PRUEBA AHORA
Patch Tuesday

Microsoft Patch Tuesday – November 2021

5 min. read
09/11/2021
By Esben Dochy
Microsoft Patch Tuesday November 2021

Patch Tuesday is once again upon us. The November 2021 edition of Patch Tuesday brings us 55 fixes, 5 of which are rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the November 2021 Patch Tuesday Audit Report

Microsoft Exchange RCE Exploited

Another security issue in Microsoft Exchange got fixed in this month’s updates. Listed as CVE-2021-42321, the vulnerability has a CVSS 3.1 base score of 8.8. While this vulnerability wasn’t rated as critical by Microsoft. Microsoft did say the following: «We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.«

Aside from the usual Microsoft security page, Microsoft created a specific blog post on their Exchange blog to provide more information about this vulnerability.

Microsoft Defender RCE Fixed

One of the critical fixes included this month is a fix for a Microsoft Defender remote code execution vulnerability. Listed as CVE-2021-42298 and with a CVSS 3.1 base score of 7.8, any version of the Microsoft Malware Protection Engine lower than 1.1.18700.3 is affected. For this specific vulnerability, no installation is required, since, by default, Microsoft updates the Malware Protection Engine automatically.

To be safe, you can still check what your assets’ versions are by navigating to the Virus & threat protection menu in the Windows settings and selecting Settings, and then selecting About. However, for a more admin-friendly version. It is recommended to use a Lansweeper registry key scan along with the registry key report to audit the following registry key:

  • Rootkey: HKEY_LOCAL_MACHINE
  • Regpath: SOFTWAREMicrosoftWindows DefenderSignature Updates
  • Regvalue: EngineVersion
Windows Defender RCE report

Remote Desktop Client RCE

Another critical update is in the Remote Desktop Client. Listed as CVE-2021-38666 and with a CVSS 3.1 base score of 8.8, this vulnerability can be exploited if an attacker has control of a Remote Desktop Server which can be used to trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

Run the Patch Tuesday November 2021 Audit Report

To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

Patch Tuesday November 2021 CVE Codes & Titles

CVE NumberCVE Title
CVE-2021-432093D Viewer Remote Code Execution Vulnerability
CVE-2021-432083D Viewer Remote Code Execution Vulnerability
CVE-2021-42323Azure RTOS Information Disclosure Vulnerability
CVE-2021-42322Visual Studio Code Elevation of Privilege Vulnerability
CVE-2021-42321Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-42319Visual Studio Elevation of Privilege Vulnerability
CVE-2021-42316Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-42305Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-42304Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42303Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42302Azure RTOS Elevation of Privilege Vulnerability
CVE-2021-42301Azure RTOS Information Disclosure Vulnerability
CVE-2021-42300Azure Sphere Tampering Vulnerability
CVE-2021-42298Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-42296Microsoft Word Remote Code Execution Vulnerability
CVE-2021-42292Microsoft Excel Security Feature Bypass Vulnerability
CVE-2021-42291Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42288Windows Hello Security Feature Bypass Vulnerability
CVE-2021-42287Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42286Windows Core-Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
CVE-2021-42285Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-42284Windows Hyper-V Denial of Service Vulnerability
CVE-2021-42283NTFS Elevation of Privilege Vulnerability
CVE-2021-42282Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42280Windows Feedback Hub Elevation of Privilege Vulnerability
CVE-2021-42279Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2021-42278Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42277Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-42276Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-42275Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2021-42274Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
CVE-2021-41379Windows Installer Elevation of Privilege Vulnerability
CVE-2021-41378Windows NTFS Remote Code Execution Vulnerability
CVE-2021-41377Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2021-41376Azure Sphere Information Disclosure Vulnerability
CVE-2021-41375Azure Sphere Information Disclosure Vulnerability
CVE-2021-41374Azure Sphere Information Disclosure Vulnerability
CVE-2021-41373FSLogix Information Disclosure Vulnerability
CVE-2021-41372Power BI Report Server Spoofing Vulnerability
CVE-2021-41371Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-41370NTFS Elevation of Privilege Vulnerability
CVE-2021-41368Microsoft Access Remote Code Execution Vulnerability
CVE-2021-41367NTFS Elevation of Privilege Vulnerability
CVE-2021-41366Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2021-41356Windows Denial of Service Vulnerability
CVE-2021-41351Microsoft Edge (Chrome based) Spoofing on IE Mode
CVE-2021-41349Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-40442Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38666Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-38665Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38631Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-3711OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow
CVE-2021-36957Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-26444Azure RTOS Information Disclosure Vulnerability
CVE-2021-26443Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" señala los campos obligatorios

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
Este campo es un campo de validación y debe quedar sin cambios.