Microsoft Patch Tuesday – November 2021 - Hexafusion Blog | Hexafusion

Hexafusion Blog

Microsoft Patch Tuesday – November 2021

Hexafusion Blog
WindowsUpdat_20211110-035156_1

 

Patch Tuesday is once again upon us. The November 2021 edition of Patch Tuesday brings us 55 fixes, 5 of which are rated as critical. We've listed the most important changes below.

Microsoft Exchange RCE Exploited

Another security issue in Microsoft Exchange got fixed in this month's updates. Listed as CVE-2021-42321, the vulnerability has a CVSS 3.1 base score of 8.8. While this vulnerability wasn't rated as critical by Microsoft. Microsoft did say the following: "We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment."

Aside from the usual Microsoft security page, Microsoft created a specific blog post on their Exchange blog to provide more information about this vulnerability.

Microsoft Defender RCE Fixed

One of the critical fixes included this month is a fix for a Microsoft Defender remote code execution vulnerability. Listed as CVE-2021-42298 and with a CVSS 3.1 base score of 7.8, any version of the Microsoft Malware Protection Engine lower than 1.1.18700.3 is affected. For this specific vulnerability, no installation is required, since, by default, Microsoft updates the Malware Protection Engine automatically.

To be safe, you can still check what your assets' versions are by navigating to the Virus & threat protection menu in the Windows settings and selecting Settings, and then selecting About. However, for a more admin-friendly version. It is recommended to use a Lansweeper registry key scan along with the registry key report to audit the following registry key:

  • Rootkey: HKEY_LOCAL_MACHINE
  • Regpath: SOFTWARE\Microsoft\Windows Defender\Signature Updates
  • Regvalue: EngineVersion
Windows Defender RCE report

Remote Desktop Client RCE

Another critical update is in the Remote Desktop Client. Listed as CVE-2021-38666 and with a CVSS 3.1 base score of 8.8, this vulnerability can be exploited if an attacker has control of a Remote Desktop Server which can be used to trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

 
Patch Tuesday November 2021 CVE Codes & Titles
CVE Number CVE Title
CVE-2021-43209 3D Viewer Remote Code Execution Vulnerability
CVE-2021-43208 3D Viewer Remote Code Execution Vulnerability
CVE-2021-42323 Azure RTOS Information Disclosure Vulnerability
CVE-2021-42322 Visual Studio Code Elevation of Privilege Vulnerability
CVE-2021-42321 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-42319 Visual Studio Elevation of Privilege Vulnerability
CVE-2021-42316 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-42305 Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-42304 Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42303 Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42302 Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42301 Azure RTOS Information Disclosure Vulnerability
CVE-2021-42300 Azure Sphere Tampering Vulnerability
CVE-2021-42298 Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-42296 Microsoft Word Remote Code Execution Vulnerability
CVE-2021-42292 Microsoft Excel Security Feature Bypass Vulnerability
CVE-2021-42291 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42288 Windows Hello Security Feature Bypass Vulnerability
CVE-2021-42287 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42286 Windows Core-Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
CVE-2021-42285 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-42284 Windows Hyper-V Denial of Service Vulnerability
CVE-2021-42283 NTFS Elevation of Privilege Vulnerability
CVE-2021-42282 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42280 Windows Feedback Hub Elevation of Privilege Vulnerability
CVE-2021-42279 Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2021-42278 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42277 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-42276 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-42275 Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2021-42274 Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
CVE-2021-41379 Windows Installer Elevation of Privilege Vulnerability
CVE-2021-41378 Windows NTFS Remote Code Execution Vulnerability
CVE-2021-41377 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2021-41376 Azure Sphere Information Disclosure Vulnerability
CVE-2021-41375 Azure Sphere Information Disclosure Vulnerability
CVE-2021-41374 Azure Sphere Information Disclosure Vulnerability
CVE-2021-41373 FSLogix Information Disclosure Vulnerability
CVE-2021-41372 Power BI Report Server Spoofing Vulnerability
CVE-2021-41371 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-41370 NTFS Elevation of Privilege Vulnerability
CVE-2021-41368 Microsoft Access Remote Code Execution Vulnerability
CVE-2021-41367 NTFS Elevation of Privilege Vulnerability
CVE-2021-41366 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2021-41356 Windows Denial of Service Vulnerability
CVE-2021-41351 Microsoft Edge (Chrome based) Spoofing on IE Mode
CVE-2021-41349 Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-40442 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38666 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-38665 Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38631 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-3711 OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow
CVE-2021-36957 Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-26444 Azure RTOS Information Disclosure Vulnerability
CVE-2021-26443 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
LinkedIn
Stellar Cyber Open XDR, Barracuda Integrations: Po...
Why Network Detection and Response (NDR)? See the ...

About the author

Farzad

Farzad

Farzad Barari is founder and president of Hexafusion Canada Inc, where he leads the architecture, development and operation of the client's infrastructure, platforms, services, applications, cyber security and compliance.

Farzad has held technology leadership and individual contributor roles at numerous technology and consulting companies, including Purdys Chocolatier, Webtake Co, RTP Co and Siemens.

Author's recent posts
More posts from author

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/

Posts by Topic

Tag Cloud

Blog Archive

Mobile? Grab this Article

QR Code

Customer Login

News & Updates

Contact us

Learn more about what Hexafusion can do for your business.

Hexafusion
250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1

Copyright Hexafusion. All Rights Reserved.