Patch Tuesday – December 2021

Patch Tuesday - December 2021
Patch Tuesday - December 2021

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228. In today’s security release, Microsoft issued fixes for 83 vulnerabilities across an array of products — including a fix for Windows Defender for IoT, which is vulnerable to CVE-2021-44228 amongst seven other remote code execution (RCE) vulnerabilities (the cloud service is not affected). Six CVEs in the bulletin have been publicly disclosed; the only vulnerability noted as being exploited in the wild in this month’s release is , a Windows AppX Installer spoofing bug that may aid in social engineering attacks and has evidently been used in Emotet malware campaigns.

Interestingly, this round of fixes also includes , a Windows Installer privilege escalation bug whose advisory is sparse despite the fact that it appears to affect all supported versions of Windows. While there’s no indication in the advisory that the two vulnerabilities are related, CVE-2021-43883 looks an awful lot like the fix for a zero-day vulnerability that made a splash in the security community last month after proof-of-concept exploit code was released and in-the-wild attacks began. The zero-day vulnerability, which researchers hypothesized was a patch bypass for CVE-2021-41379, allowed low-privileged attackers to overwrite protected files and escalate to SYSTEM. Rapid7’s vulnerability research team did a full root cause analysis of the bug as attacks ramped up in November.

As usual, RCE flaws figure prominently in the “Critical”-rated CVEs this month. In addition to Windows Defender for IoT, critical RCE bugs were fixed this month in Microsoft Office, Microsoft Devices, Internet Storage Name Service (iSNS), and the WSL extension for Visual Studio Code. Given the outsized risk presented by most vulnerable implementations of Log4Shell, administrators should prioritize patches for any products affected by CVE-2021-44228. Past that, put critical server-side and OS RCE patches at the top of your list, and we’d advise sneaking in the fix for CVE-2021-43883 despite its lower severity rating.

Summary charts

Patch Tuesday - December 2021
Patch Tuesday - December 2021
Patch Tuesday - December 2021
Patch Tuesday - December 2021

Summary tables

Apps Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Windows AppX Installer Spoofing Vulnerability Yes Yes 7.1 Yes
Microsoft Office app Remote Code Execution Vulnerability No No 9.6 Yes

Browser Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page No No N/A Yes
Chromium: CVE-2021-4067 Use after free in window manager No No N/A Yes
Chromium: CVE-2021-4066 Integer underflow in ANGLE No No N/A Yes
Chromium: CVE-2021-4065 Use after free in autofill No No N/A Yes
Chromium: CVE-2021-4064 Use after free in screen capture No No N/A Yes
Chromium: CVE-2021-4063 Use after free in developer tools No No N/A Yes
Chromium: CVE-2021-4062 Heap buffer overflow in BFCache No No N/A Yes
Chromium: CVE-2021-4061 Type Confusion in V8 No No N/A Yes
Chromium: CVE-2021-4059 Insufficient data validation in loader No No N/A Yes
Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE No No N/A Yes
Chromium: CVE-2021-4057 Use after free in file API No No N/A Yes
Chromium: CVE-2021-4056: Type Confusion in loader No No N/A Yes
Chromium: CVE-2021-4055 Heap buffer overflow in extensions No No N/A Yes
Chromium: CVE-2021-4054 Incorrect security UI in autofill No No N/A Yes
Chromium: CVE-2021-4053 Use after free in UI No No N/A Yes
Chromium: CVE-2021-4052 Use after free in web apps No No N/A Yes

Developer Tools Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Visual Studio Code WSL Extension Remote Code Execution Vulnerability No No 9.8 No
Visual Studio Code Spoofing Vulnerability No No nan No
Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
Microsoft PowerShell Spoofing Vulnerability No No 5.5 No
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability No No 7.4 No
Bot Framework SDK Remote Code Execution Vulnerability No No 7.5 No
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability No No 7.8 No

Device Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability No No 9.8 Yes

Microsoft Office Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Visual Basic for Applications Information Disclosure Vulnerability No No 5.5 Yes
Microsoft SharePoint Server Spoofing Vulnerability No No 8 Yes
Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.2 Yes
Microsoft Office Trust Center Spoofing Vulnerability No No 5.5 Yes
Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability No No 6.5 Yes
Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

System Center Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 9 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.8 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 8.1 Yes
Microsoft Defender for IoT Remote Code Execution Vulnerability No No 7.2 Yes
Microsoft Defender for IoT Information Disclosure Vulnerability No No 7.5 Yes
Microsoft Defender for IOT Elevation of Privilege Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
Windows TCP/IP Driver Elevation of Privilege Vulnerability No No 7.8 No
Windows Setup Elevation of Privilege Vulnerability No No 7.8 No
Windows Recovery Environment Agent Elevation of Privilege Vulnerability No No 7.1 No
Windows NTFS Elevation of Privilege Vulnerability No No 7.8 No
Windows Mobile Device Management Elevation of Privilege Vulnerability No Yes 5.5 Yes
Windows Kernel Information Disclosure Vulnerability No No 6.5 Yes
Windows Hyper-V Denial of Service Vulnerability No No 5.6 No
Windows Event Tracing Remote Code Execution Vulnerability No No 7.8 No
Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 No
Web Media Extensions Remote Code Execution Vulnerability No No 7.8 Yes
VP9 Video Extensions Information Disclosure Vulnerability No No 5.5 Yes
SymCrypt Denial of Service Vulnerability No No 7.5 No
Storage Spaces Controller Information Disclosure Vulnerability No No 5.5 Yes
Storage Spaces Controller Information Disclosure Vulnerability No No 5.5 Yes
NTFS Set Short Name Elevation of Privilege Vulnerability No Yes 7.8 No
HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
DirectX Graphics Kernel File Denial of Service Vulnerability No No 7.4 No

Windows ESU Vulnerabilities

CVE Vulnerability Title Exploited Publicly Disclosed? CVSSv3 Has FAQ?
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution No No 9.8 Yes
Windows Remote Access Elevation of Privilege Vulnerability No No 7.8 No
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
Windows Print Spooler Elevation of Privilege Vulnerability No Yes 7.8 No
Windows NTFS Elevation of Privilege Vulnerability No No 7.8 No
Windows NTFS Elevation of Privilege Vulnerability No No 7.8 No
Windows Media Center Elevation of Privilege Vulnerability No No 7.8 No
Windows Installer Elevation of Privilege Vulnerability No Yes 7.8 No
Windows Fax Service Remote Code Execution Vulnerability No No 7.8 No
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability No No 8.1 Yes
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability No Yes 7.5 No
Windows Digital TV Tuner Elevation of Privilege Vulnerability No No 7.8 No
Windows Common Log File System Driver Information Disclosure Vulnerability No No 5.5 Yes
Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
Remote Desktop Client Remote Code Execution Vulnerability No No 7.5 No
Microsoft Message Queuing Information Disclosure Vulnerability No No 7.5 Yes
Microsoft Message Queuing Information Disclosure Vulnerability No No 7.5 Yes
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability No No 6.5 Yes

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.