Microsoft Monthly Security Update (November 2021)

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Windows	High Risk	Elevation of Privilege Information Disclosure Remote Code Execution Denial of Service Security Restriction Bypass	[Updated on 2021-11-24] Proof Of Concept Exploit Code Is Publicly Available for CVE-2021-41379
Extended Security Updates (ESU)	Medium Risk	Information Disclosure Elevation of Privilege Remote Code Execution
Exchange Server	High Risk	Spoofing Remote Code Execution	CVE-2021-42321 is being explioted in the wild To exploit this vulnerability, an attacker would need to be authenticated to a vulnerable Exchange Server
Developer Tools	Medium Risk	Remote Code Execution Elevation of Privilege
Microsoft Office	High Risk	Remote Code Execution Security Restriction Bypass	CVE-2021-42292  is being explioted in the wild For exploitation to occur, the victim would need to open a malicious Excel document
SQL Server	Low Risk	Spoofing
Azure	Medium Risk	Data Manipulation Information Disclosure Elevation of Privilege
Microsoft Dynamics	Medium Risk	Remote Code Execution
Apps	Medium Risk	Remote Code Execution
Browser	Low Risk	Spoofing
System Center	Medium Risk	Remote Code Execution

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 3

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': High Risk

[Updated on 2021-11-24] 

• It was reported by security researcher that exploiting CVE-2021-41379 could trigger elevation of privilege on the targeted system. The patch released on Microsoft Patch Tuesday was not sufficient to remediate the vulnerability
• Proof of concept exploit code Is publicly available for CVE-2021-41379
• No patch is currently available for CVE-2021-41379
• Risk level for Windows has been escalated to high risk