Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th.
In-The-Wild & Disclosed CVEs
Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This vulnerability has been actively used in the spread of Emotet malware.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
CVE-2021-41333 is yet another print spooler vulnerability. All versions of Windows from Server 2008 through to Server 2022 are impacted by this vulnerability.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
This is a Windows 11 only vulnerability that would allow an attacker who successfully exploited the vulnerability to delete files. They would not have additional access to view or modify files.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
A vulnerability in the Windows Installer on all versions of Windows from Server 2008 through to Server 2022 could allow for elevation of privilege.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
A vulnerability in NTFS Set Short Name could allow elevation of privilege. Short name refers to the 8dot3 naming convention. This vulnerability impacts Windows 10 and Windows 11 and related server platforms.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
The final vulnerability on this list this month is an elevation of privilege vulnerability in Windows Encrypting File System (EFS).
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be bold
Tag | CVE Count | CVEs |
Visual Studio Code - WSL Extension | 1 | CVE-2021-43907 |
Microsoft Edge (Chromium-based) | 16 | CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068 |
Microsoft Devices | 1 | CVE-2021-43899 |
Windows Media | 1 | CVE-2021-40441 |
Microsoft Local Security Authority Server (lsasrv) | 1 | CVE-2021-43216 |
Remote Desktop Client | 1 | CVE-2021-43233 |
Windows Common Log File System Driver | 3 | CVE-2021-43224, CVE-2021-43226, CVE-2021-43207 |
Windows Storage Spaces Controller | 1 | CVE-2021-43227 |
Windows DirectX | 1 | CVE-2021-43219 |
Azure Bot Framework SDK | 1 | CVE-2021-43225 |
Microsoft Defender for IoT | 10 | CVE-2021-42310, CVE-2021-42311, CVE-2021-42312, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43888, CVE-2021-43889, CVE-2021-41365 |
Microsoft Office SharePoint | 4 | CVE-2021-42294, CVE-2021-42309, CVE-2021-42320, CVE-2021-43242 |
Microsoft Windows Codecs Library | 6 | CVE-2021-40452, CVE-2021-40453, CVE-2021-43214, CVE-2021-43243, CVE-2021-43248, CVE-2021-41360 |
Visual Studio Code | 2 | CVE-2021-43891, CVE-2021-43908 |
ASP.NET Core & Visual Studio | 1 | CVE-2021-43877 |
Windows SymCrypt | 1 | CVE-2021-43228 |
Microsoft Office Excel | 1 | CVE-2021-43256 |
Windows Event Tracing | 1 | CVE-2021-43232 |
Windows Kernel | 1 | CVE-2021-43244 |
Windows Remote Access Connection Manager | 2 | CVE-2021-43223, CVE-2021-43238 |
Microsoft Office | 3 | CVE-2021-43875, CVE-2021-42295, CVE-2021-43905 |
Microsoft PowerShell | 1 | CVE-2021-43896 |
Apps | 1 | CVE-2021-43890 |
Office Developer Platform | 1 | CVE-2021-43255 |
BizTalk ESB Toolkit | 1 | CVE-2021-43892 |
Microsoft Message Queuing | 2 | CVE-2021-43222, CVE-2021-43236 |
Windows Digital TV Tuner | 1 | CVE-2021-43245 |
Windows TCP/IP | 1 | CVE-2021-43247 |
Windows Update Stack | 2 | CVE-2021-43237, CVE-2021-43239 |
Windows Encrypting File System (EFS) | 2 | CVE-2021-43217, CVE-2021-43893 |
Microsoft Office Access | 1 | CVE-2021-42293 |
Windows Print Spooler Components | 1 | CVE-2021-41333 |
Role: Windows Hyper-V | 1 | CVE-2021-43246 |
Windows Mobile Device Management | 1 | CVE-2021-43880 |
Windows Storage | 1 | CVE-2021-43235 |
Windows Installer | 1 | CVE-2021-43883 |
Internet Storage Name Service | 1 | CVE-2021-43215 |
Role: Windows Fax Service | 1 | CVE-2021-43234 |
Windows NTFS | 4 | CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43240 |
Other Information
There were no new advisories included with the December Security Guidance.
We should, however, reference the log4j vulnerability (CVE-2021-44228) that is getting a lot of attention. CISA has compiled detailed guidance around these vulnerabilities. On Saturday, December 11, Tripwire released ASPL-977 out-of-band for IP360, which included an authenticated test for the vulnerability. The latest information on Tripwire’s products regarding Log4j2 can be found at tripwire.com/log4j.
In ASPL-978, Tripwire will include additional coverage for CVE-2021-44228. This coverage will include tests for vulnerable versions of IBM WebSphere, Apache Tomcat, VMware vCenter, and Elasticsearch. It will also include improvements to our authenticated tests. We are also actively exploring additional detection methods that can be utilized.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.