-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0245
  Microsoft Patch Tuesday update for Microsoft Windows for December 2021
                             15 December 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft Windows
Operating System: Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                  Increased Privileges            -- Existing Account      
                  Denial of Service               -- Remote/Unauthenticated
                  Access Confidential Data        -- Remote/Unauthenticated
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-43893 CVE-2021-43883 CVE-2021-43880
                  CVE-2021-43248 CVE-2021-43247 CVE-2021-43246
                  CVE-2021-43245 CVE-2021-43244 CVE-2021-43243
                  CVE-2021-43240 CVE-2021-43239 CVE-2021-43238
                  CVE-2021-43237 CVE-2021-43236 CVE-2021-43235
                  CVE-2021-43234 CVE-2021-43233 CVE-2021-43232
                  CVE-2021-43231 CVE-2021-43230 CVE-2021-43229
                  CVE-2021-43228 CVE-2021-43227 CVE-2021-43226
                  CVE-2021-43224 CVE-2021-43223 CVE-2021-43222
                  CVE-2021-43219 CVE-2021-43217 CVE-2021-43216
                  CVE-2021-43215 CVE-2021-43214 CVE-2021-43207
                  CVE-2021-41360 CVE-2021-41333 CVE-2021-40453
                  CVE-2021-40452 CVE-2021-40441 

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of December 2021.
        
        This update resolves 38 vulnerabilities across the following
        products: [1]
        
         HEVC Video Extensions
         Raw Image Extension
         VP9 Video Extensions
         Windows 10
         Windows 11
         Windows 8.1
         Windows RT 8.1
         Windows Server
         Windows Server 2012
         Windows Server 2012 R2
         Windows Server 2016
         Windows Server 2019
         Windows Server 2022


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2021-40441  Elevation of Privilege   Important
         CVE-2021-40452  Remote Code Execution    Important
         CVE-2021-40453  Remote Code Execution    Important
         CVE-2021-41333  Elevation of Privilege   Important
         CVE-2021-41360  Remote Code Execution    Important
         CVE-2021-43207  Elevation of Privilege   Important
         CVE-2021-43214  Remote Code Execution    Important
         CVE-2021-43215  Remote Code Execution    Critical
         CVE-2021-43216  Information Disclosure   Important
         CVE-2021-43217  Remote Code Execution    Critical
         CVE-2021-43219  Denial of Service        Important
         CVE-2021-43222  Information Disclosure   Important
         CVE-2021-43223  Elevation of Privilege   Important
         CVE-2021-43224  Information Disclosure   Important
         CVE-2021-43226  Elevation of Privilege   Important
         CVE-2021-43227  Information Disclosure   Important
         CVE-2021-43228  Denial of Service        Important
         CVE-2021-43229  Elevation of Privilege   Important
         CVE-2021-43230  Elevation of Privilege   Important
         CVE-2021-43231  Elevation of Privilege   Important
         CVE-2021-43232  Remote Code Execution    Important
         CVE-2021-43233  Remote Code Execution    Critical
         CVE-2021-43234  Remote Code Execution    Important
         CVE-2021-43235  Information Disclosure   Important
         CVE-2021-43236  Information Disclosure   Important
         CVE-2021-43237  Elevation of Privilege   Important
         CVE-2021-43238  Elevation of Privilege   Important
         CVE-2021-43239  Elevation of Privilege   Important
         CVE-2021-43240  Elevation of Privilege   Important
         CVE-2021-43243  Information Disclosure   Important
         CVE-2021-43244  Information Disclosure   Important
         CVE-2021-43245  Elevation of Privilege   Important
         CVE-2021-43246  Denial of Service        Important
         CVE-2021-43247  Elevation of Privilege   Important
         CVE-2021-43248  Elevation of Privilege   Important
         CVE-2021-43880  Elevation of Privilege   Important
         CVE-2021-43883  Elevation of Privilege   Important
         CVE-2021-43893  Elevation of Privilege   Important


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB5008206, KB5008207, KB5008210, KB5008212, KB5008215
         KB5008218, KB5008223, KB5008230, KB5008255, KB5008263
         KB5008277, KB5008285


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYbkVNuNLKJtyKPYoAQjNEQ/+I4kAmJWB/mY6ZhqgCLwWvoPR+TTxf5Kk
ufYdnDDg5WZANp2Apsf1ifLz+kaoGe0ma1xXBQBPQdLxKZF6ujQYXVOb4y+R6cNu
ZQ8r5hBS728lZqCnXAMAkGBVTwO057jWwT6jTioYEI/r91tkIM/f3YVTpk2uWKmd
eeKxV2WiiH1JtfZyiLdhe0jwBAOd8p/Dy3Ba5/vuDgPA2MorO+IW1+MGsa2tVrn1
YNSkZI+HE2/2TKy0kQKu8KxBvoNL8KaHG2cKUZ9AannrByv3V6/dTXajP2MIP2cl
78nQF5M6AhS+uOrehUgfMP9I+n5aw3UpE6veOUWAReMyBNXg+9xKMkrw7N5UghQj
nDc850OE9Vh5Jg+WWtgZzZDF39ctLZ9pC8L9AXiJigDg+TequIv7LSyYL+apGT/7
EfEEEBPEJjgoqNpH/Z1OogCdPqLDNhGwMQfKovi77pKCd2G1Iw92XUmwxxg1Fags
nGQmFTQQtoYPbLbnBjoEZQY5JZWxCSCxtc7WsRp8DppBpMMaq0EdERxvlvM1KnAh
n98gAph85dJfe9Dhy5Yi/onJhL3DhUQ+M44PK4P7NNUDsYC5miYR+eo8Nfr9OtBX
p19Z74d423As9vmLhRrin7FGlP5hAplctEk1RjtRac1Aza6D8/6Yl4wwAi7Cvw2g
6cfLqQvolic=
=X8PD
-----END PGP SIGNATURE-----