Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0245 Microsoft Patch Tuesday update for Microsoft Windows for December 2021 15 December 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-43893 CVE-2021-43883 CVE-2021-43880 CVE-2021-43248 CVE-2021-43247 CVE-2021-43246 CVE-2021-43245 CVE-2021-43244 CVE-2021-43243 CVE-2021-43240 CVE-2021-43239 CVE-2021-43238 CVE-2021-43237 CVE-2021-43236 CVE-2021-43235 CVE-2021-43234 CVE-2021-43233 CVE-2021-43232 CVE-2021-43231 CVE-2021-43230 CVE-2021-43229 CVE-2021-43228 CVE-2021-43227 CVE-2021-43226 CVE-2021-43224 CVE-2021-43223 CVE-2021-43222 CVE-2021-43219 CVE-2021-43217 CVE-2021-43216 CVE-2021-43215 CVE-2021-43214 CVE-2021-43207 CVE-2021-41360 CVE-2021-41333 CVE-2021-40453 CVE-2021-40452 CVE-2021-40441 OVERVIEW Microsoft has released its monthly security patch update for the month of December 2021. This update resolves 38 vulnerabilities across the following products: [1] HEVC Video Extensions Raw Image Extension VP9 Video Extensions Windows 10 Windows 11 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-40441 Elevation of Privilege Important CVE-2021-40452 Remote Code Execution Important CVE-2021-40453 Remote Code Execution Important CVE-2021-41333 Elevation of Privilege Important CVE-2021-41360 Remote Code Execution Important CVE-2021-43207 Elevation of Privilege Important CVE-2021-43214 Remote Code Execution Important CVE-2021-43215 Remote Code Execution Critical CVE-2021-43216 Information Disclosure Important CVE-2021-43217 Remote Code Execution Critical CVE-2021-43219 Denial of Service Important CVE-2021-43222 Information Disclosure Important CVE-2021-43223 Elevation of Privilege Important CVE-2021-43224 Information Disclosure Important CVE-2021-43226 Elevation of Privilege Important CVE-2021-43227 Information Disclosure Important CVE-2021-43228 Denial of Service Important CVE-2021-43229 Elevation of Privilege Important CVE-2021-43230 Elevation of Privilege Important CVE-2021-43231 Elevation of Privilege Important CVE-2021-43232 Remote Code Execution Important CVE-2021-43233 Remote Code Execution Critical CVE-2021-43234 Remote Code Execution Important CVE-2021-43235 Information Disclosure Important CVE-2021-43236 Information Disclosure Important CVE-2021-43237 Elevation of Privilege Important CVE-2021-43238 Elevation of Privilege Important CVE-2021-43239 Elevation of Privilege Important CVE-2021-43240 Elevation of Privilege Important CVE-2021-43243 Information Disclosure Important CVE-2021-43244 Information Disclosure Important CVE-2021-43245 Elevation of Privilege Important CVE-2021-43246 Denial of Service Important CVE-2021-43247 Elevation of Privilege Important CVE-2021-43248 Elevation of Privilege Important CVE-2021-43880 Elevation of Privilege Important CVE-2021-43883 Elevation of Privilege Important CVE-2021-43893 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5008206, KB5008207, KB5008210, KB5008212, KB5008215 KB5008218, KB5008223, KB5008230, KB5008255, KB5008263 KB5008277, KB5008285 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYbkVNuNLKJtyKPYoAQjNEQ/+I4kAmJWB/mY6ZhqgCLwWvoPR+TTxf5Kk ufYdnDDg5WZANp2Apsf1ifLz+kaoGe0ma1xXBQBPQdLxKZF6ujQYXVOb4y+R6cNu ZQ8r5hBS728lZqCnXAMAkGBVTwO057jWwT6jTioYEI/r91tkIM/f3YVTpk2uWKmd eeKxV2WiiH1JtfZyiLdhe0jwBAOd8p/Dy3Ba5/vuDgPA2MorO+IW1+MGsa2tVrn1 YNSkZI+HE2/2TKy0kQKu8KxBvoNL8KaHG2cKUZ9AannrByv3V6/dTXajP2MIP2cl 78nQF5M6AhS+uOrehUgfMP9I+n5aw3UpE6veOUWAReMyBNXg+9xKMkrw7N5UghQj nDc850OE9Vh5Jg+WWtgZzZDF39ctLZ9pC8L9AXiJigDg+TequIv7LSyYL+apGT/7 EfEEEBPEJjgoqNpH/Z1OogCdPqLDNhGwMQfKovi77pKCd2G1Iw92XUmwxxg1Fags nGQmFTQQtoYPbLbnBjoEZQY5JZWxCSCxtc7WsRp8DppBpMMaq0EdERxvlvM1KnAh n98gAph85dJfe9Dhy5Yi/onJhL3DhUQ+M44PK4P7NNUDsYC5miYR+eo8Nfr9OtBX p19Z74d423As9vmLhRrin7FGlP5hAplctEk1RjtRac1Aza6D8/6Yl4wwAi7Cvw2g 6cfLqQvolic= =X8PD -----END PGP SIGNATURE-----