November 2021 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in November's Patch Tuesday Index below.

While each of us may have individual reasons to be thankful this month, from a security perspective, the 55 vulnerabilities reported by Microsoft are another good reason. November's total vulnerabilities represent a 27% reduction from the monthly average so far this year. There were 6 critical vulnerabilities reported, and while this is double October’s total of 3, it nonetheless represents a 30% reduction off the monthly average of critical vulnerabilities for 2021. There were two vulnerabilities publicly exploited. Those are CVE-2021-42292 and CVE-2021-42321, both rated "important" by Microsoft.

Adobe’s Patch Tuesday looks quite a bit smaller, after a significant out of band release that covered 14 products on October 26. Adobe patched just three products today: Creative Cloud, InCopy, and RoboHelp Server. All of the patches issued by Adobe today are Priority 3, indicating that the vulnerabilities are for a product that has not historically been targeted by attackers.

Last Updated 01:29 PM ET - November 9, 2021.

firefox Mozilla Firefox
Product
Title
Identifier
Severity
Thunderbird 10 security vulnerabilities fixed in Thunderbird 91.3 MFSA 2021-47 High
Firefox 13 security vulnerabilities fixed in Firefox 94 MFSA 2021-48 High
Firefox ESR 10 security vulnerabilities fixed in Firefox ESR 91.3 MFSA 2021-49 High
adobe Adobe
Product
Title
Identifier
Severity
RoboHelp Server 1 security vulnerability fixed in RoboHelp Server APSB21-87 Adobe Priority 3
Adobe InCopy 2 security vulnerabilities fixed in Adobe InCopy APSB21-110 Adobe Priority 3
Adobe Creative Cloud 1 security vulnerability fixed in Adobe Creative Cloud Desktop Application APSB21-111 Adobe Priority 3
microsoft Microsoft
Product
Title
Identifier
Severity
Windows Virtual Machine Bus Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability CVE-2021-26443 Critical
Visual Studio OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow CVE-2021-3711 Critical
Windows RDP Remote Desktop Client Remote Code Execution Vulnerability CVE-2021-38666 Critical
Windows Scripting Chakra Scripting Engine Memory Corruption Vulnerability CVE-2021-42279 Critical
Windows Defender Microsoft Defender Remote Code Execution Vulnerability CVE-2021-42298 Critical
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability CVE-2021-42316 Critical
Microsoft Office Excel Microsoft Excel Security Feature Bypass Vulnerability CVE-2021-42292 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-42321 High
Windows RDP Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2021-38631 High
Windows RDP Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2021-41371 High
Visual Studio Visual Studio Elevation of Privilege Vulnerability CVE-2021-42319 High
3D Viewer 3D Viewer Remote Code Execution Vulnerability CVE-2021-43208 High
3D Viewer 3D Viewer Remote Code Execution Vulnerability CVE-2021-43209 High
Azure RTOS Azure RTOS Information Disclosure Vulnerability CVE-2021-26444 High
Windows Desktop Bridge Windows Desktop Bridge Elevation of Privilege Vulnerability CVE-2021-36957 High
Windows RDP Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2021-38665 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-40442 High
Microsoft Exchange Server Microsoft Exchange Server Spoofing Vulnerability CVE-2021-41349 High
Microsoft Edge (Chromium-based) in IE Mode Microsoft Edge (Chrome based) Spoofing on IE Mode CVE-2021-41351 High
Microsoft Windows Windows Denial of Service Vulnerability CVE-2021-41356 High
Windows Cred SSProvider Protocol Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability CVE-2021-41366 High
Windows NTFS NTFS Elevation of Privilege Vulnerability CVE-2021-41367 High
Microsoft Office Access Microsoft Access Remote Code Execution Vulnerability CVE-2021-41368 High
Windows NTFS NTFS Elevation of Privilege Vulnerability CVE-2021-41370 High
Power BI Power BI Report Server Spoofing Vulnerability CVE-2021-41372 High
Azure FSLogix Information Disclosure Vulnerability CVE-2021-41373 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2021-41374 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2021-41375 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2021-41376 High
Windows Fastfat Driver Windows Fast FAT File System Driver Elevation of Privilege Vulnerability CVE-2021-41377 High
Windows NTFS Windows NTFS Remote Code Execution Vulnerability CVE-2021-41378 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2021-41379 High
Role: Windows Hyper-V Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability CVE-2021-42274 High
Windows COM Microsoft COM for Windows Remote Code Execution Vulnerability CVE-2021-42275 High
Microsoft Windows Codecs Library Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-42276 High
Windows Diagnostic Hub Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2021-42277 High
Windows Active Directory Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2021-42278 High
Windows Feedback Hub Windows Feedback Hub Elevation of Privilege Vulnerability CVE-2021-42280 High
Windows Active Directory Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2021-42282 High
Windows NTFS NTFS Elevation of Privilege Vulnerability CVE-2021-42283 High
Role: Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2021-42284 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-42285 High
Windows Core Shell Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability CVE-2021-42286 High
Windows Active Directory Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2021-42287 High
Windows Hello Windows Hello Security Feature Bypass Vulnerability CVE-2021-42288 High
Windows Active Directory Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2021-42291 High
Microsoft Office Word Microsoft Word Remote Code Execution Vulnerability CVE-2021-42296 High
Azure Sphere Azure Sphere Tampering Vulnerability CVE-2021-42300 High
Azure RTOS Azure RTOS Information Disclosure Vulnerability CVE-2021-42301 High
Azure RTOS Azure RTOS Elevation of Privilege Vulnerability CVE-2021-42302 High
Azure RTOS Azure RTOS Elevation of Privilege Vulnerability CVE-2021-42303 High
Azure RTOS Azure RTOS Elevation of Privilege Vulnerability CVE-2021-42304 High
Microsoft Exchange Server Microsoft Exchange Server Spoofing Vulnerability CVE-2021-42305 High
Visual Studio Code Visual Studio Code Elevation of Privilege Vulnerability CVE-2021-42322 High
Azure RTOS Azure RTOS Information Disclosure Vulnerability CVE-2021-42323 High



About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.