Microsoft November 2021 Patch Tuesday fixes 55 flaws, 6 zero-days

Posted byrafaelitPosted inExchange Server, microsoft, Remote, Security, windowsTags:, , ,

Microsoft has fixed 55 vulnerabilities with today’s update (November 2021), with six classified as Critical and 49 as Important. The number of each type of vulnerability is listed below:

  • 20 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 15 Remote Code Execution vulnerabilities
  • 10 Information Disclosure vulnerabilities
  • 3 Denial of Service vulnerabilities
  • 4 Spoofing vulnerabilities

The six critical vulnerabilities include:

  • CVE-2021-42279, a memory corruption issue in the Chakra scripting engine used in Microsoft Edge browsers (CVSS 4.2).
  • CVE-2021-42298, a vulnerability in Microsoft Defender (CVSS 7.8).
  • CVE-2021-42316, a vulnerability in Microsoft Dynamics 365 for on-premises environments (CVSS 8.7).
  • CVE-2021-26443, a vulnerability in the Microsoft Virtual Machine Bus (CVSS 9).
  • CVE-2021-3711, a vulnerability in OpenSSL (CVSS 9.8).
  • CVE-2021-38666, a vulnerability in client machines using RDP when attackers have control of a Remote Desktop Server.

The Exploited
The two CVEs getting used in attacks are CVE-2021-42321, an Important vulnerability in Microsoft Exchange Server that can lead to remote code execution (RCE) attacks, and CVE-2021-42292, an Important vulnerability in Excel that bypasses security protections.

The Exchange Server vulnerability, with a Common Vulnerability Scoring System (CVSS) ranking of 8.8 out of 10, requires the attacker to be authenticated on a system, but it’s an active threat. Organizations should patch it “as soon as possible,” said Satnam Narang, a staff research engineer at security solutions firm Tenable, in released comments. It’s yet another Exchange Server problem to address.

Exchange Security Update installation

These updates are available for the following specific builds of Exchange Server:

Exchange Server 2013 CU23

Exchange Server 2016 CU21 and CU22

Exchange Server 2019 CU10 and CU11

Two update paths are available:

thumbnail image 1 of blog post titled Released: November 2021 Exchange Server Security Updates

To check to see if exploit was attempted on our servers :

Run the following PowerShell query on your Exchange server to check for specific events in the Event Log:

Get-EventLog -LogName Application -Source “MSExchange Common” -EntryType Error | Where-Object { $_.Message -like “*BinaryFormatter.Deserialize*” }

If events are found, please work with your Security Response team to analyze the server further.

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169

SHMUEL H.

Leave a Reply

Discover more from Rafael IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading