fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft November 2021 Patch Tuesday Fixes 6 Zero-days, 55 Flaws

Microsoft November 2021 Patch Tuesday Fixes 6 Zero-days, 55 Flaws

Patch Tuesday

Today is Microsoft’s November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest.

Microsoft has fixed 55 vulnerabilities with today’s update, with six classified as Critical and 49 as Important. The number of each type of vulnerability is listed below:

  • 20 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 15 Remote Code Execution vulnerabilities
  • 10 Information Disclosure vulnerabilities
  • 3 Denial of Service vulnerabilities
  • 4 Spoofing vulnerabilities

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5007186 & KB5007189 cumulative updates and the Windows 11 KB5007215 cumulative update.

Six zero-days fixed, with two actively exploited

November’s Patch Tuesday includes fixes for six zero-day vulnerabilities, two actively exploited against Microsoft Exchange and Microsoft Excel.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited vulnerabilities fixed this month are:

  • CVE-2021-42292 – Microsoft Excel Security Feature Bypass Vulnerability
  • CVE-2021-42321 – Microsoft Exchange Server Remote Code Execution Vulnerability

The Microsoft Exchange CVE-2021-42321 vulnerability is an authenticated remote code execution bug used as part of the Tianfu Cup hacking contest last month.

However, the Microsoft Excel CVE-2021-42292 was discovered by the Microsoft Threat Intelligence Center and has been actively used in malicious attacks.

The security updates for Microsoft Office for Mac have not been released as of yet.

Microsoft also fixed four other publicly disclosed vulnerabilities that are not known to be exploited in attacks.

  • CVE-2021-38631 – Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  • CVE-2021-41371 – Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  • CVE-2021-43208 – 3D Viewer Remote Code Execution Vulnerability
  • CVE-2021-43209 – 3D Viewer Remote Code Execution Vulnerability

Also Read: Management Training PDF for Effective Managers and Leaders

Recent updates from other companies

Other vendors who released updates in November include:

The November 2021 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the November 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: PDPA Laws And Regulations; A Systematic Guidelines In Singapore

TagCVE IDCVE TitleSeverity
3D ViewerCVE-2021-432093D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-432083D Viewer Remote Code Execution VulnerabilityImportant
AzureCVE-2021-41373FSLogix Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42303Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure RTOSCVE-2021-42302Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure RTOSCVE-2021-42301Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42323Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-26444Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42304Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2021-41374Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-41376Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-42300Azure Sphere Tampering VulnerabilityImportant
Azure SphereCVE-2021-41375Azure Sphere Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2021-42316Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based) in IE ModeCVE-2021-41351Microsoft Edge (Chrome based) Spoofing on IE ModeImportant
Microsoft Exchange ServerCVE-2021-42305Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41349Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-42321Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2021-41368Microsoft Access Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40442Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-42292Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2021-42296Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2021-41356Windows Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-42276Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Power BICVE-2021-41372Power BI Report Server Spoofing VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-42284Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-42274Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service VulnerabilityImportant
Visual StudioCVE-2021-3711OpenSSL: CVE-2021-3711 SM2 Decryption Buffer OverflowCritical
Visual StudioCVE-2021-42319Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2021-42322Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42278Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42291Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42287Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42282Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows COMCVE-2021-42275Microsoft COM for Windows Remote Code Execution VulnerabilityImportant
Windows Core ShellCVE-2021-42286Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege VulnerabilityImportant
Windows Cred SSProvider ProtocolCVE-2021-41366Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2021-42298Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows Desktop BridgeCVE-2021-36957Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-42277Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Fastfat DriverCVE-2021-41377Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows Feedback HubCVE-2021-42280Windows Feedback Hub Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2021-42288Windows Hello Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-41379Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-42285Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-42283NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-41370NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-41378Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2021-41367NTFS Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2021-38665Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Windows RDPCVE-2021-38631Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows RDPCVE-2021-38666Remote Desktop Client Remote Code Execution VulnerabilityCritical
Windows RDPCVE-2021-41371Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2021-42279Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Windows Virtual Machine BusCVE-2021-26443Microsoft Virtual Machine Bus (VMBus) Remote Code Execution VulnerabilityCritical

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us