Skip to main content

Microsoft Monthly Security Update (November 2021)

Last Update Date: 24 Nov 2021 Release Date: 10 Nov 2021 8155 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
WindowsHigh Risk High RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Denial of Service
Security Restriction Bypass
[Updated on 2021-11-24] Proof Of Concept Exploit Code Is Publicly Available for CVE-2021-41379
Extended Security Updates (ESU)Medium Risk Medium RiskInformation Disclosure
Elevation of Privilege
Remote Code Execution
 
Exchange ServerHigh Risk High RiskSpoofing
Remote Code Execution
  • CVE-2021-42321 is being explioted in the wild
  • To exploit this vulnerability, an attacker would need to be authenticated to a vulnerable Exchange Server
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
 
Microsoft OfficeHigh Risk High RiskRemote Code Execution
Security Restriction Bypass
  • CVE-2021-42292  is being explioted in the wild
  • For exploitation to occur, the victim would need to open a malicious Excel document
SQL ServerLow Risk Low RiskSpoofing 
AzureMedium Risk Medium RiskData Manipulation
Information Disclosure
Elevation of Privilege
 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution 
AppsMedium Risk Medium RiskRemote Code Execution 
BrowserLow Risk Low RiskSpoofing 
System CenterMedium Risk Medium RiskRemote Code Execution 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 3

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': High Risk

 

[Updated on 2021-11-24] 

  • It was reported by security researcher that exploiting CVE-2021-41379 could trigger elevation of privilege on the targeted system. The patch released on Microsoft Patch Tuesday was not sufficient to remediate the vulnerability
  • Proof of concept exploit code Is publicly available for CVE-2021-41379
  • No patch is currently available for CVE-2021-41379
  • Risk level for Windows has been escalated to high risk

Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • Windows
  • Extended Security Updates (ESU)
  • Exchange Server
  • Developer Tools
  • Microsoft Office
  • SQL Server
  • Azure
  • Microsoft Dynamics
  • Apps
  • Browser
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link