After Log4j, December's Patch Tuesday has snuck up on us | Malwarebytes Labs - 必威官方登录备用,必威官网多少,必威唯一官方

After Log4j, December’s Patch Tuesday has snuck up on us

Posted:December 16, 2021byPieter Arntz

For anyone about to sit back after checking their environment for theLog4jvulnerabilities and applying patches where needed, here are some more things that need patching.

Microsoft

In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set of updates includes patches for six publicly known bugs and seven critical security vulnerabilities.

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Let’s have a look at the most interesting ones that were patched in this Patch Tuesday update.

CVE-2021-42310Microsoft Defender for IoT Remote Code Execution vulnerability. Due to a flaw in the password reset request process, an attacker can reset someone else’s password. The attack may be launched remotely. No form of authentication is required for exploitation.

CVE-2021-43905Microsoft Office app Remote Code Execution vulnerability. This vulnerability was rated 9.6 out of 10 on theCVSSvulnerability-severity scale, and Microsoft thinks it is likely to be exploited.

CVE-2021-43899Microsoft 4K Wireless Display Adapter Remote Code Execution vulnerability. This vulnerability was rated 9.8 out of 10 on the CVSS vulnerability-severity scale, even though Microsoft says it’s not likely to be exploited. You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Once installed, use theUpdate & securitysection of the app to download and install the latest firmware.

CVE-2021-43890Windows AppX Installer Spoofing vulnerability. This vulnerability allows an attacker to create a malicious package file and then modify it to look like a legitimate application. Wereportedon this vulnerability being used in the wild by Emotet (among others).

CVE-2021-43883Windows Installer Elevation of Privilege vulnerability. This is apatch to patch a bypassed patch in Windows Installerthat was initially fixed in November. By exploiting this vulnerability, threat actors that already have limited access to compromised systems can elevate their privileges and use these privileges to spread laterally within a target network.

CVE-2021-43215iSNS Server Memory Corruption vulnerability can lead to remote code execution (RCE). An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in an RCE. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients.

CVE-2021-43217Windows加密文件系统(EFS)远程代码Execution vulnerability. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how EFS makes connections from client to server. When the second phase of Windows updates become available in Q1 2022, customers will be notified via a revision to the security vulnerability.

CVE-2021-41333Windows Print Spooler Elevation of Privilege vulnerability. Exploit code for this vulnerability is available and the code works in most situations where the vulnerability exists., which makes it a priority to fix, even if we haven’t seen any attacks using this in the wild.

Apple

Apple has also published security updates. The update includes fixes for the remote jail-breaks that were demonstrated at theTianfuCupin October.

Apple has issued security updates for the WebKit inSafari 15.2and for a total of 42 vulnerabilities iniOS 15.2 and iPadOS 15.2. Included in the patches were several security vulnerabilities that allowed anyone with physical access to a device to view contacts on a locked device, and to view stored passwords without authentication.