VERT Threat Alert: December 2021 Patch Tuesday Analysis – Security Boulevard

VERT Threat Alert: December 2021 Patch Tuesday Analysis - Security Boulevard

Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th.

In-The-Wild & Disclosed CVEs

Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This vulnerability has been actively used in the spread of Emotet malware.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-41333 is yet another print spooler vulnerability. All versions of Windows from Server 2008 through to Server 2022 are impacted by this vulnerability.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

This is a Windows 11 only vulnerability that would allow an attacker who successfully exploited the vulnerability to delete files. They would not have additional access to view or modify files.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

A vulnerability in the Windows Installer on all versions of Windows from Server 2008 through to Server 2022 could allow for elevation of privilege.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

A vulnerability in NTFS Set Short Name could allow elevation of privilege. Short name refers to the 8dot3 naming convention. This vulnerability impacts Windows 10 and Windows 11 and related server platforms.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

The final vulnerability on this list this month is an elevation of privilege vulnerability in Windows Encrypting File System (EFS).

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.