Microsoft delivered Patch Tuesday for the month of November which fixes 55 flaws, including 6 zero-day flaws. Two of them are actively exploited.
A relatively light but dense month. This is how we can summarize Patch Tuesday for the month of November. Indeed, Microsoft has corrected 55 vulnerabilities including 6 zero-day flaws. The breaches are in Windows (including Windows 11) and its components, Azure, RTOS, Sphere; Dynamics, Edge (Chromium-based), Exchange Server, Office, Windows Hyper-V, Windows Defender and Visual Studio.
In this catalog, experts urge companies to prioritize fixes for Exchange and Excel. CVE-2021-42321 addresses issues validating command-let (cmdlet) arguments, commands used in the PowerShell environment. They are invoked by the PowerShell runtime as part of automation scripts provided on the command line or invoked programmatically by PowerShell via APIs. The severity of the flaw is 8.8 but as stated by Satnam Narang, engineer at Tenable, “an attacker must be authenticated, which limits some of the impact of the vulnerability”. For its part, Microsoft says it is aware of “targeted and limited” attacks and has published a blog post on the modus operandi.
Emergency Excel and Windows Defender Fix
Another critical flaw that needs to be fixed urgently is CVE-2021-42292, which bypasses a security feature in Excel for Windows and MacOS. It could execute code when a specially crafted file is opened. This flaw was discovered by MSTIC (Microsoft’s Intel Threat Center) which specifies that it is also currently being actively exploited. According to Trend Micro’s ZDI (Zero Day Initiative), “The problem is most likely caused by loading code that was supposed to be behind a prompt, but for some reason that prompt doesn’t appear, bypassing this feature of security “. The severity score is 7.8 and note that the update only affects Windows systems. Those for Office on Mac are not yet available.
Still in the list of priorities for system administrators, the CVE-2021-42298 flaw affects Windows Defender. A breach deemed critical and not to be taken lightly by security experts. “This CVE should be a priority for all companies,” said Danny Kim, Principal Architect at Virsec in a statement. Microsoft recalls that Windows Defender works on all versions of Windows, so the attack surface increases sharply. The analyst clarifies that “this CVE requires user interaction, however, attackers can use social engineering and phishing to easily obtain this interaction”.