spoofing Vulnerability | |||||||
| CVE-2021-41349 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | 
| CVE-2021-42305 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | 
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||||
| CVE-2021-26443 | No | No | Less Likely | Less Likely | Critical | 9.0 | 7.8 | 
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
| CVE-2021-42276 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2021-42296 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| NTFS Elevation of Privilege Vulnerability | |||||||
| CVE-2021-41367 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| CVE-2021-41370 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| CVE-2021-42283 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 | 
| OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow | |||||||
| CVE-2021-3711 | No | No | Less Likely | Less Likely | Critical | ||
| Power BI Report Server Spoofing Vulnerability | |||||||
| CVE-2021-41372 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.8 | 
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2021-38666 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 | 
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
| CVE-2021-38665 | No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 | 
| Visual Studio Code Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42322 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Visual Studio Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42319 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 | 
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42286 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Windows Denial of Service Vulnerability | |||||||
| CVE-2021-41356 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 | 
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||||
| CVE-2021-36957 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2021-41377 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Windows Feedback Hub Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42280 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | 
| Windows Hello Security Feature Bypass Vulnerability | |||||||
| CVE-2021-42288 | No | No | Less Likely | Less Likely | Important | 5.7 | 5.1 | 
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2021-42284 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 | 
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | |||||||
| CVE-2021-42274 | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 | 
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| CVE-2021-41379 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | 
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2021-42285 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Windows NTFS Remote Code Execution Vulnerability | |||||||
| CVE-2021-41378 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | 
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||||
| CVE-2021-38631 | Yes | No | Less Likely | Less Likely | Important | 4.4 | 3.9 | 
| CVE-2021-41371 | Yes | No | Less Likely | Less Likely | Important | 4.4 | 3.9 | 
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
 
              
Comments