VERT Threat Alert: November 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th.
In-The-Wild & Disclosed CVEs
Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It is important to note that there may be multiple patches to apply to ensure you are fully protected against this vulnerability.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
This vulnerability is the second to see active exploitation this month. A vulnerability in Exchange Server could allow for code execution. Microsoft has released a blog post with details on the update. The vulnerability itself requires that the attacker be authenticated and take advantage of improper validation of cmdlet arguments.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
CVE-2021-38631 is the first of two vulnerabilities that could allow RDP client passwords to be disclosed to RDP server admins.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-41371 is the partner vulnerability to CVE-2021-38631, another vulnerability that could allow the RDP client passwords to be disclosed to RDP server admins.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
The first of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index
The second of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be bold
Tag CVE Count CVEs Windows Fastfat Driver 1 CVE-2021-41377 Microsoft Office Word 1 CVE-2021-42296 Microsoft Edge (Chromium-based) in IE Mode 1 CVE-2021-41351 Windows Virtual Machine Bus 1 CVE-2021-26443 Windows Installer 1 CVE-2021-41379 Visual Studio 2 CVE-2021-3711, CVE-2021-42319 Microsoft Dynamics 1 CVE-2021-42316 Azure Sphere 4 CVE-2021-42300, CVE-2021-41374, CVE-2021-41375, CVE-2021-41376 Microsoft Windows Codecs Library 1 CVE-2021-42276 Visual Studio Code 1 CVE-2021-42322 Microsoft Office Excel 2 CVE-2021-40442, CVE-2021-42292 3D Viewer 2 CVE-2021-43208, CVE-2021-43209 Windows Cred SSProvider Protocol 1 CVE-2021-41366 Windows Kernel 1 CVE-2021-42285 Microsoft Exchange Server 3 CVE-2021-41349, CVE-2021-42305, CVE-2021-42321 Power BI 1 CVE-2021-41372 Windows Defender 1 CVE-2021-42298 Windows Desktop Bridge 1 CVE-2021-36957 Windows Feedback Hub 1 CVE-2021-42280 Windows Active Directory 4 CVE-2021-42278, CVE-2021-42282, CVE-2021-42287, CVE-2021-42291 Windows Diagnostic Hub 1 CVE-2021-42277 Windows Scripting 1 CVE-2021-42279 Windows RDP 4 CVE-2021-38631, CVE-2021-41371, CVE-2021-38665, CVE-2021-38666 Azure RTOS 6 CVE-2021-42301, CVE-2021-42302, CVE-2021-42303, CVE-2021-42304, CVE-2021-42323, CVE-2021-26444 Azure 1 CVE-2021-41373 Microsoft Office Access 1 CVE-2021-41368 Role: Windows Hyper-V 2 CVE-2021-42274, CVE-2021-42284 Windows Hello 1 CVE-2021-42288 Windows COM 1 CVE-2021-42275 Windows Core Shell 1 CVE-2021-42286 Microsoft Windows 1 CVE-2021-41356 Windows NTFS 4 CVE-2021-41367, CVE-2021-41378, CVE-2021-41370, CVE-2021-42283
Other Information
There were no new advisories included with the November Security Guidance.