• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 15, 2021
Rewterz Threat Update – Apache Log4j Security Flaw – A Zero-Day for the Entirety of the Internet
December 16, 2021

Rewterz Threat Advisory – Microsoft Patches Multiple Security Vulnerabilities in Latest Patch Tuesday

December 15, 2021

Severity

High

Analysis Summary

CVE-2021-43907 

Microsoft Visual Studio Code WSL Extension could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43905 

Microsoft Office app could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43899 

Microsoft 4K Wireless Display Adapter could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43893 

Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Encrypting File System component. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43891 

Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43889 

Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43888 

Microsoft Defender for IoT could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-43883 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. An attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2021-43880 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Mobile Device Management. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43242 

Microsoft SharePoint Server could allow a remote authenticated attacker to conduct spoofing attacks. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct spoofing attacks.

CVE-2021-43207 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-42309 

Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-42295 

Microsoft Office could allow a local attacker to obtain sensitive information, caused by a flaw in the Visual Basic for Applications. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-42294 

Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-42293 

Microsoft Jet Red Database Engine and Access Connectivity Engine could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-41365 

Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-41360 

Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-41333 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43882 

Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43877 

Microsoft ASP.NET Core and Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43875 

Microsoft Office Graphics could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43256 

Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43255 

Microsoft Office Trust Center could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2021-43248 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital Media Receiver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43247 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the TCP/IP Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43246 

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Hyper-V. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-43245 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital TV Tuner. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43244 

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Kernel. By executing a specially-crafted program, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-43243 

Microsoft VP9 Video Extensions could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-43240 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NTFS Set Short Name. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43239 

Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Update Assistant. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43238 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43237 

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Stack component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-43236 

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Message Queuing component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-43235 

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Storage Spaces Controller component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-43234 

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code Execution
  • Unauthorized Access
  • Privilege Escalation
  • Information Disclosure
  • Denial of Service

Affected Vendors

Microsoft

Affected Products

  • Microsoft Visual Studio Code WSL Extension
  • Microsoft Office app
  • Microsoft 4K Wireless Display Adapter
  • Microsoft PowerShell 7.2
  • Microsoft Visual Studio Code
  • Microsoft Defender for IoT
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1 x32
  • Microsoft Windows 8.1 x64
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows RT 8.1
  • Microsoft Windows 10 x32
  • Microsoft Windows 10 x64
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 1809 for x64-based Systems
  • Microsoft Windows 10 1809 for 32-bit Systems
  • Microsoft Windows 10 1809 for ARM64-based Systems
  • Microsoft Windows 10 1607 for 32-bit Systems
  • Microsoft Windows 10 1607 for x64-based Systems
  • Microsoft Windows 10 2004 for 32-bit Systems
  • Microsoft Windows 10 2004 for ARM64-based Systems
  • Microsoft Windows 10 2004 for x64-based Systems
  • Microsoft Windows 10 1909 for 32-bit Systems
  • Microsoft Windows 10 1909 for x64-based Systems
  • Microsoft Windows 10 1909 for ARM64-based Systems
  • Microsoft Windows 10 20H2 for 32-bit Systems
  • Microsoft Windows 10 20H2 for ARM64-based Systems
  • Microsoft Windows 10 20H2 for x64-based Systems
  • Microsoft Windows Server (Server Core installation) 2019
  • Microsoft Windows Server (Server Core installation) 2004
  • Microsoft Windows Server (Server Core installation) 20H2
  • Microsoft Windows Server (Server Core installation) 2016
  • Microsoft Windows Server (Server Core installation) 2012 R2
  • Microsoft Windows Server (Server Core installation) 2012
  • Microsoft Windows Server for X64-based systems 2008 R2 SP1
  • Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
  • Microsoft Windows Server for 32-bit systems 2008 SP2
  • Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
  • Microsoft Windows 10 21H1 for 32-bit Systems
  • Microsoft Windows 10 21H1 for ARM64-based Systems
  • Microsoft Windows 10 21H1 for x64-based Systems
  • Microsoft Windows Server 2022
  • Microsoft Windows Server (Server Core installation) 2022
  • Microsoft Windows Server for X64-based systems 2008 SP2
  • Microsoft Windows 11 x64
  • Microsoft Windows 11 ARM64
  • Microsoft Windows 10 21H2 for 32-bit Systems
  • Microsoft Windows 10 21H2 for ARM64-based Systems
  • Microsoft Windows 10 21H2 for x64-based Systems
  • Microsoft Windows 11 x64 Microsoft Windows 11 ARM64
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Enterprise Server 2013 SP1
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft Office 2013 SP1 x32
  • Microsoft Office 2013 SP1 x64
  • Microsoft Office 2013 SP1 RT
  • Microsoft Office 2016 x32
  • Microsoft Office 2016 x64
  • Microsoft Office 2019 x32
  • Microsoft Office 2019 x64
  • Microsoft 365 Apps for Enterprise x32
  • Microsoft 365 Apps for Enterprise x64
  • Microsoft Office LTSC 2021 x32
  • Microsoft Office LTSC 2021 x64
  • Microsoft SharePoint Foundation 2013 SP1
  • Microsoft HEVC Video Extensions
  • Microsoft Windows 7 SP1 x32
  • Microsoft Windows 7 SP1 x64
  • Microsoft ASP.NET Core 3.1
  • Microsoft ASP.NET Core 5.0
  • Microsoft VP9 Video Extensions

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2021-43907
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43907
CVE-2021-43905
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43905
CVE-2021-43899
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43905
CVE-2021-43893
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43896
CVE-2021-43891
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43896
CVE-2021-43889
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43891
CVE-2021-43888
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43889
CVE-2021-43883
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43888
CVE-2021-43880
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43883
CVE-2021-43242
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43880
CVE-2021-43207
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43880
CVE-2021-42309
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-42295
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-42294
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-42293
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-41365
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-41360
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41365
CVE-2021-41333
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43882
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43877
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43875
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43256
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43256
CVE-2021-43255
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43255
CVE-2021-43248
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43255
CVE-2021-43247
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43255
CVE-2021-43246
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43246
CVE-2021-43245
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43245
CVE-2021-43244
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43245
CVE-2021-43243
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43243
CVE-2021-43240
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43240
CVE-2021-43239
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43239
CVE-2021-43238
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43238
CVE-2021-43237
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43237
CVE-2021-43236
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43236
CVE-2021-43235
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43235
CVE-2021-43234
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43234

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.