November Patch Tuesday is here and it is a relatively light month. Overall we have 55 exploits that got patched, with only 6 being rated as critical. Two of these are actively being exploited, with another four that are already publicly known. No exploit came in with a CVSS score over 9.0. Let’s dive into the lowlights!
Some Highlights (Or Lowlights)
CVE-2021-42321: This is the first of the already exploited vulnerabilities that was patched. This vulnerability of exchange and it takes advantage of an improper validation of cmdlets arguments. While this can be run remote, the attacker does need to have an authenticated role in the exchange server. Microsoft has released a blog with a deeper dive here.
CVE-2021-42292: This is the second of the already exploited vulnerabilities. This one involves Microsoft Excel. The attack vector for this one is local, and requires User Interaction to exploit. On top of that the preview pane is not an area of attack. Overall this one would not have made the low lights if it had already not been exploited, but still get it patched ASAP.
CVE-2021-26443: This is the highest rated CVSS score for the month coming in at 9.0. This takes advantage of how the VM guest to properly handles communication on the VMBus channel. An attacker could send a specially crafted communication on the VMBus allowing them to execute arbitrary code.
Keeping with the theme of November I think we should all be thankful for the light month of exploits! We have a low number of overall exploits closed with only six being rated as critical. If we ignore the already exploited vulnerabilities and the fact that the CVE on the VMBus is low enough that Microsoft has known about that one for some time this has basically been the ideal Patch Tuesday!
Light does not mean that it is less important to keep your environment patched. Let’s get your environment protected ASAP. Keeping your systems patched is a process that is not going away, so automating this with the right tools can be an investment that will pay dividends every month. PDQ Deploy and PDQ Inventory can help you get back time that you can spend on your <insert obscure personal hobby here>.