Microsoft has addressed several fixes for zero-day flaws and other vulnerabilities on Tuesday, Dec. 14 for its last round of patches before the year ends.
The tech giant indicated that it has solved issues regarding software problems involved in spoofing bugs, Remote Code Execution (RCE) vulnerabilities, denial-of-service (DoS) attacks, and more.
Additionally, the Redmond firm listed that the products that underwent patching include Microsoft PowerShell, Microsoft Office, Windows Kernel, Remote Desktop Client, Print Pooler, and the Chromium Edge browser.
Microsoft Security Update December 2021
According to a report by ZDNet on Wednesday, Dec. 15, the tech titan has targeted six (6) zero-day vulnerabilities in its latest patch. Before patching these CVEs, the company patched 16 Edge browser CVEs a few weeks ago.
CVE-2021-43890
This zero-day vulnerability primarily targets packages that could potentially become outlets for Bazaloader malware (including Trickbot and Emotet). The Windows AppX Installer Spoofing indicated that its severity rating for this CVE is 7.1.
CVE-2021-41333
Microsoft concluded that this CVE has a low complexity on attacking systems, but the public should still be careful about this exploitation. The Windows Print Spooler Elevation of Privilege vulnerability is rated at a 7.8 score.
CVE-2021-43880
This vulnerability is known to let hackers remove select files on a particular system, particularly those that are easy to invade. The company described this flaw as Windows Mobile Device Management Elevation of Privilege (EoP) vulnerability.
CVE-2021-43893
This Windows Encrypting File System (EFS) EoP) was first observed by Google Project Zero's James Forshaw. He reported this vulnerability as CVSS 7.5.
CVE-2021-43240
According to the Redmond giant, this public flaw yields a 7.8 CVSS score. It was named as NTFS Set Short Name elevation of privilege bug which makes use of an exploit code to infect a system.
CVE-2021-4388
The Windows Staller is seen to be the most affected of this zero-day. Aside from compromising unprotected systems, it could allow unauthorized access to the systems. It has a CVSS score of 7.8.
Related Article: Windows Users Beware: Update Stops Microsoft Defender for Endpoint to Start for SOME
887 Patched CVE Vulnerabilities
Per Zero Day Initiative (ZDI), Microsoft has released patches for 887 CVE-related flaws so far. According to the team, there was a 29% drop in the vulnerabilities this 2021 compared to last year although the numbers still appear to be high.
Last November, Tech Times reported that zero-day vulnerabilities could emerge once again after Microsoft failed to patch them. At that time, many Windows users are at a high risk of having their systems compromised by remote hackers.
In the same month, the company resolved 15 remote code execution problems and zero-day attacks. In general, Microsoft managed to address 55 bugs for the November patch alone.
Before this event, the firm saw 71 vulnerabilities that still involve zero-day exploits. Moreover, the tech giant still believes that many of them remain unpatched at the moment.
Recently, cybersecurity experts said that addressing the controversial Log4shell exploit could take many months or years. The report suggested that it will continue to haunt internet users for a long time.
This article is owned by Tech Times
Written by Joseph Henry