December Patch Tuesday 2021 Resolves 67 Vulnerabilities

December Patch Tuesday 2021 Fixes 67 Vulnerabilities

December Patch Tuesday Arrives with 67 Fixes

There are 7 Critical (one more than last month) and 60 Important fixes in this release.  Updates were included for Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management and Windows Remote Access.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. We are really close to the need to review for a third and final year of ESU if you are still using Windows 7 or 2008.

Robert Brown, Head of Customer Success for Syxsense said,“There are many extremely high risk vulnerabilities this month, with one being weaponized. Six other vulnerabilities are Publicly Aware meaning the exact method to exploit is public knowledge, and with some of these being recognized by Microsoft as Exploit More Likely, this is not what our customers wants to hear going into the end of year and Holiday Season.”

 

Top December Patches and Vulnerabilities

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

1. CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability

It has been linked to attacks associated with the Emotet/TrickBot/Bazaloader family. The vulnerability exists due to incorrect permissions in the windows installer service.  A local user can run a specially-crafted program to execute arbitrary code with SYSTEM privileges.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes

 Syxscore Risk

    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges: Low
    • User Interaction: Required
    • Scope (Jump Point): No

2. CVE-2021-43905: Microsoft Office App Remote Code Execution Vulnerability

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. A remote attacker can send a specially-crafted request and execute arbitrary code on the target system because of an improper input validation in Microsoft Office app.

Microsoft have suggested this vulnerability is Exploitation More Likely and with the threat of a Jump Point, this vulnerability can be used to hop into the OS and jump into another technology. This is an extremely serious vulnerability to resolve.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.6
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes

3. CVE-2021-43217: Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error when processing untrusted input in Windows Encrypting File System (EFS). The Encrypted File System, or EFS, provides an additional level of security for files and directories. It provides cryptographic protection of individual files on NTFS file system volumes using a public-key system. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.1
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponized Public Aware Countermeasure Highest Priority
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Important 7.1 Yes Yes Yes Yes
CVE-2021-43240 NTFS Set Short Name Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-41333 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-43893 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Important 7.5 No Yes No Yes
CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1 No Yes No Yes
CVE-2021-43880 Windows Mobile Device Management Elevation of Privilege Vulnerability Important 5.5 No Yes No Yes
CVE-2021-43215 iSNS Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43907 Visual Studio Code WSL Extension Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43905 Microsoft Office app Remote Code Execution Vulnerability Critical 9.6 No No No Yes
CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2021-41365 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42314 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42315 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42309 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-43217 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-42320 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No No Yes
CVE-2021-43233 Remote Desktop Client Remote Code Execution Vulnerability Critical 7 No No No Yes
CVE-2021-43877 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-40452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-40453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-41360 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-42312 Microsoft Defender for IOT Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43256 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43875 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43891 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43207 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43226 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43248 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43245 Windows Digital TV Tuner Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43232 Windows Event Tracing Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43234 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-40441 Windows Media Center Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43229 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43230 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43231 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43223 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43238 Windows Remote Access Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43247 Windows TCP/IP Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-43225 Bot Framework SDK Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2021-43888 Microsoft Defender for IoT Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43222 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43236 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43228 Sym Crypt Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-43219 DirectX Graphics Kernel File Denial of Service Vulnerability Important 7.4 No No No
CVE-2021-43889 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-42294 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-43892 Microsoft BizTalk ESB Toolkit Spoofing Vulnerability Important 7.1 No No No
CVE-2021-43239 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2021-43216 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-43246 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No No
CVE-2021-43255 Microsoft Office Trust Center Spoofing Vulnerability Important 5.5 No No No
CVE-2021-43896 Microsoft PowerShell Spoofing Vulnerability Important 5.5 No No No
CVE-2021-43227 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43235 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43243 VP9 Video Extensions Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43224 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43908 Visual Studio Code Spoofing Vulnerability Important N/A No