Home » Security Bloggers Network » VERT Threat Alert: November 2021 Patch Tuesday Analysis

VERT Threat Alert: November 2021 Patch Tuesday Analysis

by Tyler Reguly on November 9, 2021

Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th.

In-The-Wild & Disclosed CVEs

CVE-2021-42292

Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It is important to note that there may be multiple patches to apply to ensure you are fully protected against this vulnerability.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-42321

This vulnerability is the second to see active exploitation this month. A vulnerability in Exchange Server could allow for code execution. Microsoft has released a blog post with details on the update. The vulnerability itself requires that the attacker be authenticated and take advantage of improper validation of cmdlet arguments.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-38631

CVE-2021-38631 is the first of two vulnerabilities that could allow RDP client passwords to be disclosed to RDP server admins.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-41371

CVE-2021-41371 is the partner vulnerability to CVE-2021-38631, another vulnerability that could allow the RDP client passwords to be disclosed to RDP server admins.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-43208

The first of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.

Microsoft has rated this as Exploitation Less Likely on the latest (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/featured/vert-threat-alert-november-2021-patch-tuesday-analysis/