Home / About / Threat Intelligence / Microsoft Patch Tuesday November 2021

Overview

In total 55 vulnerabilities are being fixed as part of November 2021’s Patch Tuesday.

Microsoft’s monthly patch release includes fixes for several critical vulnerabilities, including two actively-exploited zero-day flaws in Excel and Exchange Server, that could be abused to take control of an affected system.

The most serious errors are CVE-2021-42321 (CVSS score: 8.8) and CVE-2021-42292 (CVSS score: 7.8). The flaws affect Microsoft Exchange Server with regards to a post-authentication remote code execution flaw and Microsoft Excel versions 2013-2021 – a security bypass vulnerability.

Impact

Earlier in the year, there were four zero-day exploits, which included attacks on researchers, law firms, universities, defence contractors, policy think tanks and NGOs.

Situations like these show that Microsoft Exchange servers are a high target for threat actors wanting to target critical networks.

Affected Products

  • 3D Viewer
  • Azure
  • Azure RTOS
  • Azure Sphere
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft Exchange Server
  • Microsoft Office
  • Microsoft Office Access
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Windows
  • Microsoft Windows Codecs Library
  • Power BI
  • Role: Windows Hyper-V
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows COM
  • Windows Core Shell
  • Windows Cred SSProvider Protocol
  • Windows Defender
  • Windows Desktop Bridge
  • Windows Diagnostic Hub
  • Windows Fastfat Driver
  • Windows Feedback Hub
  • Windows Hello
  • Windows Installer
  • Windows Kernel
  • Windows NTFS
  • Windows RDP
  • Windows Scripting
  • Windows Virtual Machine Bus

Containment, Mitigations & Remediation

Update installation: Microsoft has released several security updates for vulnerabilities. Our recommendation is to install these updates immediately to protect your environment.

There are two update paths. Exchange Server is running one of the following currently supported CUs:
Path 1
• Exchange Server 2013 CU23
• Exchange Server 2016 CU21 or CU22
• Exchange Server 2019 CU10 or CU11
> Install November 2021 Security Updates

Path 2
Exchange Server is NOT running any of the above CUs
> Install supported CU
> Install November 2021 Security Updates

Indicators of Compromise

None published at this time.

Mitre Methodologies

T1068  – Exploitation for Privilege Escalation

Further Information

November 2021 Exchange Server Security Updates

NVD – CVE-2021-42321