Description
Microsoft have released their December 2021 Patch Tuesday updates to fix 67 vulnerabilities which includes 7 Critical and 60 Important vulnerabilities. Successful exploitation of these vulnerabilities could result in Remote Code Execution (RCE), Denial of Service attacks (DoS) and Privilege Escalation.
Notable vulnerabilities:
CVE-2021-43240: NTFS Set Short Name Elevation of Privilege Vulnerability
CVE-2021-41333: Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-43880: Windows Mobile Device Management Elevation of Privilege Vulnerability
CVE-2021-43883: Windows Installer Elevation of Privilege Vulnerability
CVE-2021-43893: Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
CVE-2021-43890: Windows AppX Installer Spoofing zero-day vulnerability
Affected Products: Apps ASP.NET Core & Visual Studio Azure Bot Framework SDK BizTalk ESB Toolkit Internet Storage Name Service Microsoft Defender for IoT Microsoft Devices Microsoft Edge (Chromium-based) Microsoft Local Security Authority Server (lsasrv) Microsoft Message Queuing Microsoft Office Microsoft Office Access Microsoft Office Excel Microsoft Office SharePoint Microsoft PowerShell Microsoft Windows Codecs Library Office Developer Platform Remote Desktop Client Role: Windows Fax Service Role: Windows Hyper-V Visual Studio Code Visual Studio Code - WSL Extension Windows Common Log File System Driver Windows Digital TV Tuner Windows DirectX Windows Encrypting File System (EFS) Windows Event Tracing Windows Installer Windows Kernel Windows Media Windows Mobile Device Management Windows NTFS Windows Print Spooler Components Windows Remote Access Connection Manager Windows Storage Windows Storage Spaces Controller Windows SymCrypt Windows TCP/IP Windows Update Stack
Recommendation
Permanent Fix:
1. Keep applications and operating systems running at the current released patch level.
2. Run software with the least privileges.
Reference URL:
https://msrc.microsoft.com/update-guide
Comments