Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2021/12/14/patch-tuesday-december-2021/

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228. In today’s security release, Microsoft issued fixes for 83 vulnerabilities across an array of products — including a fix for Windows Defender for IoT, which is vulnerable to CVE-2021-44228 amongst seven other remote code execution (RCE) vulnerabilities (the cloud service is not affected). Six CVEs in the bulletin have been publicly disclosed; the only vulnerability noted as being exploited in the wild in this month’s release is CVE-2021-43890, a Windows AppX Installer spoofing bug that may aid in social engineering attacks and has evidently been used in Emotet malware campaigns.

Interestingly, this round of fixes also includes CVE-2021-43883, a Windows Installer privilege escalation bug whose advisory is sparse despite the fact that it appears to affect all supported versions of Windows. While there’s no indication in the advisory that the two vulnerabilities are related, CVE-2021-43883 looks an awful lot like the fix for a zero-day vulnerability that made a splash in the security community last month after proof-of-concept exploit code was released and in-the-wild attacks began. The zero-day vulnerability, which researchers hypothesized was a patch bypass for CVE-2021-41379, allowed low-privileged attackers to overwrite protected files and escalate to SYSTEM. Rapid7’s vulnerability research team did a full root cause analysis of the bug as attacks ramped up in November.

As usual, RCE flaws figure prominently in the “Critical”-rated CVEs this month. In addition to Windows Defender for IoT, critical RCE bugs were fixed this month in Microsoft Office, Microsoft Devices, Internet Storage Name Service (iSNS), and the WSL extension for Visual Studio Code. Given the outsized risk presented by most vulnerable implementations of Log4Shell, administrators should prioritize patches for any products affected by CVE-2021-44228. Past that, put critical server-side and OS RCE patches at the top of your list, and we’d advise sneaking in the fix for CVE-2021-43883 despite its lower severity rating.

Summary charts

Summary tables

Apps Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-43890	Windows AppX Installer Spoofing Vulnerability	Yes	Yes	7.1	Yes
CVE-2021-43905	Microsoft Office app Remote Code Execution Vulnerability	No	No	9.6	Yes

Browser Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-4068	Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page	No	No	N/A	Yes
CVE-2021-4067	Chromium: CVE-2021-4067 Use after free in window manager	No	No	N/A	Yes
CVE-2021-4066	Chromium: CVE-2021-4066 Integer underflow in ANGLE	No	No	N/A	Yes
CVE-2021-4065	Chromium: CVE-2021-4065 Use after free in autofill	No	No	N/A	Yes
CVE-2021-4064	Chromium: CVE-2021-4064 Use after free in screen capture	No	No	N/A	Yes
CVE-2021-4063	Chromium: CVE-2021-4063 Use after free in developer tools	No	No	N/A	Yes
CVE-2021-4062	Chromium: CVE-2021-4062 Heap buffer overflow in BFCache	No	No	N/A	Yes
CVE-2021-4061	Chromium: CVE-2021-4061 Type Confusion in V8	No	No	N/A	Yes
CVE-2021-4059	Chromium: CVE-2021-4059 Insufficient data validation in loader	No	No	N/A	Yes
CVE-2021-4058	Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE	No	No	N/A	Yes
CVE-2021-4057	Chromium: CVE-2021-4057 Use after free in file API	No	No	N/A	Yes
CVE-2021-4056	Chromium: CVE-2021-4056: Type Confusion in loader	No	No	N/A	Yes
CVE-2021-4055	Chromium: CVE-2021-4055 Heap buffer overflow in extensions	No	No	N/A	Yes
CVE-2021-4054	Chromium: CVE-2021-4054 Incorrect security UI in autofill	No	No	N/A	Yes
CVE-2021-4053	Chromium: CVE-2021-4053 Use after free in UI	No	No	N/A	Yes
CVE-2021-4052	Chromium: CVE-2021-4052 Use after free in web apps	No	No	N/A	Yes

Developer Tools Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-43907	Visual Studio Code WSL Extension Remote Code Execution Vulnerability	No	No	9.8	No
CVE-2021-43908	Visual Studio Code Spoofing Vulnerability	No	No	nan	No
CVE-2021-43891	Visual Studio Code Remote Code Execution Vulnerability	No	No	7.8	No
CVE-2021-43896	Microsoft PowerShell Spoofing Vulnerability	No	No	5.5	No
CVE-2021-43892	Microsoft BizTalk ESB Toolkit Spoofing Vulnerability	No	No	7.4	No
CVE-2021-43225	Bot Framework SDK Remote Code Execution Vulnerability	No	No	7.5	No
CVE-2021-43877	ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability	No	No	7.8	No

Device Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-43899	Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability	No	No	9.8	Yes

Microsoft Office Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-42295	Visual Basic for Applications Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2021-42320	Microsoft SharePoint Server Spoofing Vulnerability	No	No	8	Yes
CVE-2021-43242	Microsoft SharePoint Server Spoofing Vulnerability	No	No	7.6	No
CVE-2021-42309	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2021-42294	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	7.2	Yes
CVE-2021-43255	Microsoft Office Trust Center Spoofing Vulnerability	No	No	5.5	Yes
CVE-2021-43875	Microsoft Office Graphics Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2021-42293	Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability	No	No	6.5	Yes
CVE-2021-43256	Microsoft Excel Remote Code Execution Vulnerability	No	No	7.8	Yes

System Center Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-43882	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	9	Yes
CVE-2021-42311	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2021-42313	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2021-42314	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2021-42315	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2021-41365	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2021-42310	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	8.1	Yes
CVE-2021-43889	Microsoft Defender for IoT Remote Code Execution Vulnerability	No	No	7.2	Yes
CVE-2021-43888	Microsoft Defender for IoT Information Disclosure Vulnerability	No	No	7.5	Yes
CVE-2021-42312	Microsoft Defender for IOT Elevation of Privilege Vulnerability	No	No	7.8	Yes

Windows Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-43247	Windows TCP/IP Driver Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43237	Windows Setup Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43239	Windows Recovery Environment Agent Elevation of Privilege Vulnerability	No	No	7.1	No
CVE-2021-43231	Windows NTFS Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43880	Windows Mobile Device Management Elevation of Privilege Vulnerability	No	Yes	5.5	Yes
CVE-2021-43244	Windows Kernel Information Disclosure Vulnerability	No	No	6.5	Yes
CVE-2021-43246	Windows Hyper-V Denial of Service Vulnerability	No	No	5.6	No
CVE-2021-43232	Windows Event Tracing Remote Code Execution Vulnerability	No	No	7.8	No
CVE-2021-43248	Windows Digital Media Receiver Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43214	Web Media Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2021-43243	VP9 Video Extensions Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2021-43228	SymCrypt Denial of Service Vulnerability	No	No	7.5	No
CVE-2021-43227	Storage Spaces Controller Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2021-43235	Storage Spaces Controller Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2021-43240	NTFS Set Short Name Elevation of Privilege Vulnerability	No	Yes	7.8	No
CVE-2021-40452	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2021-40453	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2021-41360	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2021-43219	DirectX Graphics Kernel File Denial of Service Vulnerability	No	No	7.4	No

Windows ESU Vulnerabilities

CVE	Vulnerability Title	Exploited	Publicly Disclosed?	CVSSv3	Has FAQ?
CVE-2021-43215	iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution	No	No	9.8	Yes
CVE-2021-43238	Windows Remote Access Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43223	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-41333	Windows Print Spooler Elevation of Privilege Vulnerability	No	Yes	7.8	No
CVE-2021-43229	Windows NTFS Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43230	Windows NTFS Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-40441	Windows Media Center Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43883	Windows Installer Elevation of Privilege Vulnerability	No	Yes	7.8	No
CVE-2021-43234	Windows Fax Service Remote Code Execution Vulnerability	No	No	7.8	No
CVE-2021-43217	Windows Encrypting File System (EFS) Remote Code Execution Vulnerability	No	No	8.1	Yes
CVE-2021-43893	Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability	No	Yes	7.5	No
CVE-2021-43245	Windows Digital TV Tuner Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43224	Windows Common Log File System Driver Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2021-43226	Windows Common Log File System Driver Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43207	Windows Common Log File System Driver Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2021-43233	Remote Desktop Client Remote Code Execution Vulnerability	No	No	7.5	No
CVE-2021-43222	Microsoft Message Queuing Information Disclosure Vulnerability	No	No	7.5	Yes
CVE-2021-43236	Microsoft Message Queuing Information Disclosure Vulnerability	No	No	7.5	Yes
CVE-2021-43216	Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability	No	No	6.5	Yes