Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in December's Patch Tuesday Index below.
Microsoft released fixes for a total of 67 vulnerabilities, including 7 Critical CVEs. CVE-2021-43890 was rated High, but is noted to have been exploited in the wild, making this the lone zero-day released from Microsoft today.
Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228. Log4Shell is a CVSS 10.0 vulnerability. Organizations using the Log4j library are advised to upgrade to the latest release immediately, seeing that attackers are already searching for exploitable targets. A mitigation Worklet and more information around this vulnerability can be found in our blog here.
Adobe released updates for 11 of their products including Adobe Premiere Rush Pro, Photoshop, Media Encoder, amongst others. All 11 bulletins were given Adobe Priority 3. In total, there were 60 CVEs from Adobe, including 28 Critical, 18 High, and 13 Medium.
Google has rolled out fixes for five security vulnerabilities in its Chrome web browser. These include one which Google says is being exploited in the wild (CVE-2021-4102), so we recommend upgrading to Chrome version 96.0.4664.110 immediately. At the beginning of December, Mozilla patched a Critical vulnerability in their Network Security Services (NSS) that could exploited to execute arbitrary code.
Last Updated 12:51 AM ET - December 14, 2021.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Google Chrome | 5 security vulnerabilities fixed in Chrome | 96.0.4664.110 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Network Security Services | 1 security vulnerability fixed in NSS 3.68.1 and NSS 3.73 | MFSA 2021-51 | Critical |
Firefox | 13 security vulnerabilities fixed in Firefox 95 | MFSA 2021-52 | High |
Firefox ESR | 10 security vulnerabilities fixed in Firefox ESR 91.4 | MFSA 2021-53 | High |
Thunderbird | 11 security vulnerabilities fixed in Thunderbird 91.4 | MFSA 2021-54 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe Premiere Rush | 16 security vulnerabilities fixed in Premiere Rush | APSB21-101 | Adobe Priority 3 |
Adobe Experience Manager | 8 security vulnerabilities fixed in Experience Manager | APSB21-103 | Adobe Priority 3 |
Adobe Connect | 1 security vulnerability fixed in Connect | APSB21-112 | Adobe Priority 3 |
Adobe Photoshop | 3 security vulnerabilities fixed in Photoshop | APSB21-113 | Adobe Priority 3 |
Adobe Prelude | 2 security vulnerabilities fixed in Prelude | APSB21-114 | Adobe Priority 3 |
Adobe After Effects | 10 security vulnerabilities fixed in After Effects | APSB21-115 | Adobe Priority 3 |
Adobe Dimension | 6 security vulnerabilities fixed in Dimension | APSB21-116 | Adobe Priority 3 |
Adobe Premiere Pro | 5 security vulnerabilities fixed in Premiere Pro | APSB21-117 | Adobe Priority 3 |
Adobe Media Encoder | 5 security vulnerabilities fixed in Media Encoder | APSB21-118 | Adobe Priority 3 |
Adobe Lightroom | 1 security vulnerability fixed in Lightroom | APSB21-119 | Adobe Priority 3 |
Adobe Audition | 3 security vulnerabilities fixed in Audition | APSB21-121 | Adobe Priority 3 |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-42310 | Critical |
Internet Storage Name Service | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | CVE-2021-43215 | Critical |
Windows Encrypting File System (EFS) | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | CVE-2021-43217 | Critical |
Remote Desktop Client | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2021-43233 | Critical |
Microsoft Devices | Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | CVE-2021-43899 | Critical |
Visual Studio Code WSL Extension | Visual Studio Code WSL Extension Remote Code Execution Vulnerability | CVE-2021-43907 | Critical |
Office app | Microsoft Office app Remote Code Execution Vulnerability | CVE-2021-43905 | Critical |
App Installer | Windows AppX Installer Spoofing Vulnerability | CVE-2021-43890 | High |
Windows NTFS | NTFS Set Short Name Elevation of Privilege Vulnerability | CVE-2021-43240 | High |
Windows Mobile Device Management | Windows Mobile Device Management Elevation of Privilege Vulnerability | CVE-2021-43880 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2021-43883 | High |
Windows Encrypting File System (EFS) | Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | CVE-2021-43893 | High |
Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2021-41333 | High |
Windows Media | Windows Media Center Elevation of Privilege Vulnerability | CVE-2021-40441 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-40452 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-40453 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-41360 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-41365 | High |
Microsoft Office Access | Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | CVE-2021-42293 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2021-42294 | High |
Microsoft Office | Visual Basic for Applications Information Disclosure Vulnerability | CVE-2021-42295 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2021-42309 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-42311 | High |
Microsoft Defender for IoT | Microsoft Defender for IOT Elevation of Privilege Vulnerability | CVE-2021-42312 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-42313 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-42314 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-42315 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Spoofing Vulnerability | CVE-2021-42320 | High |
Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2021-43207 | High |
Microsoft Windows Codecs Library | Web Media Extensions Remote Code Execution Vulnerability | CVE-2021-43214 | High |
Microsoft Local Security Authority Server (lsasrv) | Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability | CVE-2021-43216 | High |
Windows DirectX | DirectX Graphics Kernel File Denial of Service Vulnerability | CVE-2021-43219 | High |
Microsoft Message Queuing | Microsoft Message Queuing Information Disclosure Vulnerability | CVE-2021-43222 | High |
Windows Remote Access Connection Manager | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVE-2021-43223 | High |
Windows Common Log File System Driver | Windows Common Log File System Driver Information Disclosure Vulnerability | CVE-2021-43224 | High |
Azure Bot Framework SDK | Bot Framework SDK Remote Code Execution Vulnerability | CVE-2021-43225 | High |
Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2021-43226 | High |
Windows Storage Spaces Controller | Storage Spaces Controller Information Disclosure Vulnerability | CVE-2021-43227 | High |
Windows SymCrypt | SymCrypt Denial of Service Vulnerability | CVE-2021-43228 | High |
Windows NTFS | Windows NTFS Elevation of Privilege Vulnerability | CVE-2021-43229 | High |
Windows NTFS | Windows NTFS Elevation of Privilege Vulnerability | CVE-2021-43230 | High |
Windows NTFS | Windows NTFS Elevation of Privilege Vulnerability | CVE-2021-43231 | High |
Windows Event Tracing | Windows Event Tracing Remote Code Execution Vulnerability | CVE-2021-43232 | High |
Role: Windows Fax Service | Windows Fax Service Remote Code Execution Vulnerability | CVE-2021-43234 | High |
Windows Storage | Storage Spaces Controller Information Disclosure Vulnerability | CVE-2021-43235 | High |
Microsoft Message Queuing | Microsoft Message Queuing Information Disclosure Vulnerability | CVE-2021-43236 | High |
Windows Update Stack | Windows Setup Elevation of Privilege Vulnerability | CVE-2021-43237 | High |
Windows Remote Access Connection Manager | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2021-43238 | High |
Windows Update Stack | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | CVE-2021-43239 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Spoofing Vulnerability | CVE-2021-43242 | High |
Microsoft Windows Codecs Library | VP9 Video Extensions Information Disclosure Vulnerability | CVE-2021-43243 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2021-43244 | High |
Windows Digital TV Tuner | Windows Digital TV Tuner Elevation of Privilege Vulnerability | CVE-2021-43245 | High |
Role: Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2021-43246 | High |
Windows TCP/IP | Windows TCP/IP Driver Elevation of Privilege Vulnerability | CVE-2021-43247 | High |
Microsoft Windows Codecs Library | Windows Digital Media Receiver Elevation of Privilege Vulnerability | CVE-2021-43248 | High |
Office Developer Platform | Microsoft Office Trust Center Spoofing Vulnerability | CVE-2021-43255 | High |
Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-43256 | High |
Microsoft Office | Microsoft Office Graphics Remote Code Execution Vulnerability | CVE-2021-43875 | High |
ASP.NET Core & Visual Studio | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | CVE-2021-43877 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-43882 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Information Disclosure Vulnerability | CVE-2021-43888 | High |
Microsoft Defender for IoT | Microsoft Defender for IoT Remote Code Execution Vulnerability | CVE-2021-43889 | High |
Visual Studio Code | Visual Studio Code Remote Code Execution Vulnerability | CVE-2021-43891 | High |
Microsoft PowerShell | Microsoft PowerShell Spoofing Vulnerability | CVE-2021-43896 | High |
Visual Studio Code | Visual Studio Code Spoofing Vulnerability | CVE-2021-43908 | High |
Microsoft BizTalk ESB Toolkit | Microsoft BizTalk ESB Toolkit Spoofing Vulnerability | CVE-2021-43892 | High |
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.