6 Zero-days fixed in November 2021 Patch Tuesday

6 Zero-days fixed in November 2021 Patch Tuesday

Hello everyone,

November 2021 Patch Tuesday comes with fixes for 55 vulnerabilities, out of which 6 are zero-day vulnerabilities. The details of the zero-day vulnerabilities are as follows:

 CVE ID Vulnerability Publicly Disclosed Actively Exploited
 CVE-2021-42292Microsoft Excel Security Feature Bypass Vulnerability
 CVE-2021-42321Microsoft Exchange Server Remote Code Execution Vulnerability
 CVE-2021-38631Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
 CVE-2021-41371Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
 CVE-2021-432083D Viewer Remote Code Execution Vulnerability
 CVE-2021-432093D Viewer Remote Code Execution Vulnerability

For the actively exploited vulnerabilities that were not publicly disclosed, namely CVE-2021-42292 and CVE-2021-42321, the patches to be deployed are as follows. Initiate a sync between the Patch Manager Plus server and the Central Patch Repository and deploy the relevant patches to your target systems.

For CVE-2021-42292

Patch IDBulletin IDPatch Description
 32464 MS18-O365Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21050) (Online Installer)
 32465 MS18-O365Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20600) (Online Installer)
 32463 MS18-O365Update for Microsoft 365 Apps for Enterprise Current Channel Version 2110 (Build 14527.20276) (Online Installer)
 32452 MS18-O365Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21050)
 32454 MS18-O365Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21050)
 32460 MS18-O365Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20600)
 32462 MS18-O365Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20600)
 32440 MS18-O365Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2110 of version(14527.20276)
 32442 MS18-O365Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2110 of version(14527.20276)
 32456 MS18-O365BUpdate for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21050)
 32458 MS18-O365BUpdate for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21050)
 32444 MS18-O365BUpdate for Microsoft 365 Apps for Business Current Channel for x64 2110 of version(14527.20276)
 32446 MS18-O365BUpdate for Microsoft 365 Apps for Business Current Channel for x86 2110 of version(14527.20276)
 32450 MS19-O2019Update for Office 2019 for x64 1808 of version(10380.20037)
 32448 MS19-O2019Update for Office 2019 for x86 1808 of version(10380.20037)
 32430 MS21-NOV7Security Update for Microsoft Excel 2013 (KB5002072) 64-Bit Edition (CVE-2021-42292)
 32429 MS21-NOV7Security Update for Microsoft Excel 2013 (KB5002072) 32-Bit Edition (CVE-2021-42292)
 32432 MS21-NOV7Security Update for Microsoft Excel 2016 (KB5002056) 64-Bit Edition (CVE-2021-42292)
 32431 MS21-NOV7Security Update for Microsoft Excel 2016 (KB5002056) 32-Bit Edition (CVE-2021-42292)
 32434 MS21-NOV7Security Update for Microsoft Office 2013 (KB5002035) 64-Bit Edition (CVE-2021-42292)
 32435 MS21-NOV7Security Update for Microsoft Office 2013 (KB5002035) 32-Bit Edition (CVE-2021-42292)
 32466 MS21-NOV7Security Update for Microsoft Office 2016 (KB4486670) 64-Bit Edition
 32436 MS21-NOV7Security Update for Microsoft Office 2016 (KB4486670) 32-Bit Edition (CVE-2021-42292)

For CVE-2021-42321

 Patch ID Bulletin ID Patch Description
 32419 MS21-NOV8Security Update For Exchange Server 2013 CU23 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32420 MS21-NOV8Security Update For Exchange Server 2016 CU21 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32421 MS21-NOV8Security Update For Exchange Server 2016 CU22 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32422 MS21-NOV8Security Update For Exchange Server 2019 CU11 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)
 32423 MS21-NOV8Security Update For Exchange Server 2019 CU10 (KB5007409) (CVE-2021-42321)(CVE-2021-42305)(CVE-2021-41349)

Cheers,

The ManageEngine Team