Microsoft has released December Patch Tuesday security updates with a total of 67 Vulnerabilities, including a zero-day being actively exploited. The products covered in December’s security update include Microsoft Edge, Azure, Microsoft Windows, Microsoft Office, Microsoft Excel, the Chromium-based Edge browser, Visual Studio Code, Windows Kernel, Print Spooler, Remote Desktop Client, etc.
The vulnerability for Windows AppX Installer (CVE-2021-43890) has been actively exploited.
CVE-2021-43890 – Windows AppX Installer Spoofing Vulnerability. This vulnerability allows an attacker to create a malicious package file and then modify it to look like a legitimate application and has been used to deliver Emotet malware, which made a comeback this year. This flaw requires the attacker to convince a user to open a malicious attachment, which would be conducted through a phishing attack.
CVE-2021-41333 – Windows Print Spooler Elevation of Privilege Vulnerability. It was issued a CVSS score of 7.8. The vulnerability has a low attack complexity.
CVE-2021-43880 — Windows Mobile Device Management Elevation of Privilege Vulnerability. This vulnerability allows local attackers to delete targeted files on a system.
CVE-2021-43883 — Windows Installer Elevation of Privilege Vulnerability. This vulnerability allows unauthorized privilege escalation.
CVE-2021-43893 — Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability.
CVE-2021-43215 — iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. The vulnerability targets the Internet Storage Name Service (iSNS) protocol. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, resulting in remote code execution.
CVE-2021-43217 — Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. This vulnerability targets Encrypting File System (EFS), where an attacker could cause a buffer overflow to write, leading to unauthenticated non-sandboxed code execution.
CVE-2021-43905 — Microsoft Office app Remote Code Execution Vulnerability. This is an unauthenticated Remote Code Execution vulnerability in the Microsoft Office app.
CVE-2021-43233 — Remote Desktop Client Remote Code Execution Vulnerability. This is a critical Remote Code Execution vulnerability included in the monthly rollup for Windows.
Microsoft security bulletin summary for December 2021
• Windows Media
• Microsoft Windows Codecs Library
• Microsoft Defender for IoT
• Internet Storage Name Service
• Microsoft Local Security Authority Server (lsasrv)
• Windows Encrypting File System (EFS)
• Windows DirectX
• Microsoft Message Queuing
• Windows Remote Access Connection Manager
• Windows Common Log File System Driver
• Azure Bot Framework SDK
• Windows Storage Spaces Controller
• Windows SymCrypt
• Windows NTFS
• Windows Event Tracing
• Remote Desktop Client
• Role: Windows Fax Service
• Windows Storage
• Windows Update Stack
• Windows Kernel
• Windows Digital TV Tuner
• Role: Windows Hyper-V
• Windows TCP/IP
• Office Developer Platform
• Microsoft Office
• ASP.NET Core & Visual Studio
• Visual Studio Code
• Microsoft Devices
• Windows Print Spooler Components
• Windows Mobile Device Management
• Windows Installer
• Microsoft PowerShell
Product: Microsoft Windows
CVEs/Advisory: CVE-2021-40441, CVE-2021-41333, CVE-2021-42297, CVE-2021-43207, CVE-2021-43211, CVE-2021-43215, CVE-2021-43216, CVE-2021-43217, CVE-2021-43219, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43228, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893
Impact: Spoofing, Denial of Service, Elevation of Privilege, Remote Code Execution, Security Feature Bypass
KBs: 5008206, 5008207, 5008210, 5008212, 5008215, 5008218, 5008223, 5008230, 5008244, 5008255, 5008263, 5008271, 5008274, 5008277, 5008282, 5008285
Product: Microsoft Office
CVEs/Advisory: CVE-2021-42293, CVE-2021-42295, CVE-2021-43255, CVE-2021-43256, CVE-2021-43875
Impact: Spoofing, Elevation of Privilege, Remote Code Execution
KBs: 4486726, 4504710, 4504745, 5002033, 5002099, 5002101, 5002103, 5002104
Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008, CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012, CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016, CVE-2021-38017, CVE-2021-38018, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021, CVE-2021-38022, CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068, CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102, CVE-2021-42308, CVE-2021-43220, CVE-2021-43221
Impact: Remote Code Execution, Memory corruption, Denial of Service
Product: Microsoft SharePoint
CVEs/Advisory: CVE-2021-42294, CVE-2021-42309, CVE-2021-42320, CVE-2021-43242
Impact: Remote Code Execution, Spoofing
KBs: 5002008, 5002015, 5002045, 5002047, 5002054, 5002055, 5002059, 5002061, 5002071