You are currently viewing Microsoft December 2021 Patch Tuesday Addresses 67 Vulnerabilities Including a Zero-Day Being Actively Exploited

Microsoft December 2021 Patch Tuesday Addresses 67 Vulnerabilities Including a Zero-Day Being Actively Exploited

  • Post author:
  • Reading time:12 mins read

Microsoft has released December 2021 Patch Tuesday security updates with a total of 67 Vulnerabilities, including a zero-day being actively exploited. Detected by a vulnerability scanning tool,  The products covered in December’s security update include Microsoft Edge, Azure, Microsoft Windows, Microsoft Office, Microsoft Excel, the Chromium-based Edge browser, Visual Studio Code, Windows Kernel, Print Spooler, Remote Desktop Client, etc.

The vulnerability for Windows AppX Installer (CVE-2021-43890) has been actively exploited. Auto patching can patch this CVE.

Zero-day Vulnerabilities

CVE-2021-43890Windows AppX Installer Spoofing Vulnerability. This vulnerability allows an attacker to create a malicious package file and then modify it to look like a legitimate application and has been used to deliver Emotet malware, which made a comeback this year. This flaw requires the attacker to convince a user to open a malicious attachment, which would be conducted through a phishing attack.

CVE-2021-41333Windows Print Spooler Elevation of Privilege Vulnerability. Also, It was issued a CVSS score of 7.8. The vulnerability has a low attack complexity.

CVE-2021-43880Windows Mobile Device Management Elevation of Privilege Vulnerability. Also, This vulnerability allows local attackers to delete targeted files on a system.

CVE-2021-43883Windows Installer Elevation of Privilege Vulnerability. Also, This vulnerability allows unauthorized privilege escalation.

CVE-2021-43893Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability.

Critical Vulnerabilities

Here are some critical vulnerabilities fixed by Patch Tuesday December 2021

CVE-2021-43215iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. The vulnerability targets the Internet Storage Name Service (iSNS) protocol. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server and then resulting in remote code execution.

CVE-2021-43217Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. Also This vulnerability targets Encrypting File System (EFS), where an attacker could cause a buffer overflow to write, leading to unauthenticated non-sandboxed code execution.

CVE-2021-43905Microsoft Office app Remote Code Execution Vulnerability. Also, This is an unauthenticated Remote Code Execution vulnerability in the Microsoft Office app.

CVE-2021-43233Remote Desktop Client Remote Code Execution Vulnerability. Also, This is a critical Remote Code Execution vulnerability included in the monthly rollup for Windows.

Microsoft security bulletin summary for December 2021

  1.  Windows Media
  2.  Microsoft Windows Codecs Library
  3.  Microsoft Defender for IoT
  4.  Internet Storage Name Service
  5. Microsoft Local Security Authority Server (lsasrv)
  6. Windows Encrypting File System (EFS)
  7. Windows DirectX
  8. Microsoft Message Queuing
  9. Windows Remote Access Connection Manager
  10. Windows Common Log File System Driver
  11. Azure Bot Framework SDK
  12. Windows Storage Spaces Controller
  13. Windows SymCrypt
  14. Windows NTFS
  15. Windows Event Tracing
  16.  Remote Desktop Client
  17. Role: Windows Fax Service
  18. Windows Storage
  19. Windows Update Stack
  20. Windows Kernel
  21. Windows Digital TV Tuner
  22. Role: Windows Hyper-V
  23. Windows TCP/IP
  24. Office Developer Platform
  25. Microsoft Office
  26. ASP.NET Core & Visual Studio
  27. Visual Studio Code
  28. Microsoft Devices
  29. Windows Print Spooler Components
  30. Windows Mobile Device Management
  31. Windows Installer
  32. Microsoft PowerShell

Products Affected

  1. Product: Microsoft Windows
    CVEs/Advisory: CVE-2021-40441, CVE-2021-41333, CVE-2021-42297, CVE-2021-43207, CVE-2021-43211, CVE-2021-43215, CVE-2021-43216, CVE-2021-43217, CVE-2021-43219, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43228, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893
    Impact: Spoofing, Denial of Service, Elevation of Privilege, Remote Code Execution, Security Feature Bypass
    KBs: 5008206, 5008207, 5008210, 5008212, 5008215, 5008218, 5008223, 5008230, 5008244, 5008255, 5008263, 5008271, 5008274, 5008277, 5008282, 5008285

2. Product: Microsoft Office
CVEs/Advisory: CVE-2021-42293, CVE-2021-42295, CVE-2021-43255, CVE-2021-43256, CVE-2021-43875
Impact: Spoofing, Elevation of Privilege, Remote Code Execution
KBs: 4486726, 4504710, 4504745, 5002033, 5002099, 5002101, 5002103, 5002104

3. Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008, CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012, CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016, CVE-2021-38017, CVE-2021-38018, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021, CVE-2021-38022, CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068, CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102, CVE-2021-42308, CVE-2021-43220 and then CVE-2021-43221
Impact: Remote Code Execution, Memory corruption and then Denial of Service

4. Product: Microsoft Excel
CVEs/Advisory: CVE-2021-43256
Impact: Remote Code Execution
KBs: 4486726, 4504710, 4504745, 5002033, 5002099, 5002101, 5002103, 5002104

5. Product: Microsoft SharePoint
CVEs/Advisory: CVE-2021-42294, CVE-2021-42309, CVE-2021-42320 and then CVE-2021-43242
Impact: Remote Code Execution, Spoofing
KBs: 5002008, 5002015, 5002045, 5002047, 5002054, 5002055, 5002059, 5002061, 5002071

Also, SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. However, Use SanerNow and keep your systems updated and secure.

Share this article