Tripwire's December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft.
First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability. There are many attack vectors via various software applications due to Log4j2's widespread usage in various products. Refer to https://logging.apache.org/log4j/2.x/security.html for more details.
Next on the list are patches for Microsoft MSHTML (CVE-2021-40444) and the Linux Kernel in Ubuntu (CVE-2021-3493). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Up next are patches for Microsoft Edge that resolve over 20 vulnerabilities such as user after free, type confusion, heap buffer overflow, and data validation vulnerabilities.
Next are patches for Microsoft Office Access, Excel, Office Developer Platform, and Visual Basic for Applications. These patches resolve 4 issues, including remote code execution, information disclosure, and elevation of privilege vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 30 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, kernel, NTFS, TCP/IP driver, common log file system driver, media center, lsasrv, fax service, message queuing, and others.
Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, Internet Storage Name Service, and BizTalk ESB Toolkit. These patches resolve numerous issues including spoofing, remote code execution, and denial of service vulnerabilities.
| BULLETIN | CVE |
| Apache Log4j2 LogShell Remote Code Execution Vulnerability | CVE-2021-44228, CVE-2021-45046 |
| Exploit Framework - Metasploit | CVE-2021-40444, CVE-2021-3493 |
| Microsoft Edge | CVE-2021-4053, CVE-2021-4052, CVE-2021-4064, CVE-2021-4065, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE-2021-4059, CVE-2021-4058, CVE-2021-4068, CVE-2021-4061, CVE-2021-4067, CVE-2021-4066, CVE-2021-4062, CVE-2021-4063, CVE-2021-4101, CVE-2021-4100, CVE-2021-4102, CVE-2021-4099, CVE-2021-4098 |
| Microsoft Office Excel | CVE-2021-43256 |
| Visual Basic for Applications | CVE-2021-42295 |
| Microsoft Office Access | CVE-2021-42293 |
| Office Developer Platform | CVE-2021-43255 |
| Microsoft Windows | CVE-2021-40441, CVE-2021-43216, CVE-2021-43883, CVE-2021-43207, CVE-2021-43226, CVE-2021-43224, CVE-2021-43227, CVE-2021-43219, CVE-2021-43248, CVE-2021-43228, CVE-2021-43232, CVE-2021-43244, CVE-2021-43223, CVE-2021-43238, CVE-2021-43893, CVE-2021-43217, CVE-2021-43245, CVE-2021-43247, CVE-2021-43239, CVE-2021-43237, CVE-2021-43236, CVE-2021-43222, CVE-2021-41333, CVE-2021-43235, CVE-2021-43233, CVE-2021-43234, CVE-2021-43240, CVE-2021-43231, CVE-2021-43230, CVE-2021-43229 |
| Microsoft Office SharePoint | CVE-2021-42309, CVE-2021-42294, CVE-2021-42320, CVE-2021-43242 |
| Role: Windows Hyper-V | CVE-2021-43246 |
| Internet Storage Name Service | CVE-2021-43215 |
| Microsoft BizTalk ESB Toolkit | CVE-2021-43892 |
