Threat Update
Microsoft’s Patch Tuesday release for December 2021 comes with a Windows update that will apply patches for 67 different vulnerabilities. This update includes fixes for 7 critical vulnerabilities, and included fixes that prevented Denial of Service, Remote Code Execution, privilege escalation and spoofing attacks. Barracuda MSP recommends updating all Windows machines and services in order to apply these patches and remediate the vulnerabilities.
Technical Detail & Additional Information
WHAT IS THE THREAT?
There are 67 vulnerabilities that were patched with these recent Windows updates, which included 7 notable critical vulnerabilities.
- CVE-2021-43883 – Windows Installer Zero-Day: This vulnerability has a CVSS score of 7.8. If not patched, it could allow for unauthorized privlege escalation
- CVE-2021-43240 – Privilege Escalation Vulnerability: This vulnerability has a CVSS score of 7.8. It is publicly known as it has a POC exploit code availabe
- CVE-2021-43890 – Windows AppX Installer Spoofing Zero-Day: This vulnerability has a CVSS score of 7.1. This one is publicly known and has been exploited. It is being used to spread Emotet, Trickbot and Bazaloader malware families
- CVE-2021-41333 – Windows Print Spooler Privilege Escalation Vulnerability
- CVE-2021-43893 – Windows Encrypting File System Privlege Escalation Vulenrability
- CVE-2021-43880 – Windows Mobile Device Management Privlege Escalation Vulnerability: This vulnerability could allow attackers to delete targeted files on a system.
WHY IS IT NOTEWORTHY?
Microsoft products are used and trusted by thousands of individuals and businesses worldwide. Microsoft products and devices running the Windows operating system are integrated into everyday businesses worldwide. As a result of this widespread usage, attackers always target Microsoft and Windows devices due to the wide scope of potential targets. As demonstrated by the scale of these updates, security researchers are constantly searching for and discovering new exploits on these products. It is crucial to keep these devices updated regularly, since these patches are made specifically to prevent these vulnerabilities from being exploited.
WHAT IS THE EXPOSURE OR RISK?
All of the vulnerabilities/exploits patched by Microsoft this month, especially the ones detailed in this advisory, could pose a significant threat to users. They could potentially allow attackers to escalate privileges, bypass authentication or execute remote code, spoof installers, or launch other cyber attacks. These vulnerabilities open up the possibility for data leakage, denial of service attacks, complete system compromises, as well as other forms of damage. If exploited, these vulnerabilities could enable attackers to execute remote code and create or delete targeted files. Many companies rely on sensitive data stored on their Windows devices and services remaining private. In many cases, these devices and services are business critical and are needed to conduct everyday business. These vulnerabilities put these expectations at potential risk if they are exploited by attackers, so it is very important to ensure that the patches are applied as soon as possible.
WHAT ARE THE RECOMMENDATIONS?
Microsoft has released Windows updates which address all of these vulnerabilities. Barracuda MSP highly recommends downloading these updates, to allow for patches to be applied.
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
- https://securityaffairs.co/wordpress/125667/security/microsoft-december-2021-patch-tuesday.html
- https://www.zdnet.com/article/microsoft-december-2021-patch-tuesday-zero-day-exploited-to-spread-emotet-malware/
- https://krebsonsecurity.com/2021/12/microsoft-patch-tuesday-december-2021-edition/
If you have any questions, please contact our Security Operations Center.
