Exploits & Vulnerabilities
November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulnerabilities are of interest. CVE-2021-42298 is a vulnerability in Microsoft Defender, while CVE-2021-38666 is a vulnerability in the Remote Desktop Client. Both of these vulnerabilities result in remote code execution (RCE). The latter vulnerability can be used to trigger RCE if the user is lured into connecting to a malicious Remote Desktop server.
A third vulnerability, CVE-2021-26443, is noteworthy as it represents an escape from a virtual machine (VM) to the host server. The vulnerability in the virtual machine bus (VMBus) allows an attacker to run code on the host server via specially crafted communication on the said bus.
Important Vulnerabilities
The vulnerabilities rated as Important affect a wide variety of Windows components. These include Active Directory (CVE-2021-42278, CVE-2021-42282, CVE-2021-42287, and CVE-2021-42291) and Exchange Server (CVE-2021-42321, CVE-2021-41349, and CVE-2021-42305). Given the common use of both Active Directory and Exchange Server in enterprise networks, it is important for system administrators to install the patches for these vulnerabilities as soon as possible.
In addition, two of the Important vulnerabilities are currently being exploited. CVE-2021-42292, in particular, is a vulnerability in Excel that allows for arbitrary code execution if a malicious file is opened. One of the Exchange Server vulnerabilities (CVE-2021-42321) is also being targeted, while four more are public but are not being exploited. Two are in 3D Viewer (CVE-2021-43208 and CVE-2021-43209), and another two are in Remote Desktop Protocol (CVE-2021-38631 and CVE-2021-41371).
Trend Micro solutions
A proactive, multilayered approach to security is key against threats that exploit vulnerabilities — from the gateway, endpoints, networks, and servers.
The Trend Micro™ Deep Security™ solution provides network security, system security, and malware prevention. Combined with Vulnerability Protection, it can protect user systems from a wide range of upcoming threats that might target vulnerabilities. Individual services of Trend Micro Cloud One™, such as Workload Security and Network Security, also use virtual patching to protect their customers.
TippingPoint® Next-Generation Intrusion Prevention System (NGIPS) is a network traffic solution that uses comprehensive and contextual awareness analysis for advanced threats that exploit vulnerabilities.