REDLEGG BLOG

Critical Vulnerability Bulletin December 2021

12/16/21 10:45 AM  |  by RedLegg Blog

LOG4J Remote Code Execution Vulnerability (Update)

Identifier: CVE-2021-44228 and CVE-2021-45046

Exploit or POC: YES.

Updates:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used Jave Log4J logging library. Log4J versions between 2.0 and 2.15.0 are affected by this vulnerability.

Mitigation recommendation: Patching LOG4J to version 2.16.0.

Windows Appx Installer spoofing vulnerability

Identifier: CVE-2021-43890

Exploit or POC: YES.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890

Description: CVE-2021-43890 allows an attacker to spoof code signing in installers to bypass requirement restrictions. CVE-2021-43890 is actively being exploited in the wild.

Mitigation recommendation: Patching is currently the only method of mitigation.

Microsoft 4k wireless display adapter remote code execution vulnerability

Identifier: CVE-2021-42899

Exploit or POC: NO.

Update:  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899

Description: CVE-2021-43899 allows an attacker to remotely execute code via the vulnerable 4k Wireless Display Adapter.

Mitigation recommendation: Patching is currently the only method of mitigation.

Visual Studio code WSL Extension remote code execution vulnerability

Identifier: CVE-2021-43907

Exploit or POC: NO.

Update:  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43907

Description: CVE-2021-43907 allows an attacker to remotely execute code via the WSL extension in Visual Studio Code.

Mitigation recommendation: Patching is currently the only method of mitigation.

isns server memory corruption vulnerability

Identifier: CVE-2021-43215

Exploit or POC: NO.

Update: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215

Description: CVE-2021-43215 allows an attacker to corrupt memory permitting remote code execution on vulnerable iSNS Server deployments.

Mitigation recommendation: Patching is currently the only method of mitigation.

Microsoft office app remote code execution vulnerability

Identifier: CVE-2021-43905

Exploit or POC: NO.

Update: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905

Description: CVE-2021-43905 allows an attacker to remotely execute code via malicious documents in an unpatched Microsoft Office app.

Mitigation recommendation: Patching is currently the only method of mitigation.

Microsoft office app remote code execution vulnerability

Identifier: CVE-2021-43905

Exploit or POC: NO.

Update: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905

Description: CVE-2021-43905 allows an attacker to remotely execute code via malicious documents in an unpatched Microsoft Office app.

Mitigation recommendation: Patching is currently the only method of mitigation.

Microsoft defender for iot remote code execution vulnerability

Identifier: CVE-2021-43882, CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315

Exploit or POC: NO.

Update: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41365

Description: CVE-2021-43882, CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315 allow an attacker to remotely execute code in Microsoft Defender for IoT.

Mitigation recommendation: Patching is currently the only method of mitigation.

Microsoft Sharepoint server remote code execution vulnerability

Identifier: CVE-2021-42309

Exploit or POC: NO.

Update: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42309

Description: CVE-2021-42309 allows an attacker to remotely execute code on a vulnerable SharePoint deployment.

Mitigation recommendation: Patching is currently the only method of mitigation.

Windows encrypting file systems (efs) code execution vulnerability

Identifier: CVE-2021-43217

Exploit or POC: NO.

Update: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217

Description: CVE-2021-43217 allows an attacker to remotely execute code in an unpatched Windows EFS.

Mitigation recommendation: Patching is currently the only method of mitigation.

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin