Microsoft: This Tuesday (14), Microsoft released its Patch Tuesday for December 2021, fixing a total of 67 flaws in Windows and other Microsoft programs, including six zero-day vulnerabilities.
With the update, Microsoft has fixed seven issues rated as ‘Critical’ and 60 as ‘Important’. The patch even includes fixes for zero-day flaws, which occur when a vulnerability is publicly disclosed before an official fix is available.
Check the amount of vulnerabilities by category, below;
21 Elevation of privilege vulnerabilities;
26 Remote code execution vulnerabilities;
10 information disclosure vulnerabilities;
3 denial of service vulnerabilities;
7 spoofing vulnerabilities.
The Windows AppX Installer zero-day vulnerability has been actively exploited and used in malware distribution campaigns such as Emotet, TrickBot and BazarLoader. In addition to this, five other publicly disclosed vulnerabilities that are not exploited in attacks have been fixed. Check out;
CVE-2021-43240 — NTFS Short Definition Elevation of Privilege Vulnerability;
CVE-2021-41333 — Windows Print Spooler Elevation of Privilege Vulnerability;
CVE-2021-43880 — Elevation of Privilege Vulnerability in Windows Mobile Device Management;
CVE-2021-43883 — Windows Installer Elevation of Privilege Vulnerability;
CVE-2021-43893 — Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability;
You can check the list of updates that fixed the crashes and the full December 2021 Patch Tuesday report on this page. Security enhancements are already being rolled out to company systems. So, just search for updates on Windows 10 or Windows 11 to ensure the patch.