You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Threat Intelligence Alert: Microsoft Disclose Two Zero-days Being Actively Exploited as Part of Novembers Patch Tuesday
Key Details
CVE-2021-42321 and CVE-2021-42292
Disclosure Date – 9th November 2021
CVSS Score – 8.8 and 7.8 respectively
Affected Products – Microsoft Azure, the Chromium-based Edge browser, Microsoft Office, Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.
Exploit Released – Yes
Patch Available
CVE-2021-42321 - Yes
CVE-2021-42292 – Yes (**No patch for MS Office 2019 Mac or MS Office LTSC for Mac 2021**)
Summary
On the 9th of November, Microsoft released patches that addressed 55 security flaws in various Microsoft products: critical vulnerabilities, remote code execution flaws, information leaks and privilege escalation bugs. CVE-2021-42321 and CVE-2021-42292 are reportedly being exploited in the wild:
CVE-2021-42321 is a remote code execution flaw that affects Microsoft Exchange servers. RCE is achieved via the exploitation of improper cmdlet argument validation, but the threat actor must first be authenticated. Remote code execution vulnerabilities can allow threat actors to elevate privileges, read data, and install malware on a compromised system.
CVE-2021-42292 is a defence evasion vulnerability that is present in Microsoft Excel and can be exploited to bypass security controls. Note that there is not yet a patch for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021.
Mitigation
The Threat Intelligence Team recommend that our customers install the recent security updates that were released by Microsoft on Patch Tuesday. Details of the patch can be found here: https://msrc.microsoft.com/update-guide/en-us.
NCC Group Actions
The NCC Group Threat Intelligence team have added these CVE’s to MISP and is actively monitoring for further reports relating to this CVE.