Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0245
Microsoft Patch Tuesday update for Microsoft Windows for December 2021
15 December 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Windows
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-43893 CVE-2021-43883 CVE-2021-43880
CVE-2021-43248 CVE-2021-43247 CVE-2021-43246
CVE-2021-43245 CVE-2021-43244 CVE-2021-43243
CVE-2021-43240 CVE-2021-43239 CVE-2021-43238
CVE-2021-43237 CVE-2021-43236 CVE-2021-43235
CVE-2021-43234 CVE-2021-43233 CVE-2021-43232
CVE-2021-43231 CVE-2021-43230 CVE-2021-43229
CVE-2021-43228 CVE-2021-43227 CVE-2021-43226
CVE-2021-43224 CVE-2021-43223 CVE-2021-43222
CVE-2021-43219 CVE-2021-43217 CVE-2021-43216
CVE-2021-43215 CVE-2021-43214 CVE-2021-43207
CVE-2021-41360 CVE-2021-41333 CVE-2021-40453
CVE-2021-40452 CVE-2021-40441
OVERVIEW
Microsoft has released its monthly security patch update for the
month of December 2021.
This update resolves 38 vulnerabilities across the following
products: [1]
HEVC Video Extensions
Raw Image Extension
VP9 Video Extensions
Windows 10
Windows 11
Windows 8.1
Windows RT 8.1
Windows Server
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2021-40441 Elevation of Privilege Important
CVE-2021-40452 Remote Code Execution Important
CVE-2021-40453 Remote Code Execution Important
CVE-2021-41333 Elevation of Privilege Important
CVE-2021-41360 Remote Code Execution Important
CVE-2021-43207 Elevation of Privilege Important
CVE-2021-43214 Remote Code Execution Important
CVE-2021-43215 Remote Code Execution Critical
CVE-2021-43216 Information Disclosure Important
CVE-2021-43217 Remote Code Execution Critical
CVE-2021-43219 Denial of Service Important
CVE-2021-43222 Information Disclosure Important
CVE-2021-43223 Elevation of Privilege Important
CVE-2021-43224 Information Disclosure Important
CVE-2021-43226 Elevation of Privilege Important
CVE-2021-43227 Information Disclosure Important
CVE-2021-43228 Denial of Service Important
CVE-2021-43229 Elevation of Privilege Important
CVE-2021-43230 Elevation of Privilege Important
CVE-2021-43231 Elevation of Privilege Important
CVE-2021-43232 Remote Code Execution Important
CVE-2021-43233 Remote Code Execution Critical
CVE-2021-43234 Remote Code Execution Important
CVE-2021-43235 Information Disclosure Important
CVE-2021-43236 Information Disclosure Important
CVE-2021-43237 Elevation of Privilege Important
CVE-2021-43238 Elevation of Privilege Important
CVE-2021-43239 Elevation of Privilege Important
CVE-2021-43240 Elevation of Privilege Important
CVE-2021-43243 Information Disclosure Important
CVE-2021-43244 Information Disclosure Important
CVE-2021-43245 Elevation of Privilege Important
CVE-2021-43246 Denial of Service Important
CVE-2021-43247 Elevation of Privilege Important
CVE-2021-43248 Elevation of Privilege Important
CVE-2021-43880 Elevation of Privilege Important
CVE-2021-43883 Elevation of Privilege Important
CVE-2021-43893 Elevation of Privilege Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB5008206, KB5008207, KB5008210, KB5008212, KB5008215
KB5008218, KB5008223, KB5008230, KB5008255, KB5008263
KB5008277, KB5008285
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYbkVNuNLKJtyKPYoAQjNEQ/+I4kAmJWB/mY6ZhqgCLwWvoPR+TTxf5Kk
ufYdnDDg5WZANp2Apsf1ifLz+kaoGe0ma1xXBQBPQdLxKZF6ujQYXVOb4y+R6cNu
ZQ8r5hBS728lZqCnXAMAkGBVTwO057jWwT6jTioYEI/r91tkIM/f3YVTpk2uWKmd
eeKxV2WiiH1JtfZyiLdhe0jwBAOd8p/Dy3Ba5/vuDgPA2MorO+IW1+MGsa2tVrn1
YNSkZI+HE2/2TKy0kQKu8KxBvoNL8KaHG2cKUZ9AannrByv3V6/dTXajP2MIP2cl
78nQF5M6AhS+uOrehUgfMP9I+n5aw3UpE6veOUWAReMyBNXg+9xKMkrw7N5UghQj
nDc850OE9Vh5Jg+WWtgZzZDF39ctLZ9pC8L9AXiJigDg+TequIv7LSyYL+apGT/7
EfEEEBPEJjgoqNpH/Z1OogCdPqLDNhGwMQfKovi77pKCd2G1Iw92XUmwxxg1Fags
nGQmFTQQtoYPbLbnBjoEZQY5JZWxCSCxtc7WsRp8DppBpMMaq0EdERxvlvM1KnAh
n98gAph85dJfe9Dhy5Yi/onJhL3DhUQ+M44PK4P7NNUDsYC5miYR+eo8Nfr9OtBX
p19Z74d423As9vmLhRrin7FGlP5hAplctEk1RjtRac1Aza6D8/6Yl4wwAi7Cvw2g
6cfLqQvolic=
=X8PD
-----END PGP SIGNATURE-----