Patch Tuesday is once again upon us. The November 2021 edition of Patch Tuesday brings us 55 fixes, 5 of which are rated as critical. We've listed the most important changes below.
Microsoft Exchange RCE Exploited
Another security issue in Microsoft Exchange got fixed in this month's updates. Listed as CVE-2021-42321, the vulnerability has a CVSS 3.1 base score of 8.8. While this vulnerability wasn't rated as critical by Microsoft. Microsoft did say the following: "We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment."
Aside from the usual Microsoft security page, Microsoft created a specific blog post on their Exchange blog to provide more information about this vulnerability.
Microsoft Defender RCE Fixed
One of the critical fixes included this month is a fix for a Microsoft Defender remote code execution vulnerability. Listed as CVE-2021-42298 and with a CVSS 3.1 base score of 7.8, any version of the Microsoft Malware Protection Engine lower than 1.1.18700.3 is affected. For this specific vulnerability, no installation is required, since, by default, Microsoft updates the Malware Protection Engine automatically.
To be safe, you can still check what your assets' versions are by navigating to the Virus & threat protection menu in the Windows settings and selecting Settings, and then selecting About. However, for a more admin-friendly version. It is recommended to use a Lansweeper registry key scan along with the registry key report to audit the following registry key:
Another critical update is in the Remote Desktop Client. Listed as CVE-2021-38666 and with a CVSS 3.1 base score of 8.8, this vulnerability can be exploited if an attacker has control of a Remote Desktop Server which can be used to trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
Farzad Barari is founder and president of Hexafusion Canada Inc, where he leads the architecture, development and operation of the client's infrastructure, platforms, services, applications, cyber security and compliance.
Farzad has held technology leadership and individual contributor roles at numerous technology and consulting companies, including Purdys Chocolatier, Webtake Co, RTP Co and Siemens.