Hello everyone,
November 2021 Patch Tuesday comes with fixes for 55 vulnerabilities, out of which 6 are zero-day vulnerabilities. The details of the zero-day vulnerabilities are as follows:CVE ID | Vulnerability | Publicly Disclosed | Actively Exploited |
CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability | ✗ | ✔ |
CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability | ✗ | ✔ |
CVE-2021-38631 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ✔ | ✗ |
CVE-2021-41371 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ✔ | ✗ |
CVE-2021-43208 | 3D Viewer Remote Code Execution Vulnerability | ✔ | ✗ |
CVE-2021-43209 | 3D Viewer Remote Code Execution Vulnerability | ✔ | ✗ |
For the actively exploited vulnerabilities that were not publicly disclosed, namely CVE-2021-42292 and CVE-2021-42321, the patches to be deployed are as follows. Initiate a sync between the Patch Manager Plus server and the Central Patch Repository and deploy the relevant patches to your target systems.
For CVE-2021-42292Patch ID | Bulletin ID | Patch Description |
32464 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21050) (Online Installer) |
32465 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20600) (Online Installer) |
32463 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Current Channel Version 2110 (Build 14527.20276) (Online Installer) |
32452 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21050) |
32454 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21050) |
32460 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20600) |
32462 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20600) |
32440 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2110 of version(14527.20276) |
32442 | MS18-O365 | Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2110 of version(14527.20276) |
32456 | MS18-O365B | Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21050) |
32458 | MS18-O365B | Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21050) |
32444 | MS18-O365B | Update for Microsoft 365 Apps for Business Current Channel for x64 2110 of version(14527.20276) |
32446 | MS18-O365B | Update for Microsoft 365 Apps for Business Current Channel for x86 2110 of version(14527.20276) |
32450 | MS19-O2019 | Update for Office 2019 for x64 1808 of version(10380.20037) |
32448 | MS19-O2019 | Update for Office 2019 for x86 1808 of version(10380.20037) |
32430 | MS21-NOV7 | Security Update for Microsoft Excel 2013 (KB5002072) 64-Bit Edition (CVE-2021-42292) |
32429 | MS21-NOV7 | Security Update for Microsoft Excel 2013 (KB5002072) 32-Bit Edition (CVE-2021-42292) |
32432 | MS21-NOV7 | Security Update for Microsoft Excel 2016 (KB5002056) 64-Bit Edition (CVE-2021-42292) |
32431 | MS21-NOV7 | Security Update for Microsoft Excel 2016 (KB5002056) 32-Bit Edition (CVE-2021-42292) |
32434 | MS21-NOV7 | Security Update for Microsoft Office 2013 (KB5002035) 64-Bit Edition (CVE-2021-42292) |
32435 | MS21-NOV7 | Security Update for Microsoft Office 2013 (KB5002035) 32-Bit Edition (CVE-2021-42292) |
32466 | MS21-NOV7 | Security Update for Microsoft Office 2016 (KB4486670) 64-Bit Edition |
32436 | MS21-NOV7 | Security Update for Microsoft Office 2016 (KB4486670) 32-Bit Edition (CVE-2021-42292) |
Patch ID | Bulletin ID | Patch Description |
32419 | MS21-NOV8 | Security Update For Exchange Server 2013 CU23 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349) |
32420 | MS21-NOV8 | Security Update For Exchange Server 2016 CU21 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349) |
32421 | MS21-NOV8 | Security Update For Exchange Server 2016 CU22 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349) |
32422 | MS21-NOV8 | Security Update For Exchange Server 2019 CU11 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349) |
32423 | MS21-NOV8 | Security Update For Exchange Server 2019 CU10 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349) |
Cheers,
The ManageEngine Team