Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability.

Microsoft December 2021 Patch Tuesday addressed 67 vulnerabilities in Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management, Windows Remote Access Connection Manager, TCP/IP, and the Windows Update Stack.

Below is the vulnerabilities addressed by Microsoft:

21 Elevation of Privilege Vulnerabilities26 Remote Code Execution Vulnerabilities10 Information Disclosure Vulnerabilities3 Denial of Service Vulnerabilities7 Spoofing VulnerabilitiesSeven of the issues addressed by Microsoft are rated as critical, while the remaining ones are rated as Important in severity. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890, is under active exploitation.

“We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader.” reads the advisory published by Microsoft.

An attacker could exploit the vulnerability by tricking the victims into opening a specially crafted attachment sent via phishing messages.

The other zero-day vulnerabilities addressed by the company as part of the December 2021 Patch Tuesday are:

CVE-2021-43240 – NTFS Set Short Name Elevation of Privilege VulnerabilityCVE-2021-41333 – Windows Print Spooler Elevation of Privilege VulnerabilityCVE-2021-43880 – Windows Mobile Device Management Elevation of Privilege VulnerabilityCVE-2021-43883 – Windows Installer Elevation of Privilege VulnerabilityCVE-2021-43893 – Windows Encrypting File System (EFS) Elevation of Privilege VulnerabilityThe full list of vulnerabilities addressed by Microsoft is available here:

CVETitleSeverityCVSSPublicExploitedTypeCVE-2021-43890Windows AppX Installer Spoofing VulnerabilityImportant7.1YesYesSpoofingCVE-2021-43240NTFS Set Short Name Elevation of Privilege VulnerabilityImportant7.8YesNoEoPCVE-2021-43893Windows Encrypting File System (EFS) Elevation of Privilege VulnerabilityImportant7.5YesNoEoPCVE-2021-43883Windows Installer Elevation of Privilege VulnerabilityImportant7.1YesNoEoPCVE-2021-43880Windows Mobile Device Management Elevation of Privilege VulnerabilityImportant5.5YesNoEoPCVE-2021-41333Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.8YesNoEoPCVE-2021-43215iSNS Server Remote Code Execution VulnerabilityCritical9.8NoNoRCECVE-2021-43899Microsoft 4K Wireless Display Adapter Remote Code Execution VulnerabilityCritical9.8NoNoRCECVE-2021-42310Microsoft Defender for IoT Remote Code Execution VulnerabilityCritical8.1NoNoRCECVE-2021-43905Microsoft Office app Remote Code Execution VulnerabilityCritical9.6NoNoRCECVE-2021-43233Remote Desktop Client Remote Code Execution VulnerabilityCritical7NoNoRCECVE-2021-43907Visual Studio Code WSL Extension Remote Code Execution VulnerabilityCritical9.8NoNoRCECVE-2021-43217Windows Encrypting File System (EFS) Remote Code Execution VulnerabilityCritical8.1NoNoRCECVE-2021-43877ASP.NET Core and Visual Studio Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43225Bot Framework SDK Remote Code Execution VulnerabilityImportant7.5NoNoRCECVE-2021-43219DirectX Graphics Kernel File Denial of Service VulnerabilityImportant7.4NoNoDoSCVE-2021-40452HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-40453HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-41360HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-43892Microsoft BizTalk ESB Toolkit Spoofing VulnerabilityImportant7.1NoNoSpoofingCVE-2021-42312Microsoft Defender for IOT Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43888Microsoft Defender for IoT Information Disclosure VulnerabilityImportant7.5NoNoInfoCVE-2021-41365Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant8.8NoNoRCECVE-2021-42311Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant8.8NoNoRCECVE-2021-42313Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant8.8NoNoRCECVE-2021-42314Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant8.8NoNoRCECVE-2021-42315Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant8.8NoNoRCECVE-2021-43882Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant9NoNoRCECVE-2021-43889Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant7.2NoNoRCECVE-2021-43256Microsoft Excel Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-42293Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege VulnerabilityImportant6.5NoNoEoPCVE-2021-43216Microsoft Local Security Authority Server (lsasrv) Information Disclosure VulnerabilityImportant6.5NoNoInfoCVE-2021-43222Microsoft Message Queuing Information Disclosure VulnerabilityImportant7.5NoNoInfoCVE-2021-43236Microsoft Message Queuing Information Disclosure VulnerabilityImportant7.5NoNoInfoCVE-2021-43875Microsoft Office Graphics Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-43255Microsoft Office Trust Center Spoofing VulnerabilityImportant5.5NoNoSpoofingCVE-2021-43896Microsoft PowerShell Spoofing VulnerabilityImportant5.5NoNoSpoofingCVE-2021-42294Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant7.2NoNoRCECVE-2021-42309Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant8.8NoNoRCECVE-2021-42320Microsoft SharePoint Server Spoofing VulnerabilityImportant8NoNoSpoofingCVE-2021-43242Microsoft SharePoint Server Spoofing VulnerabilityImportant7.6NoNoSpoofingCVE-2021-43227Storage Spaces Controller Information Disclosure VulnerabilityImportant5.5NoNoInfoCVE-2021-43235Storage Spaces Controller Information Disclosure VulnerabilityImportant5.5NoNoInfoCVE-2021-43228SymCrypt Denial of Service VulnerabilityImportant7.5NoNoDoSCVE-2021-42295Visual Basic for Applications Information Disclosure VulnerabilityImportant5.5NoNoInfoCVE-2021-43891Visual Studio Code Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-43908Visual Studio Code Spoofing VulnerabilityImportantN/ANoNoSpoofingCVE-2021-43243VP9 Video Extensions Information Disclosure VulnerabilityImportant5.5NoNoInfoCVE-2021-43214Web Media Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-43207Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43226Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43224Windows Common Log File System Driver Information Disclosure VulnerabilityImportant5.5NoNoInfoCVE-2021-43248Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43245Windows Digital TV Tuner Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43232Windows Event Tracing Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-43234Windows Fax Service Remote Code Execution VulnerabilityImportant7.8NoNoRCECVE-2021-43246Windows Hyper-V Denial of Service VulnerabilityImportant5.6NoNoDoSCVE-2021-43244Windows Kernel Information Disclosure VulnerabilityImportant6.5NoNoInfoCVE-2021-40441Windows Media Center Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43229Windows NTFS Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43230Windows NTFS Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43231Windows NTFS Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43239Windows Recovery Environment Agent Elevation of Privilege VulnerabilityImportant7.1NoNoEoPCVE-2021-43223Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43238Windows Remote Access Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43237Windows Setup Elevation of Privilege VulnerabilityImportant7.8NoNoEoPCVE-2021-43247Windows TCP/IP Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP* CVE-2021-4052Chromium: CVE-2021-4052 Use after free in web appsHighN/ANoNoRCE* CVE-2021-4053Chromium: CVE-2021-4053 Use after free in UIHighN/ANoNoRCE* CVE-2021-4054Chromium: CVE-2021-4054 Incorrect security UI in autofillHighN/ANoNoRCE* CVE-2021-4055Chromium: CVE-2021-4055 Heap buffer overflow in extensionsHighN/ANoNoRCE* CVE-2021-4056Chromium: CVE-2021-4056: Type Confusion in loaderHighN/ANoNoRCE* CVE-2021-4057Chromium: CVE-2021-4057 Use after free in file APIHighN/ANoNoRCE* CVE-2021-4058Chromium: CVE-2021-4058 Heap buffer overflow in ANGLEHighN/ANoNoRCE* CVE-2021-4059Chromium: CVE-2021-4059 Insufficient data validation in loaderHighN/ANoNoRCE* CVE-2021-4061Chromium: CVE-2021-4061 Type Confusion in V8HighN/ANoNoRCE* CVE-2021-4062Chromium: CVE-2021-4062 Heap buffer overflow in BFCacheHighN/ANoNoRCE* CVE-2021-4063Chromium: CVE-2021-4063 Use after free in developer toolsHighN/ANoNoRCE* CVE-2021-4064Chromium: CVE-2021-4064 Use after free in screen captureHighN/ANoNoRCE* CVE-2021-4065Chromium: CVE-2021-4065 Use after free in autofillHighN/ANoNoRCE* CVE-2021-4066Chromium: CVE-2021-4066 Integer underflow in ANGLEHighN/ANoNoRCE* CVE-2021-4067Chromium: CVE-2021-4067 Use after free in window managerHighN/ANoNoRCE* CVE-2021-4068Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab pageLowN/ANoNoSpoofing

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft December 2021 Patch Tuesday)

The post Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day appeared first on Security Affairs.