Skip to content ↓ | Skip to navigation ↓

Tripwire’s November 2021 Patch Priority Index (PPI) brings together important vulnerabilities for open-source software components and Microsoft.

First on the patch priority list this month are patches for Open Management Infrastructure (CVE-2021-38648, CVE-2021-38647), Eclipse Jetty (CVE-2021-28164), and ExifTool (CVE-2021-22204). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.

Up next is a patch for Microsoft Edge (Chromium-based) and Windows Scripting that resolves spoofing and memory corruption vulnerabilities.

Next are patches for Microsoft Office Access and Excel. These patches resolve 3 issues, including remote code execution and security feature bypass vulnerabilities.

Next are patches that affect components of the Windows operating systems. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Fast FAT file system driver, kernel, desktop bridge, COM, NTFS, diagnostics hub and others.

Lastly, administrators should focus on server-side patches for Microsoft Active Directory, Hyper-V, Dynamics, Power BI and Exchange. These patches resolve numerous issues including spoofing, elevation of privilege, remote code execution, and denial of service vulnerabilities.

BULLETINCVE
Exploit Framework – MetasploitCVE-2021-38648, CVE-2021-38647, CVE-2021-28164, CVE-2021-22204
Microsoft Edge (Chromium-based) in IE ModeCVE-2021-41351
Windows ScriptingCVE-2021-42279
Microsoft Office AccessCVE-2021-41368
Microsoft Office ExcelCVE-2021-40442, CVE-2021-42292
Microsoft WindowsCVE-2021-41356, CVE-2021-41377, CVE-2021-26443, CVE-2021-41379, CVE-2021-42276, CVE-2021-41366, CVE-2021-42285, CVE-2021-38666, CVE-2021-38665, CVE-2021-41371, CVE-2021-38631, CVE-2021-36957, CVE-2021-42280, CVE-2021-42288, CVE-2021-42275, CVE-2021-42286, CVE-2021-41370, CVE-2021-41367, CVE-2021-42283, CVE-2021-41378, CVE-2021-42277
Windows Active DirectoryCVE-2021-42278, CVE-2021-42282, CVE-2021-42287, CVE-2021-42291
Microsoft DynamicsCVE-2021-42316
Power BICVE-2021-41372
Microsoft Exchange ServerCVE-2021-42321, CVE-2021-41349, CVE-2021-42305
Role: Windows Hyper-VCVE-2021-42284, CVE-2021-42274