VERT Threat Alert: November 2021 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th.

In-The-Wild & Disclosed CVEs

CVE-2021-42292

Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It is important to note that there may be multiple patches to apply to ensure you are fully protected against this vulnerability.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-42321

This vulnerability is the second to see active exploitation this month. A vulnerability in Exchange Server could allow for code execution. Microsoft has released a blog post with details on the update. The vulnerability itself requires that the attacker be authenticated and take advantage of improper validation of cmdlet arguments.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-38631

CVE-2021-38631 is the first of two vulnerabilities that could allow RDP client passwords to be disclosed to RDP server admins. 

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-41371

CVE-2021-41371 is the partner vulnerability to CVE-2021-38631, another vulnerability that could allow the RDP client passwords to be disclosed to RDP server admins.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-43208

The first of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index

CVE-2021-43209

The second of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold
TagCVE CountCVEs
Windows Fastfat Driver1CVE-2021-41377
Microsoft Office Word1CVE-2021-42296
Microsoft Edge (Chromium-based) in IE Mode1CVE-2021-41351
Windows Virtual Machine Bus1CVE-2021-26443
Windows Installer1CVE-2021-41379
Visual Studio2CVE-2021-3711, CVE-2021-42319
Microsoft Dynamics1CVE-2021-42316
Azure Sphere4CVE-2021-42300, CVE-2021-41374, CVE-2021-41375, CVE-2021-41376
Microsoft Windows Codecs Library1CVE-2021-42276
Visual Studio Code1CVE-2021-42322
Microsoft Office Excel2CVE-2021-40442, CVE-2021-42292
3D Viewer2CVE-2021-43208, CVE-2021-43209
Windows Cred SSProvider Protocol1CVE-2021-41366
Windows Kernel1CVE-2021-42285
Microsoft Exchange Server3CVE-2021-41349, CVE-2021-42305, CVE-2021-42321
Power BI1CVE-2021-41372
Windows Defender1CVE-2021-42298
Windows Desktop Bridge1CVE-2021-36957
Windows Feedback Hub1CVE-2021-42280
Windows Active Directory4CVE-2021-42278, CVE-2021-42282, CVE-2021-42287, CVE-2021-42291
Windows Diagnostic Hub1CVE-2021-42277
Windows Scripting1CVE-2021-42279
Windows RDP4CVE-2021-38631, CVE-2021-41371, CVE-2021-38665, CVE-2021-38666
Azure RTOS6CVE-2021-42301, CVE-2021-42302, CVE-2021-42303, CVE-2021-42304, CVE-2021-42323, CVE-2021-26444
Azure1CVE-2021-41373
Microsoft Office Access1CVE-2021-41368
Role: Windows Hyper-V2CVE-2021-42274, CVE-2021-42284
Windows Hello1CVE-2021-42288
Windows COM1CVE-2021-42275
Windows Core Shell1CVE-2021-42286
Microsoft Windows1CVE-2021-41356
Windows NTFS4CVE-2021-41367, CVE-2021-41378, CVE-2021-41370, CVE-2021-42283

Other Information

There were no new advisories included with the November Security Guidance.



Source link