November’s Patch Tuesday

November’s vulnerability number was a modest 55. That’s only about a half of what we usually see, and let’s hope the same trend continues in December.

Products, components, and roles with vulnerabilities

  • 3D Viewer
  • Azure
  • Azure RTOS
  • Azure Sphere
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft Exchange Server
  • Microsoft Office Access
  • Microsoft Office Excel
  • Microsoft Office Word
  • Microsoft Windows
  • Microsoft Windows Codecs Library
  • Power BI
  • Role: Windows Hyper-V
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows COM
  • Windows Core Shell
  • Windows Cred SSProvider Protocol
  • Windows Defender
  • Windows Desktop Bridge
  • Windows Diagnostic Hub
  • Windows Fastfat Driver
  • Windows Feedback Hub
  • Windows Hello
  • Windows Installer
  • Windows Kernel
  • Windows NTFS
  • Windows RDP
  • Windows Scripting
  • Windows Virtual Machine Bus

 

This month’s not a complete picnic either, as the total number included two zero-day vulnerabilities: CVE-2021-42292 and CVE-2021-42321. Remember, these are vulnerabilities that are already being exploited! In addition, there were four vulnerabilities that had been publicly disclosed before the Patch Tuesday; CVE-2021-41371CVE-2021-38631CVE-2021-43209 and CVE-2021-43208. Apart from these, the highest CVSS scoring of 9.0 goes to CVE-2021-26443.

 

Key points

CVE-2021-42292 is directed to the Microsoft Excel product. The patches for Office MacOs are not always released in one go on Patch Tuesday, so you should keep an eye out for their release. CVE-2021-42321 is a Microsoft Exchange Server vulnerability. I recommend reading this blog post on Microsoft Exchange when planning for and installing this patch. The vulnerabilities CVE-2021-41371 and CVE-2021-38631 affect Windows RDP, more precisely Windows Server 2008–2012 operating systems. CVE-2021-38631 and CVE-2021-43208 are both Microsoft 3D Viewer vulnerabilities. These are so-called Modern Apps, meaning either Windows Store or Windows Store for Business takes care of their patches. If you need to know whether the application is already running a patched version on your device, you can verify it with command Get-AppxPackage -Name Microsoft.Microsoft3DViewer. The version should be 7.2107.7012.0 or newer.

 

Prioritize these patches if possible:

 

Active and known issues in Windows operating systems

Operating System Active known issues (previous month)
Windows 11, version 21H2 0 (1)
Windows 10, version 21H1 and Windows Server, version 21H1 4 (2)
Windows 10, version 20H2 and Windows Server, version 20H2 4 (2)
Windows 10, version 2004 and Windows Server, version 2004 4 (2)
Windows 10, versions 1909** and 1903** and Windows Server, version 1903** 1 (0) Support has partially ended for Windows 10 versions 1903 and 1909.
Windows 10, version 1809** and Windows Server 2019 3 (2) Support has ended for Windows 10 version 1803.
Windows 10, version 1803** Support has ended.
Windows 10, version 1709*** and Windows Server, version 1709 Support has ended.
Windows 10, version 1703*** Support has ended.
Windows 10, version 1607 LTSC*** and Windows Server 20162 1
Windows 8.1**** and Windows Server 2012 R2 2
Windows Server 2012 Not known yet.
Windows 7**** and Windows Server 2008 R2 SP1 Not known yet.
  • * 1909 has the same operating system core and identical system files as its predecessor, 1903.
  • ** The support for Windows 10’s build in question has ended for versions Home, Pro, and Enterprise.
  • *** The support for Windows 10’s build in question has ended for all versions.
  • **** The Mainstream support period for the Windows version has ended. Extended support periods end: For Windows 8.1, on Jan 10th 2023, and for Windows 7, on Jan 14th 2020.

 

Recommended actions

 

The critical, zero-day, and publicly disclosed vulnerabilities mentioned in the beginning should be patched as soon as possible. However, Centero recommends testing the updates carefully before migrating them into production. In addition, you should go through any known issues before deploying the updates.

 

Organizations should make sure their devices have one of the three most recent Windows 10 property versions (21H1, 20H2, or 2004), making sure the devices are still getting their monthly security patches. In the future, it’s important to also make sure the Windows 11 feature updates are among the supported updates.

 

Microsoft’s documentation on the subject

 

Microsoft maintains a list of Windows updates and their known issues on the following pages. You can find additional information on Windows-versions’ lifecycle behind the last link.

 

 

With Centero Software Manager Cloud and CSM Cloud for Servers your devices get these and other updates in a managed way, according to the configuration you have selected. Read more on Centero Software Manager here.

 

Read more on this topic:

Comparing Patch Management solutions – Part 1/12 – Background on the comparison

We are launching a series of blog posts based on our Patch Management Tools’ Comparison, conducted in 2019. We’ll start the blog series by explaining the background of the tool comparison. Hop along and dive into the world of Patch Management!

Comparing Patch Management solutions – Part 9/12 – ManageEngine Patch Manager Plus

This blog series is based on our Patch Management Tools’ Comparison, conducted in 2019. In the ninth post of the series we’ll look at the features and function of ManageEngine Patch Manager Plus solution.