Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th.

In-The-Wild & Disclosed CVEs

CVE-2021-43890

Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This vulnerability has been actively used in the spread of Emotet malware.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-41333

CVE-2021-41333 is yet another print spooler vulnerability. All versions of Windows from Server 2008 through to Server 2022 are impacted by this vulnerability.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-43880

This is a Windows 11 only vulnerability that would allow an attacker who successfully exploited the vulnerability to delete files. They would not have additional access to view or modify files.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-43883

A vulnerability in the Windows Installer on all versions of Windows from Server 2008 through to Server 2022 could allow for elevation of privilege.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2021-43240

A vulnerability in NTFS Set Short Name could allow elevation of privilege. Short name refers to the 8dot3 naming convention. This vulnerability impacts Windows 10 and Windows 11 and related server platforms.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-43893

The final vulnerability on this list this month is an elevation of privilege vulnerability in Windows Encrypting File System (EFS).

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold
TagCVE CountCVEs
Visual Studio Code – WSL Extension1CVE-2021-43907
Microsoft Edge (Chromium-based)16CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068
Microsoft Devices1CVE-2021-43899
Windows Media1CVE-2021-40441
Microsoft Local Security Authority Server (lsasrv)1CVE-2021-43216
Remote Desktop Client1CVE-2021-43233
Windows Common Log File System Driver3CVE-2021-43224, CVE-2021-43226, CVE-2021-43207
Windows Storage Spaces Controller1CVE-2021-43227
Windows DirectX1CVE-2021-43219
Azure Bot Framework SDK1CVE-2021-43225
Microsoft Defender for IoT10CVE-2021-42310, CVE-2021-42311, CVE-2021-42312, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43888, CVE-2021-43889, CVE-2021-41365
Microsoft Office SharePoint4CVE-2021-42294, CVE-2021-42309, CVE-2021-42320, CVE-2021-43242
Microsoft Windows Codecs Library6CVE-2021-40452, CVE-2021-40453, CVE-2021-43214, CVE-2021-43243, CVE-2021-43248, CVE-2021-41360
Visual Studio Code2CVE-2021-43891, CVE-2021-43908
ASP.NET Core & Visual Studio1CVE-2021-43877
Windows SymCrypt1CVE-2021-43228
Microsoft Office Excel1CVE-2021-43256
Windows Event Tracing1CVE-2021-43232
Windows Kernel1CVE-2021-43244
Windows Remote Access Connection Manager2CVE-2021-43223, CVE-2021-43238
Microsoft Office3CVE-2021-43875, CVE-2021-42295, CVE-2021-43905
Microsoft PowerShell1CVE-2021-43896
Apps1CVE-2021-43890
Office Developer Platform1CVE-2021-43255
BizTalk ESB Toolkit1CVE-2021-43892
Microsoft Message Queuing2CVE-2021-43222, CVE-2021-43236
Windows Digital TV Tuner1CVE-2021-43245
Windows TCP/IP1CVE-2021-43247
Windows Update Stack2CVE-2021-43237, CVE-2021-43239
Windows Encrypting File System (EFS)2CVE-2021-43217, CVE-2021-43893
Microsoft Office Access1CVE-2021-42293
Windows Print Spooler Components1CVE-2021-41333
Role: Windows Hyper-V1CVE-2021-43246
Windows Mobile Device Management1CVE-2021-43880
Windows Storage1CVE-2021-43235
Windows Installer1CVE-2021-43883
Internet Storage Name Service1CVE-2021-43215
Role: Windows Fax Service1CVE-2021-43234
Windows NTFS4CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43240

Other Information

There were no new advisories included with the December Security Guidance.

We should, however, reference the log4j vulnerability (CVE-2021-44228) that is getting a lot of attention. CISA has compiled detailed guidance around these vulnerabilities. On Saturday, December 11, Tripwire released ASPL-977 out-of-band for IP360, which included an authenticated test for the vulnerability. The latest information on Tripwire’s products regarding Log4j2 can be found at tripwire.com/log4j.

In ASPL-978, Tripwire will include additional coverage for CVE-2021-44228. This coverage will include tests for vulnerable versions of IBM WebSphere, Apache Tomcat, VMware vCenter, and Elasticsearch. It will also include improvements to our authenticated tests. We are also actively exploring additional detection methods that can be utilized.

[class^="wpforms-"]
[class^="wpforms-"]