Patch Tuesday is once again upon us. The November 2021 edition of Patch Tuesday brings us 55 fixes, 5 of which are rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the November 2021 Patch Tuesday Audit Report
Microsoft Exchange RCE Exploited
Another security issue in Microsoft Exchange got fixed in this month’s updates. Listed as CVE-2021-42321, the vulnerability has a CVSS 3.1 base score of 8.8. While this vulnerability wasn’t rated as critical by Microsoft. Microsoft did say the following: “We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.“
Aside from the usual Microsoft security page, Microsoft created a specific blog post on their Exchange blog to provide more information about this vulnerability.
Microsoft Defender RCE Fixed
One of the critical fixes included this month is a fix for a Microsoft Defender remote code execution vulnerability. Listed as CVE-2021-42298 and with a CVSS 3.1 base score of 7.8, any version of the Microsoft Malware Protection Engine lower than 1.1.18700.3 is affected. For this specific vulnerability, no installation is required, since, by default, Microsoft updates the Malware Protection Engine automatically.
To be safe, you can still check what your assets’ versions are by navigating to the Virus & threat protection menu in the Windows settings and selecting Settings, and then selecting About. However, for a more admin-friendly version. It is recommended to use a Lansweeper registry key scan along with the registry key report to audit the following registry key:
- Rootkey: HKEY_LOCAL_MACHINE
- Regpath: SOFTWAREMicrosoftWindows DefenderSignature Updates
- Regvalue: EngineVersion
Remote Desktop Client RCE
Another critical update is in the Remote Desktop Client. Listed as CVE-2021-38666 and with a CVSS 3.1 base score of 8.8, this vulnerability can be exploited if an attacker has control of a Remote Desktop Server which can be used to trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
Run the Patch Tuesday November 2021 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
Patch Tuesday November 2021 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2021-43209 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2021-43208 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2021-42323 | Azure RTOS Information Disclosure Vulnerability |
| CVE-2021-42322 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-42319 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2021-42316 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
| CVE-2021-42305 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-42304 | Azure RTOS Elevation of Privilege Vulnerability |
| CVE-2021-42303 | Azure RTOS Elevation of Privilege Vulnerability |
| CVE-2021-42302 | Azure RTOS Elevation of Privilege Vulnerability |
| CVE-2021-42301 | Azure RTOS Information Disclosure Vulnerability |
| CVE-2021-42300 | Azure Sphere Tampering Vulnerability |
| CVE-2021-42298 | Microsoft Defender Remote Code Execution Vulnerability |
| CVE-2021-42296 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability |
| CVE-2021-42291 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42288 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2021-42287 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42286 | Windows Core-Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability |
| CVE-2021-42285 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-42284 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2021-42283 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-42282 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42280 | Windows Feedback Hub Elevation of Privilege Vulnerability |
| CVE-2021-42279 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-42278 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42277 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| CVE-2021-42276 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| CVE-2021-42275 | Microsoft COM for Windows Remote Code Execution Vulnerability |
| CVE-2021-42274 | Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability |
| CVE-2021-41379 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2021-41378 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2021-41377 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-41376 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-41375 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-41374 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-41373 | FSLogix Information Disclosure Vulnerability |
| CVE-2021-41372 | Power BI Report Server Spoofing Vulnerability |
| CVE-2021-41371 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2021-41370 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-41368 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2021-41367 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-41366 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability |
| CVE-2021-41356 | Windows Denial of Service Vulnerability |
| CVE-2021-41351 | Microsoft Edge (Chrome based) Spoofing on IE Mode |
| CVE-2021-41349 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-40442 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-38666 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2021-38665 | Remote Desktop Protocol Client Information Disclosure Vulnerability |
| CVE-2021-38631 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2021-3711 | OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow |
| CVE-2021-36957 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
| CVE-2021-26444 | Azure RTOS Information Disclosure Vulnerability |
| CVE-2021-26443 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
Receive the Latest Patch Tuesday Report for FREE Every Month
"*" indicates required fields
