Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0232 Microsoft Patch Tuesday update for Microsoft Windows for November 2021 10 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2021-42291 CVE-2021-42288 CVE-2021-42287 CVE-2021-42286 CVE-2021-42285 CVE-2021-42284 CVE-2021-42283 CVE-2021-42282 CVE-2021-42280 CVE-2021-42279 CVE-2021-42278 CVE-2021-42277 CVE-2021-42276 CVE-2021-42275 CVE-2021-42274 CVE-2021-41379 CVE-2021-41378 CVE-2021-41377 CVE-2021-41371 CVE-2021-41370 CVE-2021-41367 CVE-2021-41366 CVE-2021-41356 CVE-2021-38666 CVE-2021-38665 CVE-2021-38631 CVE-2021-36957 CVE-2021-26443 OVERVIEW Microsoft has released its monthly security patch update for the month of November 2021. This update resolves 28 vulnerabilities across the following products: [1] Remote Desktop client Windows 10 Windows 11 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-26443 Remote Code Execution Critical CVE-2021-36957 Elevation of Privilege Important CVE-2021-38631 Information Disclosure Important CVE-2021-38665 Information Disclosure Important CVE-2021-38666 Remote Code Execution Critical CVE-2021-41356 Denial of Service Important CVE-2021-41366 Elevation of Privilege Important CVE-2021-41367 Elevation of Privilege Important CVE-2021-41370 Elevation of Privilege Important CVE-2021-41371 Information Disclosure Important CVE-2021-41377 Elevation of Privilege Important CVE-2021-41378 Remote Code Execution Important CVE-2021-41379 Elevation of Privilege Important CVE-2021-42274 Denial of Service Important CVE-2021-42275 Remote Code Execution Important CVE-2021-42276 Remote Code Execution Important CVE-2021-42277 Elevation of Privilege Important CVE-2021-42278 Elevation of Privilege Important CVE-2021-42279 Remote Code Execution Critical CVE-2021-42280 Elevation of Privilege Important CVE-2021-42282 Elevation of Privilege Important CVE-2021-42283 Elevation of Privilege Important CVE-2021-42284 Denial of Service Important CVE-2021-42285 Elevation of Privilege Important CVE-2021-42286 Elevation of Privilege Important CVE-2021-42287 Elevation of Privilege Important CVE-2021-42288 Security Feature Bypass Important CVE-2021-42291 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5007186, KB5007189, KB5007192, KB5007205, KB5007206 KB5007207, KB5007215, KB5007245, KB5007247, KB5007255 KB5007260 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYYsCreNLKJtyKPYoAQihihAAgWqdJiQDpSdlFZnL8v8nf3XyfZJd+m42 GT3nrCJnrdZwl4ZBF3YXlTYBqytbVqPQGOZTONgyo+ZsEYhMxfbqxsjbzutbAhK1 e6BEEVCYeC3N/lDfBB/kGDWbo6WO6KJ+vI6IJOjT9XI3aiylpkt4cERIw9oxs89R am8bIrJh6dawJELzAq+ms0pT/roYVYAo3IXzsxnsFC/3VVvv5RYj65fLm//14UGp vGeOoIyl6r2ZOZRJXokgsL5kE6MbMhd9pBkg9NT547qJaJIYLzIKvkMMKyo5MOPo nsXTEsvhKVMu/r5mO8PkUR91M9BqG/37hSk4vLJNnaCnEalokMOP+4+NWtrMPlpk Sf5dBK9UImzMZsl4E2C0e0zIdlLvylytz8WUm3frr5C8/lC1QKNuKNLg4FV6HZ73 6qZxfKE4G+BiaoDadVBcbPQGbfCrB9UavzWUMqQ4YsxeE7/VFwSYH0y7UoJfABa6 vZFJnzdlA9VCtwurXNX/t/TqWWKXTfxidyq1M+YkhG4JwBY95OOpvuU7yiBsu1dd SGlDHNShMsLSLNjvOX4GLvoTc29rUwRoAORrR918SGaMWixzNDqLe+A+pG3W+a+k GskZwoop6W5gzOVkJojio4kteZCinnhpziRd32y7m2dPZu7svGgEnXkhIL3tFQec W2XIi7EvYOQ= =TEjh -----END PGP SIGNATURE-----