Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th.
In-The-Wild & Disclosed CVEs
Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It is important to note that there may be multiple patches to apply to ensure you are fully protected against this vulnerability.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
This vulnerability is the second to see active exploitation this month. A vulnerability in Exchange Server could allow for code execution. Microsoft has released a blog post with details on the update. The vulnerability itself requires that the attacker be authenticated and take advantage of improper validation of cmdlet arguments.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
CVE-2021-38631 is the first of two vulnerabilities that could allow RDP client passwords to be disclosed to RDP server admins.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-41371 is the partner vulnerability to CVE-2021-38631, another vulnerability that could allow the RDP client passwords to be disclosed to RDP server admins.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
The first of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index
The second of two vulnerabilities discovered by Mat Powell and disclosed via ZDI. The vulnerability is triggered when parsing 3MF files and occurs due to the software not validating that an object exists before performing operations on the object. This vulnerability is likely ZDI-21-702 or ZDI-21-909.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be bold
| Tag | CVE Count | CVEs |
| Windows Fastfat Driver | 1 | CVE-2021-41377 |
| Microsoft Office Word | 1 | CVE-2021-42296 |
| Microsoft Edge (Chromium-based) in IE Mode | 1 | CVE-2021-41351 |
| Windows Virtual Machine Bus | 1 | CVE-2021-26443 |
| Windows Installer | 1 | CVE-2021-41379 |
| Visual Studio | 2 | CVE-2021-3711, CVE-2021-42319 |
| Microsoft Dynamics | 1 | CVE-2021-42316 |
| Azure Sphere | 4 | CVE-2021-42300, CVE-2021-41374, CVE-2021-41375, CVE-2021-41376 |
| Microsoft Windows Codecs Library | 1 | CVE-2021-42276 |
| Visual Studio Code | 1 | CVE-2021-42322 |
| Microsoft Office Excel | 2 | CVE-2021-40442, CVE-2021-42292 |
| 3D Viewer | 2 | CVE-2021-43208, CVE-2021-43209 |
| Windows Cred SSProvider Protocol | 1 | CVE-2021-41366 |
| Windows Kernel | 1 | CVE-2021-42285 |
| Microsoft Exchange Server | 3 | CVE-2021-41349, CVE-2021-42305, CVE-2021-42321 |
| Power BI | 1 | CVE-2021-41372 |
| Windows Defender | 1 | CVE-2021-42298 |
| Windows Desktop Bridge | 1 | CVE-2021-36957 |
| Windows Feedback Hub | 1 | CVE-2021-42280 |
| Windows Active Directory | 4 | CVE-2021-42278, CVE-2021-42282, CVE-2021-42287, CVE-2021-42291 |
| Windows Diagnostic Hub | 1 | CVE-2021-42277 |
| Windows Scripting | 1 | CVE-2021-42279 |
| Windows RDP | 4 | CVE-2021-38631, CVE-2021-41371, CVE-2021-38665, CVE-2021-38666 |
| Azure RTOS | 6 | CVE-2021-42301, CVE-2021-42302, CVE-2021-42303, CVE-2021-42304, CVE-2021-42323, CVE-2021-26444 |
| Azure | 1 | CVE-2021-41373 |
| Microsoft Office Access | 1 | CVE-2021-41368 |
| Role: Windows Hyper-V | 2 | CVE-2021-42274, CVE-2021-42284 |
| Windows Hello | 1 | CVE-2021-42288 |
| Windows COM | 1 | CVE-2021-42275 |
| Windows Core Shell | 1 | CVE-2021-42286 |
| Microsoft Windows | 1 | CVE-2021-41356 |
| Windows NTFS | 4 | CVE-2021-41367, CVE-2021-41378, CVE-2021-41370, CVE-2021-42283 |
Other Information
There were no new advisories included with the November Security Guidance.
