December 15, 2021
Wait, there’s something ELSE we have to worry about besides #Log4shell? Not to be outdone, Microsoft brings us 83 new vulnerabilities to patch, 7 of which are critical including one bug that’s been seen exploited in the wild. In other words, be nice to your infrastructure and security teams.
Classified by Microsoft as a zero-day, the exploited vulnerability for this month is CVE-2021-43890, which affects the Windows AppX installer. The attackers use a phishing technique called “spoofing” whereby specially crafted installer packages designed to look like legitimate software are sent to the would-be victims. The victim is tricked into running the executable, and inadvertently installs malware on their machine. The malware observed in the wild belongs to the Emotet/Trickbot/BazaLoader family which has been around in various guises since 2014. This is worrisome, as this particular malware is known for its ability to evade Intrusion Detection Systems (IDS) by modifying itself over time. One thing to note, the malware takes advantage of the privilege level of the victim, meaning users with administrative privileges on their machines will likely suffer more damage than those with fewer user rights.
Another vulnerability affecting installer packages (this time for Windows itself) is CVE-2021-43883. This is an elevation of privilege vulnerability that affects both server and desktop versions of Windows. There are several elevation of privilege fixes in this release including Windows Encrypting File System (CVE-2021-43893), NTFS Set Short Name (CVE-2021-43240), Windows Mobile Device Management (CVE-2021-43880), and never one to be left out of any patch release, Windows Print Spooler (CVE-2021-41333).
One other CVE to note is CVE-2021-43215, a remote code execution (RCE) flaw in the Internet Storage Naming Service (ISNS). ISNS is a client-server protocol that allows clients to query a ISNS database. ISNS isn’t deployed by default, but those that have it will want to patch ASAP.
In other news, Adobe released over 60 patches that span across its suite of software. Google also issued a fix for 5 vulnerabilities in it’s Chrome browser, including 1 critical (CVE-2021-4102). This is a “use-after-free” bug that has been seen exploited in the wild. For chrome users, watch for the “Update” button to appear in the upper right corner of the browser. Installation will require a quick restart of Chrome, so make sure you set the browser to remember your open tabs.
As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Users can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.
If you have additional questions, please contact support@balbix.com.