- The December Patch Tuesday Updates are here and with them the promise of improvements to the Windows OS.
- 2021 has been a fruitful year for Microsoft, and the company will surely try to push the envelope even more.
- Patch Tuesday is a monthly event, through which Redmond developers push the latest fixes and improvements.
- We keep you updated every month, so you can actually do a quick recap of what went on throughout the years.
December is now here, and with it comes the last round of Patch Tuesday updates called the December Patch Tuesday updates.
As with all the other Patch Tuesday updates of previous months, these bring a host of changes, fix and improvements to all supported versions of the Windows OS.
What can we expect from this month’s Patch Tuesday?
It’s safe to say that we can expect a similar light set of CVEs addressed this month in the set of Windows 10/11, legacy, and ESU-supported operating systems, as we did the month before.
There were two zero-day and four publicly disclosed vulnerabilities last month, so be on the lookout for any new ones coming out this December.
Some of the most interesting vulnerabilities resolved via the November 2021 release, all deemed as important, are:
- CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). Under active exploit, this vulnerability impacts Microsoft Exchange Server and due to improper validation of cmdlet arguments, can lead to RCE. However, attackers must be authenticated.
- CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). Also detected as exploited in the wild, this vulnerability was found in Microsoft Excel and can be used to circumvent security controls. Microsoft says that the Preview Pane is not an attack vector. No patch is currently available for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021.
- CVE-2021-43209: (CVSS:3.1 7.8 / 6.8). A 3D Viewer vulnerability made public, this bug can be exploited locally to trigger RCE.
- CVE-2021-43208: (CVSS:3.1 7.8 / 6.8). Another known issue, this 3D Viewer security flaw can also be weaponized by a local attacker for code execution purposes.
- CVE-2021-38631: (CVSS:3.0 4.4 / 3.9). Also made public, this security flaw, found in the Windows Remote Desktop Protocol (RDP), can be used for information disclosure.
- CVE-2021-41371: (CVSS:3.1 4.4 / 3.9). Finally, this RDP vulnerability, known before patching was available, can also be exploited locally to force an information leak.
This is a relatively low number of vulnerabilities resolved during the month of November, comparing this release with those of previous years.
The tech giant addressed a large number of CVEs last month and it’s safe to say that we can expect that number to remain high.
And since we already received our first Windows 11 update in October, it will be interesting to see how closely the new one, if there will be any, reflects what is being addressed in Windows 10 as well.
With the last big push before the holidays, we can expect major updates for all the operating systems and applications, including the ESUs.
All in all, there’s no news yet as to what The December Patch Tuesday updates might bring yet until the updates hit live later this day.
This will happen at around 10 AM PST, so make sure you are ready for when the update notifications hit your area.
Keep in mind that the Patch Tuesday updates are extremely important from a security standpoint, so if you aren’t employing the use of a third-party antivirus tool, you might as well update your PC every chance you get as soon as the update becomes available.
What are your expectations for the last round of Patch Tuesday updates of the year? Let us know by leaving us your feedback in the comments section below.
ncG1vNJzZmivmaOxsMPSq5ypp6Kpe6S7zGibnpuVoq%2BmvoywoKecn6zAbn2PZqearJOderXBxKybmrFf