Microsoft closed a large number of vulnerabilities in its solutions during Patch Tuesday. These include the critical CVE-2021-43890 vulnerability that can be exploited for Emotet/Trickbot/Bazaloader attacks. Another exploit for Exchange has also been discovered.
In its December Patch Tuesday update, Microsoft has again fixed a large number of vulnerabilities in its software. This time it involved no fewer than 67 patches. In November, there were 55. In total, the tech giant has released 887 CVE patches this year.
The December round covered vulnerabilities in Microsoft Office, Microsoft PowerShell, the Chromium-based Edge browser, the Windows Kernel, the Windows Print Spooler and the Windows Remote Desktop Client. Of the 67 patches now released, six were zero-day exploits.
Issues resolved included Remote Code Execution (RCE), privilege escalation security flaws, spoofing bugs, and denail-of-service issues.
Six zero day patches
The most significant patch involved the zero-day CVE-2021-43890 vulnerability. This is a Windows AppX Installer Spoofing vulnerability that has been rated highly critical and is already being exploited by hackers. The vulnerability lends itself to, among other things, the use of specially developed packages. In particular, hackers try to spread Emotet, Trickbot and Bazaloader malware through this exploit.
Other zero-day holes in Microsoft software that have now been closed include a Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-413330), a Windows Mobile Device Management Elevation of Privilege (EoP) vulnerability ( CVE-2021-43880) and an EoP in the Windows Encrypting File System (CVE-2021-43893).
Additionally, zero-day vulnerabilities have been fixed for an “NTFS Set Short Name elevation of privilege” software bug (CVE-2021-43240) and a zero-day issue for the Windows Installer (CVE-2021-43883).
New possible Exchange attack
The tech giant also disclosed that it has discovered that a patched Exchange Server post-authentication flaw (CVE-2021-42321) is being actively exploited for new attacks. After the problems that arose earlier this year, Exchange will again have to deal with attack attempts.
