6 Zero-days fixed in November 2021 Patch Tuesday

6 Zero-days fixed in November 2021 Patch Tuesday

Hello everyone,

November 2021 Patch Tuesday comes with fixes for 55 vulnerabilities, out of which 6 are zero-day vulnerabilities. The details of the zero-day vulnerabilities are as follows:

 CVE ID
 Vulnerability
 Publicly Disclosed
 Actively Exploited
 CVE-2021-42292
Microsoft Excel Security Feature Bypass Vulnerability
 CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability
 CVE-2021-38631
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
 CVE-2021-41371
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
 CVE-2021-43208
3D Viewer Remote Code Execution Vulnerability
 CVE-2021-43209
3D Viewer Remote Code Execution Vulnerability

For the actively exploited vulnerabilities that were not publicly disclosed, namely CVE-2021-42292 and CVE-2021-42321, the patches to be deployed are as follows. Initiate a sync between the Desktop Central server and the Central Patch Repository and deploy the relevant patches to your target systems.

For CVE-2021-42292

Patch ID
Bulletin ID
Patch Description
 32464
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21050) (Online Installer)
 32465
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20600) (Online Installer)
 32463
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Current Channel Version 2110 (Build 14527.20276) (Online Installer)
 32452
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21050)
 32454
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21050)
 32460
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20600)
 32462
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20600)
 32440
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2110 of version(14527.20276)
 32442
 MS18-O365
Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2110 of version(14527.20276)
 32456
 MS18-O365B
Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21050)
 32458
 MS18-O365B
Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21050)
 32444
 MS18-O365B
Update for Microsoft 365 Apps for Business Current Channel for x64 2110 of version(14527.20276)
 32446
 MS18-O365B
Update for Microsoft 365 Apps for Business Current Channel for x86 2110 of version(14527.20276)
 32450
 MS19-O2019
Update for Office 2019 for x64 1808 of version(10380.20037)
 32448
 MS19-O2019
Update for Office 2019 for x86 1808 of version(10380.20037)
 32430
 MS21-NOV7
Security Update for Microsoft Excel 2013 (KB5002072) 64-Bit Edition (CVE-2021-42292)
 32429
 MS21-NOV7
Security Update for Microsoft Excel 2013 (KB5002072) 32-Bit Edition (CVE-2021-42292)
 32432
 MS21-NOV7
Security Update for Microsoft Excel 2016 (KB5002056) 64-Bit Edition (CVE-2021-42292)
 32431
 MS21-NOV7
Security Update for Microsoft Excel 2016 (KB5002056) 32-Bit Edition (CVE-2021-42292)
 32434
 MS21-NOV7
Security Update for Microsoft Office 2013 (KB5002035) 64-Bit Edition (CVE-2021-42292)
 32435
 MS21-NOV7
Security Update for Microsoft Office 2013 (KB5002035) 32-Bit Edition (CVE-2021-42292)
 32466
 MS21-NOV7
Security Update for Microsoft Office 2016 (KB4486670) 64-Bit Edition
 32436
 MS21-NOV7
Security Update for Microsoft Office 2016 (KB4486670) 32-Bit Edition (CVE-2021-42292)

For CVE-2021-42321

 Patch ID
 Bulletin ID
 Patch Description
 32419
 MS21-NOV8
Security Update For Exchange Server 2013 CU23 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32420
 MS21-NOV8
Security Update For Exchange Server 2016 CU21 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32421
 MS21-NOV8
Security Update For Exchange Server 2016 CU22 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32422
 MS21-NOV8
Security Update For Exchange Server 2019 CU11 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32423
 MS21-NOV8
Security Update For Exchange Server 2019 CU10 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)

Cheers,

The ManageEngine Team