Patch Tuesday December 2021 – Microsoft Fixes 67 Flaws, Including 6 Zero-Day Vulnerabilities

December’s Patch Tuesday comes with numerous security fixes and improvements, including two actively exploited zero-day vulnerabilities. The list features spoofing, denial of service, remote code execution, elevation of privilege, and information disclosure vulnerabilities. Additionally, Microsoft identified and addressed six zero-day vulnerabilities, along with the Windows AppX Installer flaw. On the vendor side, a fix became available for the Apache Log4Shell vulnerability, a severe flaw that affects LDAP, Java-running servers.

Patch Tuesday December Highlights

The Patch Tuesday 2021 roundup features 67 fixes for issues with severity scores ranging from Important to Critical. To mention a few, Microsoft pushes out fixes for the Bot Framework SDK RCE Vulnerability, SharePoint Server Spoofing Vulnerability, PowerShell Spoofing Vulnerability, Hyper-V Denial of Service flaw, Visual Code Studio WSL Extension RCE flaw, DirectX Graphics Kernel File DoS vulnerability, SymCrypt DoS Vulnerability, etc.

Naturally, the ‘weight’ of December’s Patch Tuesday was Microsoft’s resolution for the above-mentioned zero-day vulnerabilities. More specifically, CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege), CVE-2021-41333 (Windows Print Spooler Elevation of Privilege), CVE-2021-43880 (Windows Mobile Device Management Elevation Privilege of Privilege), CVE-2021-43883 (Windows Installer Elevation of Privilege), CVE-2021-43893 (Windows Encrypting Files System Elevation of Privilege), and, of course, the actively exploited CVE-2021-43890 (Windows AppX Installer

Read More: https://heimdalsecurity.com/blog/patch-tuesday-december-2021/