Dec 17, 2021
0 0

After Log4j, December’s Patch Tuesday has snuck up on us

Written by

We research. You level up.
Protect your devices, your data, and your privacy—at home or on the go.
“Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected.”
Featured Event: RSA 2021
Activate Malwarebytes Privacy on Windows device.
Save 25% on your first year of business protection now. See pricing >

Exploits and vulnerabilities
Posted: by
For anyone about to sit back after checking their environment for the Log4j vulnerabilities and applying patches where needed, here are some more things that need patching.
In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set of updates includes patches for six publicly known bugs and seven critical security vulnerabilities.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Let’s have a look at the most interesting ones that were patched in this Patch Tuesday update.
CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution vulnerability. Due to a flaw in the password reset request process, an attacker can reset someone else’s password. The attack may be launched remotely. No form of authentication is required for exploitation.
CVE-2021-43905 Microsoft Office app Remote Code Execution vulnerability. This vulnerability was rated 9.6 out of 10 on the CVSS vulnerability-severity scale, and Microsoft thinks it is likely to be exploited.
CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution vulnerability. This vulnerability was rated 9.8 out of 10 on the CVSS vulnerability-severity scale, even though Microsoft says it’s not likely to be exploited. You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Once installed, use the Update & security section of the app to download and install the latest firmware.
CVE-2021-43890  Windows AppX Installer Spoofing vulnerability. This vulnerability allows an attacker to create a malicious package file and then modify it to look like a legitimate application. We reported on this vulnerability being used in the wild by Emotet (among others).
CVE-2021-43883 Windows Installer Elevation of Privilege vulnerability. This is a patch to patch a bypassed patch in Windows Installer that was initially fixed in November. By exploiting this vulnerability, threat actors that already have limited access to compromised systems can elevate their privileges and use these privileges to spread laterally within a target network.
CVE-2021-43215 iSNS Server Memory Corruption vulnerability can lead to remote code execution (RCE). An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in an RCE. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients.
CVE-2021-43217 Windows Encrypting File System (EFS) Remote Code Execution vulnerability. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how EFS makes connections from client to server. When the second phase of Windows updates become available in Q1 2022, customers will be notified via a revision to the security vulnerability.
CVE-2021-41333 Windows Print Spooler Elevation of Privilege vulnerability. Exploit code for this vulnerability is available and the code works in most situations where the vulnerability exists., which makes it a priority to fix, even if we haven’t seen any attacks using this in the wild.
Apple has also published security updates. The update includes fixes for the remote jail-breaks that were demonstrated at the TianfuCup in October.
Apple has issued security updates for the WebKit in Safari 15.2 and for a total of 42 vulnerabilities in iOS 15.2 and iPadOS 15.2. Included in the patches were several security vulnerabilities that allowed anyone with physical access to a device to view contacts on a locked device, and to view stored passwords without authentication.
Other vendors that issued updates to keep an eye on were:
Stay safe, everyone!
December 6, 2021 – On Lock and Code this week, we talk to a Mac security expert about why Macs are clearly the best… or are they?
December 6, 2021 – iPhones of at least nine US State Department employees are said to have been hacked using the Pegasus spyware developed by the Israeli technology company, NSO Group.
A week in security
November 15, 2021 – A roundup of the previous week’s articles, and the most important and interesting security events and happenings.
Mac | Malwarebytes news
November 12, 2021 – It’s rare for Apple to walk back changes, but in October its new line of MacBook Pros did just that.
November 2, 2021 – Apple’s “also ran” browser might be the most important bulwark we have against a Google Chrome hegemony.

Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Silouette of person

See all threats
Threat Center

Malwarebytes Podcast

Book with bookmark

Suspicious person

Write for Malwarebytes Labs
Write for Labs

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
Imagine a world without malware. We do.
© All Rights Reserved
Select your language
Cybersecurity basics
Your intro to everything relating to cyberthreats, and how to stop them.


Article Categories:

Comments are closed.