December 2021 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in December's Patch Tuesday Index below.

Microsoft released fixes for a total of 67 vulnerabilities, including 7 Critical CVEs. CVE-2021-43890 was rated High, but is noted to have been exploited in the wild, making this the lone zero-day released from Microsoft today.

Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228. Log4Shell is a CVSS 10.0 vulnerability. Organizations using the Log4j library are advised to upgrade to the latest release immediately, seeing that attackers are already searching for exploitable targets. A mitigation Worklet and more information around this vulnerability can be found in our blog here.

Adobe released updates for 11 of their products including Adobe Premiere Rush Pro, Photoshop, Media Encoder, amongst others. All 11 bulletins were given Adobe Priority 3. In total, there were 60 CVEs from Adobe, including 28 Critical, 18 High, and 13 Medium.

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser. These include one which Google says is being exploited in the wild (CVE-2021-4102), so we recommend upgrading to Chrome version 96.0.4664.110 immediately. At the beginning of December, Mozilla patched a Critical vulnerability in their Network Security Services (NSS) that could exploited to execute arbitrary code.

Last Updated 12:51 AM ET - December 14, 2021.

chrome Google Chrome
Product
Title
Identifier
Severity
Google Chrome 5 security vulnerabilities fixed in Chrome 96.0.4664.110 High
firefox Mozilla Firefox
Product
Title
Identifier
Severity
Network Security Services 1 security vulnerability fixed in NSS 3.68.1 and NSS 3.73 MFSA 2021-51 Critical
Firefox 13 security vulnerabilities fixed in Firefox 95 MFSA 2021-52 High
Firefox ESR 10 security vulnerabilities fixed in Firefox ESR 91.4 MFSA 2021-53 High
Thunderbird 11 security vulnerabilities fixed in Thunderbird 91.4 MFSA 2021-54 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Premiere Rush 16 security vulnerabilities fixed in Premiere Rush APSB21-101 Adobe Priority 3
Adobe Experience Manager 8 security vulnerabilities fixed in Experience Manager APSB21-103 Adobe Priority 3
Adobe Connect 1 security vulnerability fixed in Connect APSB21-112 Adobe Priority 3
Adobe Photoshop 3 security vulnerabilities fixed in Photoshop APSB21-113 Adobe Priority 3
Adobe Prelude 2 security vulnerabilities fixed in Prelude APSB21-114 Adobe Priority 3
Adobe After Effects 10 security vulnerabilities fixed in After Effects APSB21-115 Adobe Priority 3
Adobe Dimension 6 security vulnerabilities fixed in Dimension APSB21-116 Adobe Priority 3
Adobe Premiere Pro 5 security vulnerabilities fixed in Premiere Pro APSB21-117 Adobe Priority 3
Adobe Media Encoder 5 security vulnerabilities fixed in Media Encoder APSB21-118 Adobe Priority 3
Adobe Lightroom 1 security vulnerability fixed in Lightroom APSB21-119 Adobe Priority 3
Adobe Audition 3 security vulnerabilities fixed in Audition APSB21-121 Adobe Priority 3
microsoft Microsoft
Product
Title
Identifier
Severity
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-42310 Critical
Internet Storage Name Service iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution CVE-2021-43215 Critical
Windows Encrypting File System (EFS) Windows Encrypting File System (EFS) Remote Code Execution Vulnerability CVE-2021-43217 Critical
Remote Desktop Client Remote Desktop Client Remote Code Execution Vulnerability CVE-2021-43233 Critical
Microsoft Devices Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability CVE-2021-43899 Critical
Visual Studio Code WSL Extension Visual Studio Code WSL Extension Remote Code Execution Vulnerability CVE-2021-43907 Critical
Office app Microsoft Office app Remote Code Execution Vulnerability CVE-2021-43905 Critical
App Installer Windows AppX Installer Spoofing Vulnerability CVE-2021-43890 High
Windows NTFS NTFS Set Short Name Elevation of Privilege Vulnerability CVE-2021-43240 High
Windows Mobile Device Management Windows Mobile Device Management Elevation of Privilege Vulnerability CVE-2021-43880 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2021-43883 High
Windows Encrypting File System (EFS) Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability CVE-2021-43893 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-41333 High
Windows Media Windows Media Center Elevation of Privilege Vulnerability CVE-2021-40441 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-40452 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-40453 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-41360 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-41365 High
Microsoft Office Access Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability CVE-2021-42293 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-42294 High
Microsoft Office Visual Basic for Applications Information Disclosure Vulnerability CVE-2021-42295 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-42309 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-42311 High
Microsoft Defender for IoT Microsoft Defender for IOT Elevation of Privilege Vulnerability CVE-2021-42312 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-42313 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-42314 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-42315 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-42320 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-43207 High
Microsoft Windows Codecs Library Web Media Extensions Remote Code Execution Vulnerability CVE-2021-43214 High
Microsoft Local Security Authority Server (lsasrv) Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability CVE-2021-43216 High
Windows DirectX DirectX Graphics Kernel File Denial of Service Vulnerability CVE-2021-43219 High
Microsoft Message Queuing Microsoft Message Queuing Information Disclosure Vulnerability CVE-2021-43222 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2021-43223 High
Windows Common Log File System Driver Windows Common Log File System Driver Information Disclosure Vulnerability CVE-2021-43224 High
Azure Bot Framework SDK Bot Framework SDK Remote Code Execution Vulnerability CVE-2021-43225 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-43226 High
Windows Storage Spaces Controller Storage Spaces Controller Information Disclosure Vulnerability CVE-2021-43227 High
Windows SymCrypt SymCrypt Denial of Service Vulnerability CVE-2021-43228 High
Windows NTFS Windows NTFS Elevation of Privilege Vulnerability CVE-2021-43229 High
Windows NTFS Windows NTFS Elevation of Privilege Vulnerability CVE-2021-43230 High
Windows NTFS Windows NTFS Elevation of Privilege Vulnerability CVE-2021-43231 High
Windows Event Tracing Windows Event Tracing Remote Code Execution Vulnerability CVE-2021-43232 High
Role: Windows Fax Service Windows Fax Service Remote Code Execution Vulnerability CVE-2021-43234 High
Windows Storage Storage Spaces Controller Information Disclosure Vulnerability CVE-2021-43235 High
Microsoft Message Queuing Microsoft Message Queuing Information Disclosure Vulnerability CVE-2021-43236 High
Windows Update Stack Windows Setup Elevation of Privilege Vulnerability CVE-2021-43237 High
Windows Remote Access Connection Manager Windows Remote Access Elevation of Privilege Vulnerability CVE-2021-43238 High
Windows Update Stack Windows Recovery Environment Agent Elevation of Privilege Vulnerability CVE-2021-43239 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-43242 High
Microsoft Windows Codecs Library VP9 Video Extensions Information Disclosure Vulnerability CVE-2021-43243 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2021-43244 High
Windows Digital TV Tuner Windows Digital TV Tuner Elevation of Privilege Vulnerability CVE-2021-43245 High
Role: Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2021-43246 High
Windows TCP/IP Windows TCP/IP Driver Elevation of Privilege Vulnerability CVE-2021-43247 High
Microsoft Windows Codecs Library Windows Digital Media Receiver Elevation of Privilege Vulnerability CVE-2021-43248 High
Office Developer Platform Microsoft Office Trust Center Spoofing Vulnerability CVE-2021-43255 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-43256 High
Microsoft Office Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2021-43875 High
ASP.NET Core & Visual Studio ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability CVE-2021-43877 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-43882 High
Microsoft Defender for IoT Microsoft Defender for IoT Information Disclosure Vulnerability CVE-2021-43888 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2021-43889 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-43891 High
Microsoft PowerShell Microsoft PowerShell Spoofing Vulnerability CVE-2021-43896 High
Visual Studio Code Visual Studio Code Spoofing Vulnerability CVE-2021-43908 High
Microsoft BizTalk ESB Toolkit Microsoft BizTalk ESB Toolkit Spoofing Vulnerability CVE-2021-43892 High



About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.