You are currently viewing Microsoft December 2021 Patch Tuesday Addresses 67 Vulnerabilities Including a Zero-Day Being Actively Exploited

Microsoft December 2021 Patch Tuesday Addresses 67 Vulnerabilities Including a Zero-Day Being Actively Exploited

Microsoft has released December Patch Tuesday security updates with a total of 67 Vulnerabilities, including a zero-day being actively exploited. The products covered in December’s security update include Microsoft Edge, Azure, Microsoft Windows, Microsoft Office, Microsoft Excel, the Chromium-based Edge browser, Visual Studio Code, Windows Kernel, Print Spooler, Remote Desktop Client, etc.

The vulnerability for Windows AppX Installer (CVE-2021-43890) has been actively exploited.


Zero-day Vulnerabilities

CVE-2021-43890Windows AppX Installer Spoofing Vulnerability. This vulnerability allows an attacker to create a malicious package file and then modify it to look like a legitimate application and has been used to deliver Emotet malware, which made a comeback this year. This flaw requires the attacker to convince a user to open a malicious attachment, which would be conducted through a phishing attack.

CVE-2021-41333Windows Print Spooler Elevation of Privilege Vulnerability. It was issued a CVSS score of 7.8. The vulnerability has a low attack complexity.

CVE-2021-43880Windows Mobile Device Management Elevation of Privilege Vulnerability. This vulnerability allows local attackers to delete targeted files on a system.

CVE-2021-43883Windows Installer Elevation of Privilege Vulnerability. This vulnerability allows unauthorized privilege escalation.

CVE-2021-43893Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability.


Critical Vulnerabilities

CVE-2021-43215iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. The vulnerability targets the Internet Storage Name Service (iSNS) protocol. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, resulting in remote code execution.

CVE-2021-43217Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. This vulnerability targets Encrypting File System (EFS), where an attacker could cause a buffer overflow to write, leading to unauthenticated non-sandboxed code execution.

CVE-2021-43905Microsoft Office app Remote Code Execution Vulnerability. This is an unauthenticated Remote Code Execution vulnerability in the Microsoft Office app.

CVE-2021-43233Remote Desktop Client Remote Code Execution Vulnerability. This is a critical Remote Code Execution vulnerability included in the monthly rollup for Windows.


Microsoft security bulletin summary for December 2021

• Windows Media
• Microsoft Windows Codecs Library
• Microsoft Defender for IoT
• Internet Storage Name Service
• Microsoft Local Security Authority Server (lsasrv)
• Windows Encrypting File System (EFS)
• Windows DirectX
• Microsoft Message Queuing
• Windows Remote Access Connection Manager
• Windows Common Log File System Driver
• Azure Bot Framework SDK
• Windows Storage Spaces Controller
• Windows SymCrypt
• Windows NTFS
• Windows Event Tracing
• Remote Desktop Client
• Role: Windows Fax Service
• Windows Storage
• Windows Update Stack
• Windows Kernel
• Windows Digital TV Tuner
• Role: Windows Hyper-V
• Windows TCP/IP
• Office Developer Platform
• Microsoft Office
• ASP.NET Core & Visual Studio
• Visual Studio Code
• Microsoft Devices
• Windows Print Spooler Components
• Windows Mobile Device Management
• Windows Installer
• Microsoft PowerShell


Product: Microsoft Windows
CVEs/Advisory: CVE-2021-40441, CVE-2021-41333, CVE-2021-42297, CVE-2021-43207, CVE-2021-43211, CVE-2021-43215, CVE-2021-43216, CVE-2021-43217, CVE-2021-43219, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43228, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893
Impact: Spoofing, Denial of Service, Elevation of Privilege, Remote Code Execution, Security Feature Bypass
KBs: 5008206, 5008207, 5008210, 5008212, 5008215, 5008218, 5008223, 5008230, 5008244, 5008255, 5008263, 5008271, 5008274, 5008277, 5008282, 5008285


Product: Microsoft Office
CVEs/Advisory: CVE-2021-42293, CVE-2021-42295, CVE-2021-43255, CVE-2021-43256, CVE-2021-43875
Impact: Spoofing, Elevation of Privilege, Remote Code Execution
KBs: 4486726, 4504710, 4504745, 5002033, 5002099, 5002101, 5002103, 5002104


Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008, CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012, CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016, CVE-2021-38017, CVE-2021-38018, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021, CVE-2021-38022, CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068, CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102, CVE-2021-42308, CVE-2021-43220, CVE-2021-43221
Impact: Remote Code Execution, Memory corruption, Denial of Service


Product: Microsoft Excel
CVEs/Advisory: CVE-2021-43256
Impact: Remote Code Execution
KBs: 4486726, 4504710, 4504745, 5002033, 5002099, 5002101, 5002103, 5002104


Product: Microsoft SharePoint
CVEs/Advisory: CVE-2021-42294, CVE-2021-42309, CVE-2021-42320, CVE-2021-43242
Impact: Remote Code Execution, Spoofing
KBs: 5002008, 5002015, 5002045, 5002047, 5002054, 5002055, 5002059, 5002061, 5002071


SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments