Microsoft Patch Tuesday - Several Severe Vulnerabilities + Active Exploitation
67 vulnerabilities, of which:
- 21 Elevation of Privilege Vulnerabilities
- 26 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 7 Spoofing Vulnerabilities
Critical:
- CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
- CVE-2021-41333 - Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2021-43880 - Windows Mobile Device Management Elevation of Privilege Vulnerability
- CVE-2021-43883 - Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-43893 - Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
Actively exploited:
- CVE-2021-43890 and is used in various malware distribution campaigns, including Emotet, TrickBot, and BazarLoader.
Risks
Multiple vulnerabilities in Microsoft products, posing a range of risks. Some vulnerabilities may crash the targeted device, while others can be used to take complete control over the device.
This month’s Patch Tuesday includes several severe vulnerabilities for a wide range of Microsoft products, including vulnerabilities in Microsoft Exchange, that can be used to run arbitrary code on the vulnerable device. These vulnerabilities are marked as “Critical” by Microsoft and require urgent attention.
Several vulnerabilities, including critical ones, are applicable for both Microsoft Server and Workstation.
Other vulnerabilities are also present, ranging from "Moderate" to “Critical”. In total, Microsoft released patches for 67 vulnerabilities. 6 of these vulnerabilities have the highest severity (Critical) and 1 is actively being exploited.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software. This month’s release covers 67 vulnerabilities, 6 of which are considered zero-day vulnerabilities. One of these vulnerabilities is also actively exploited in malware distribution campaigns. Due to the high severity and risk of these vulnerabilities, urgent patching is advised.
Recommended Actions
CERT.be recommends installing updates for vulnerable devices with the highest priority. Updates can be done through Microsoft’s Update panel, and/or through their Security Advisory website.