Microsoft Monthly Security Update (November 2021)
Last Update Date:
24 Nov 2021
Release Date:
10 Nov 2021
8155
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
Windows | High Risk | Elevation of Privilege Information Disclosure Remote Code Execution Denial of Service Security Restriction Bypass | [Updated on 2021-11-24] Proof Of Concept Exploit Code Is Publicly Available for CVE-2021-41379 |
Extended Security Updates (ESU) | Medium Risk | Information Disclosure Elevation of Privilege Remote Code Execution | |
Exchange Server | High Risk | Spoofing Remote Code Execution |
|
Developer Tools | Medium Risk | Remote Code Execution Elevation of Privilege | |
Microsoft Office | High Risk | Remote Code Execution Security Restriction Bypass |
|
SQL Server | Low Risk | Spoofing | |
Azure | Medium Risk | Data Manipulation Information Disclosure Elevation of Privilege | |
Microsoft Dynamics | Medium Risk | Remote Code Execution | |
Apps | Medium Risk | Remote Code Execution | |
Browser | Low Risk | Spoofing | |
System Center | Medium Risk | Remote Code Execution |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 3
Number of 'Medium Risk' product(s): 6
Number of 'Low Risk' product(s): 2
Evaluation of overall 'Risk Level': High Risk
[Updated on 2021-11-24]
- It was reported by security researcher that exploiting CVE-2021-41379 could trigger elevation of privilege on the targeted system. The patch released on Microsoft Patch Tuesday was not sufficient to remediate the vulnerability
- Proof of concept exploit code Is publicly available for CVE-2021-41379
- No patch is currently available for CVE-2021-41379
- Risk level for Windows has been escalated to high risk
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
- Data Manipulation
System / Technologies affected
- Windows
- Extended Security Updates (ESU)
- Exchange Server
- Developer Tools
- Microsoft Office
- SQL Server
- Azure
- Microsoft Dynamics
- Apps
- Browser
- System Center
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with