[SANS ISC] Microsoft November 2021 Patch Tuesday, (Tue, Nov 9th)

This month we got patches for 55 vulnerabilities. Of these, 6 are critical, 4 were previously disclosed and 2 are being exploited according to Microsoft.

One of the exploited vulnerabilities is a remote code execution affecting Microsoft Exchange Server (CVE-2021-42321). According to the advisory, the vulnerability occurs due to improper validation of cmdlet arguments and, to exploit the vulnerability, an attacker need to be in an authenticated role in the Exchange Server. The CVSS v3 score for this vulnerability is 8.8 (out of 10).

The other exploited vulnerability is a security feature bypass affecing Microsoft Excel (CVE-2021-42292). According to the advisory, to sucessfully exploit the vulnerability, an attacker requres user interaction. This vulnerabilty affects Microsoft Excel in different product bundles, including Excel for Mac OS. 

The highest CVSS v3 this month (9.0) was associated a remote code execution vulnerability affecting Microsoft Virtual Machine Bus (VMBus) (CVE-2021-26443). According to the advisory, to exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Host. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

Last but not least, there is another vulnerability worth mentioning. A critical remote code execution vulnerabilty was fixed on Remote Desktop Client (CVE-2021-38666). According to the advisory, there is no known exploit for this vulnerability but it is more likely to be exploited. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

November 2021 Security Updates

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

3D Viewer Remote Code Execution Vulnerability

%%cve:2021-43208%%
Yes
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-43209%%
Yes
No
Less Likely
Less Likely
Important
7.8
6.8

Active Directory Domain Services Elevation of Privilege Vulnerability

%%cve:2021-42278%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-42282%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-42287%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

%%cve:2021-42291%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Azure RTOS Elevation of Privilege Vulnerability

%%cve:2021-42302%%
No
No
Less Likely
Less Likely
Important
6.6
5.8

%%cve:2021-42303%%
No
No
Less Likely
Less Likely
Important
6.6
5.8

%%cve:2021-42304%%
No
No
Less Likely
Less Likely
Important
6.6
5.8

Azure RTOS Information Disclosure Vulnerability

%%cve:2021-42301%%
No
No
Less Likely
Less Likely
Important
3.3
2.9

%%cve:2021-42323%%
No
No
Less Likely
Less Likely
Important
3.3
2.9

%%cve:2021-26444%%
No
No
Less Likely
Less Likely
Important
3.3
2.9

Azure Sphere Information Disclosure Vulnerability

%%cve:2021-41374%%
No
No
Less Likely
Less Likely
Important
6.7
5.8

%%cve:2021-41375%%
No
No
Less Likely
Less Likely
Important
4.4
3.9

%%cve:2021-41376%%
No
No
Less Likely
Less Likely
Important
2.3
2.0

Azure Sphere Tampering Vulnerability

%%cve:2021-42300%%
No
No
Less Likely
Less Likely
Important
6.0
5.2

Chakra Scripting Engine Memory Corruption Vulnerability

%%cve:2021-42279%%
No
No


Critical
4.2
3.8

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

%%cve:2021-41366%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

%%cve:2021-42277%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

FSLogix Information Disclosure Vulnerability

%%cve:2021-41373%%
No
No
Less Likely
Less Likely
Important
5.5
5.0

Microsoft Access Remote Code Execution Vulnerability

%%cve:2021-41368%%
No
No
Less Likely
Less Likely
Important
6.1
5.3

Microsoft COM for Windows Remote Code Execution Vulnerability

%%cve:2021-42275%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Microsoft Defender Remote Code Execution Vulnerability

%%cve:2021-42298%%
No
No
More Likely
More Likely
Critical
7.8
6.8

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

%%cve:2021-42316%%
No
No
Less Likely
Less Likely
Critical
8.7
7.6

Microsoft Edge (Chrome based) Spoofing on IE Mode

%%cve:2021-41351%%
No
No
Less Likely
Less Likely
Important
4.3
3.9

Microsoft Excel Remote Code Execution Vulnerability

%%cve:2021-40442%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Excel Security Feature Bypass Vulnerability

%%cve:2021-42292%%
No
Yes
Detected
Detected
Important
7.8
7.0

Microsoft Exchange Server Remote Code Execution Vulnerability

%%cve:2021-42321%%
No
Yes
Detected
Detected
Important
8.8
7.7

Microsoft Exchange Server Spoofing Vulnerability

%%cve:2021-41349%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2021-42305%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

%%cve:2021-26443%%
No
No
Less Likely
Less Likely
Critical
9.0
7.8

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

%%cve:2021-42276%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Word Remote Code Execution Vulnerability

%%cve:2021-42296%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

NTFS Elevation of Privilege Vulnerability

%%cve:2021-41367%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-41370%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-42283%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow

%%cve:2021-3711%%
No
No
Less Likely
Less Likely
Critical
 
 

Power BI Report Server Spoofing Vulnerability

%%cve:2021-41372%%
No
No
Less Likely
Less Likely
Important
7.6
6.8

Remote Desktop Client Remote Code Execution Vulnerability

%%cve:2021-38666%%
No
No
More Likely
More Likely
Critical
8.8
7.7

Remote Desktop Protocol Client Information Disclosure Vulnerability

%%cve:2021-38665%%
No
No
Less Likely
Less Likely
Important
7.4
6.4

Visual Studio Code Elevation of Privilege Vulnerability

%%cve:2021-42322%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Elevation of Privilege Vulnerability

%%cve:2021-42319%%
No
No
Less Likely
Less Likely
Important
4.7
4.1

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

%%cve:2021-42286%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Denial of Service Vulnerability

%%cve:2021-41356%%
No
No
More Likely
More Likely
Important
7.5
6.7

Windows Desktop Bridge Elevation of Privilege Vulnerability

%%cve:2021-36957%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

%%cve:2021-41377%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Feedback Hub Elevation of Privilege Vulnerability

%%cve:2021-42280%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Hello Security Feature Bypass Vulnerability

%%cve:2021-42288%%
No
No
Less Likely
Less Likely
Important
5.7
5.1

Windows Hyper-V Denial of Service Vulnerability

%%cve:2021-42284%%
No
No
Less Likely
Less Likely
Important
6.8
6.1

Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability

%%cve:2021-42274%%
No
No
Less Likely
Less Likely
Important
6.8
5.9

Windows Installer Elevation of Privilege Vulnerability

%%cve:2021-41379%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Kernel Elevation of Privilege Vulnerability

%%cve:2021-42285%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows NTFS Remote Code Execution Vulnerability

%%cve:2021-41378%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

%%cve:2021-38631%%
Yes
No
Less Likely
Less Likely
Important
4.4
3.9

%%cve:2021-41371%%
Yes
No
Less Likely
Less Likely
Important
4.4
3.9


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[SecurityWeek] White House Blacklists Russian Ransomware Payment ‘Enabler’

All posts, Security Week

The Biden administration sought Tuesday to choke the finances of criminal ransomware gangs, announcing sanctions against a Russia-based virtual currency brokerage that officials say helped at least eight ransomware gangs launder virtual currency. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] High-Severity RCE Flaw Disclosed in Several Netgear Router Models

All posts, HackerNews

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. <!–adsense–> Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models – R6400v2 (fixed in firmware version 1.0.4.120) R6700 Source: Read More […]

Read More

Daily NCSC-FI news followup 2021-09-25

Onko kiinalainen puhelin vaarallinen? Näin kommentoivat viran­omainen ja tieto­turva-asian­tuntija www.is.fi/digitoday/tietoturva/art-2000008283666.html Liettualaisten löydökset herättivät pelkoa kiinalaispuhelimiin. Asiantuntijoiden mukaan kyse ei ole yhteen maahan liittyvästä ongelmasta. Kuluttajan asema on kuitenkin vaikea. VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload […]

Read More