Microsoft has released its December 2021 Patch Tuesday security updates that fix a total of 67 vulnerabilities across a vide range of its products, including Windows, Azure Bot Framework SDK, Defender for IoT, Microsoft Office and Office Components, Microsoft SharePoint Server and others.
One of the most important bugs addressed by the vendor this month is CVE-2021-43890, a Windows AppX Installer Spoofing zero-day vulnerability actively exploited by threat actors. Microsoft says it is aware “of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader”.
“An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” according to the Windows maker.
Microsoft also provides workarounds for customers who can’t immediately install security patches. These include enabling BlockNonAdminUserInstall to prevent non-admins from installing Windows App packages and AllowAllTrustedAppToInstall to block app installs from outside the Microsoft Store.
Another vulnerability worth mentioning is CVE-2021-43215, an RCE bug in Microsoft iSNS Server, which could be exploited by a remote attacker for remote code execution by sending a specially crafted request to a vulnerable server.
December Patch Tuesday also addresses several security vulnerabilities that have been publicly disclosed but have not yet been seen exploited in attacks. These are CVE-2021-43883 (a privilege escalation bug in Microsoft Windows Installer), CVE-2021-43893 (a privilege escalation flaw in Microsoft Windows Encrypting File System), CVE-2021-43240 (privilege escalation in Microsoft NTFS Set Short Name), CVE-2021-43880 (privilege escalation Windows Mobile Device Management), and CVE-2021-41333 (privilege escalation in Microsoft Windows Print Spooler).
Last month, Microsoft addressed over 50 security vulnerabilities in its products, including two zero-day flaws (in Microsoft Exchange Server and Microsoft Excel products) actively exploited in the wild.