Microsoft Patch Tuesday, November 2021 Version – Krebs on Safety


Microsoft Corp. right now launched updates to quash not less than 55 safety bugs in its Home windows working methods and different software program. Two of the patches handle vulnerabilities which are already being utilized in energetic assaults on-line, and 4 of the issues have been disclosed publicly earlier than right now — doubtlessly giving adversaries a head begin in determining how one can exploit them.

Among the many zero-day bugs is CVE-2021-42292, a “safety function bypass” drawback with Microsoft Excel variations 2013-2021 that might enable attackers to put in malicious code simply by convincing somebody to open a booby-trapped Excel file (Microsoft says Mac variations of Workplace are additionally affected, however a number of locations are reporting that Workplace for Mac safety updates aren’t obtainable but).

Microsoft’s revised, extra sparse safety advisories don’t provide a lot element on what precisely is being bypassed in Excel with this flaw. However Dustin Childs over at Development Micro’s Zero Day Initiative says the vulnerability is probably going as a consequence of loading code that ought to be restricted by a consumer immediate — similar to a warning about exterior content material or scripts — however for no matter motive that immediate doesn’t seem, thus bypassing the safety function.

The opposite crucial flaw patched right now that’s already being exploited within the wild is CVE-2021-42321, yet one more zero-day in Microsoft Trade Server. You could recall that earlier this 12 months a majority of the world’s organizations working Microsoft Trade Servers have been hit with 4 zero-day assaults that allow thieves set up backdoors and siphon e mail.

As Trade zero-days go, CVE-2021-42321 seems considerably gentle by comparability. Not like the 4 zero-days concerned within the mass compromise of Trade Server methods earlier this 12 months, CVE-2021-42321 requires the attacker to be already authenticated to the goal’s system. Microsoft has printed a weblog put up/FAQ in regards to the Trade zero-day right here.

Two of the vulnerabilities that have been disclosed previous to right now’s patches are CVE-2021-38631 and CVE-2021-41371. Each contain weaknesses in Microsoft’s Distant Desktop Protocol (RDP, Home windows’ built-in distant administration device) working on Home windows 7 via Home windows 11 methods, and on Home windows Server 2008-2019 methods. The issues let an attacker view the RDP password for the weak system.

“Given the curiosity that cybercriminals — particularly ransomware preliminary entry brokers — have in RDP, it’s probably that it will likely be exploited sooner or later,” mentioned Allan Liska, senior safety architect at Recorded Future.

Liska notes this month’s patch batch additionally brings us CVE-2021-38666, which is a Distant Code Execution vulnerability within the Home windows RDP Shopper.

“It is a critical vulnerability, labeled crucial by Microsoft,” Liska added. “In its Exploitability Evaluation part Microsoft has labelled this vulnerability ‘Exploitation Extra Possible.’ This vulnerability impacts Home windows 7 – 11 and Home windows Server 2008 – 2019 and ought to be a excessive precedence for patching.”

For many Home windows dwelling customers, making use of safety updates isn’t an enormous deal. By default, Home windows checks for obtainable updates and is pretty persistent in asking you to put in them and reboot, and so on. It’s a good suggestion to get within the behavior of patching on a month-to-month foundation, ideally inside a number of days of patches being launched.

However please don’t neglect to backup your necessary recordsdata — earlier than patching if attainable. Home windows 10 has some built-in instruments that can assist you try this, both on a per-file/folder foundation or by making a whole and bootable copy of your arduous drive abruptly. There are additionally a lot of glorious third-party merchandise that make it straightforward to duplicate your whole arduous drive frequently, so {that a} latest, working picture of the system is at all times obtainable for restore.

And in the event you want to guarantee Home windows has been set to pause updating so you may again up your recordsdata and/or system earlier than the working system decides to reboot and set up patches by itself schedule, see this information.

In case you expertise any glitches or issues putting in patches this month, please take into account leaving a remark about it under; there’s a better-than-even  probability different readers have skilled the identical and will provide helpful ideas or recommendations.

Additional studying:

SANS Web Storm Heart has a rundown on every of the 55 patches launched right now, listed by exploitability and severity, with hyperlinks to every advisory.