Patch Tuesday December 2021 – Apache Log4j Panic and Microsoft Plugs Windows AppX Installer Zero Day

Patch Tuesday December 2021 Apache Log4j Windows AppX Installer Zero Day

This month, a flaw in the Apache Log4j library causes panic, Microsoft patches 67 new CVEs, 7 of which are rated Critical. And Adobe delivers a boat load of patches to finish off the year in style. So, let’s get started!

Apache Log4j remote code execution vulnerability

Let’s start this month by talking about Log4Shell (Log4j), a vulnerability in a Java logging library called Apache Log4j. A vulnerability was recently discovered that could allow remote code execution on applications and servers that use the library. An attacker could compromise a device by sending a specially crafted string to the affected server or application. The main issue with this flaw is that Log4j is widely used and could affect literally hundreds of thousands of servers and applications.

Because of the sheer number of applications and servers that might be affected, whether it be an Apache webserver or game like Minecraft, even if you are a Microsoft shop, there’s a chance that you will be impacted by this vulnerability. The bug is already being exploited in the wild, so you’ll need to check your servers and apps, find out if the vendors have shipped patches, and then update accordingly.

Trend Micro has released a useful tool that allows you to scan your environment for systems affected by the Apache Log4j vulnerability.

Windows and Windows Server

Microsoft released fixes for 67 CVEs in various products this month. There were also 16 CVEs patched in Microsoft Edge at the beginning of December. There are 7 critical patches and 60 are labelled Important. One of the bugs is actively being exploited. A spoofing bug in the Windows AppX Installer, it can be used to remotely run code in the context of the logged in user. It’s being actively used in the Emotet family of malware.

A remote code execution vulnerability Internet Storage Name Service (iSNS) server can be used by an attacker using a specially crafted request. The iSNS protocol is used by Windows to discover and manage iSCSI disk devices on storage networks (SAN).

A remote code execution bug in the Microsoft 4K Wireless Display Adapter gets patched this month. The attacker would have to be on the same network as the display adapter to leverage this flaw. The bug is difficult to patch because admins will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store on a system connected to a physical Microsoft 4K Wireless Display Adapter. Once connected and setup, the app can be used to download the updated firmware to the adapter.

Microsoft SharePoint Server

A bug in Microsoft SharePoint Server could let an attacker elevate privileges and run code in the context of the service account. For this to work, an attacker would require Manage Lists rights on a SharePoint site. If successful, an attacker could run arbitrary server-side web controls. Any user setting up a new SharePoint site gets Manage Lists rights.

Microsoft Office

A bug in the Microsoft Office app could let an attacker run code remotely on an affected system. The Microsoft Office app should be automatically updated on endpoints via the Microsoft Store, providing you haven’t disabled automatic app updates.

Here is a complete list of patched Microsoft vulnerabilities released 14th December 2021:

Table 1 – December 14th, 2021, Patch Tuesday patched vulnerabilities

Product Impact Severity Article Details
Microsoft Edge (Chromium-based) Release Notes CVE-2021-4102
Microsoft Edge (Chromium-based) Release Notes CVE-2021-4101
Microsoft Edge (Chromium-based) Release Notes CVE-2021-4100
Microsoft Edge (Chromium-based) Release Notes CVE-2021-4099
Microsoft Edge (Chromium-based) Release Notes CVE-2021-4098
Microsoft BizTalk ESB Toolkit 2.3 Spoofing Important 5009301 CVE-2021-43892
Visual Studio Code Spoofing Important Release Notes CVE-2021-43908
Office app Remote Code Execution Critical Release Notes CVE-2021-43905
Microsoft 4K Wireless Display Adapter Remote Code Execution Critical Description CVE-2021-43899
PowerShell 7.2 Spoofing Important Release Notes CVE-2021-43896
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43893
ASP.NET Core 6.0 Elevation of Privilege Important Release Notes CVE-2021-43877
Visual Studio Code Remote Code Execution Important Release Notes CVE-2021-43891
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-43889
Microsoft Defender for IoT Information Disclosure Important Release Notes CVE-2021-43888
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43883
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-41365
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-42315
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-42314
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-42313
Microsoft Defender for IoT Elevation of Privilege Important Release Notes CVE-2021-42312
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-42311
Microsoft Defender for IoT Remote Code Execution Critical Release Notes CVE-2021-42310
Microsoft Defender for IoT Remote Code Execution Important Release Notes CVE-2021-43882
Windows 11 for ARM64-based Systems Elevation of Privilege Important 5008215 CVE-2021-43880
Microsoft Office LTSC 2021 for 32-bit editions Remote Code Execution Important Click to Run CVE-2021-43875
Microsoft Office Web Apps Server 2013 Service Pack 1 Remote Code Execution Important 5002103 CVE-2021-43256
Microsoft Office 2013 Service Pack 1 (64-bit editions) Spoofing Important 5002101 CVE-2021-43255
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43248
Windows 10 Version 21H2 for x64-based Systems Elevation of Privilege Important 5008212 CVE-2021-43247
Windows 10 Version 21H2 for x64-based Systems Denial of Service Important 5008212 CVE-2021-43246
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43245
Windows 10 Version 21H2 for x64-based Systems Information Disclosure Important 5008212 CVE-2021-43244
VP9 Video Extensions Information Disclosure Important CVE-2021-43243
Windows 10 Version 21H2 for x64-based Systems Elevation of Privilege Important 5008212 CVE-2021-43240
Windows 10 Version 21H2 for x64-based Systems Elevation of Privilege Important 5008212 CVE-2021-43239
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43238
Windows 10 Version 21H2 for x64-based Systems Elevation of Privilege Important 5008212 CVE-2021-43237
Windows Server 2012 R2 (Server Core installation) Information Disclosure Important 5008263 CVE-2021-43236
Windows Server 2016  (Server Core installation) Information Disclosure Important 5008207 CVE-2021-43235
Windows Server 2012 R2 (Server Core installation) Remote Code Execution Important 5008263 CVE-2021-43234
Windows Server 2012 R2 (Server Core installation) Remote Code Execution Critical 5008263 CVE-2021-43233
Windows Server 2012 R2 (Server Core installation) Remote Code Execution Important 5008263 CVE-2021-43232
Windows Server 2016  (Server Core installation) Elevation of Privilege Important 5008207 CVE-2021-43231
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43230
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43229
Windows 10 Version 21H2 for x64-based Systems Denial of Service Important 5008212 CVE-2021-43228
Windows Server 2016  (Server Core installation) Information Disclosure Important 5008207 CVE-2021-43227
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43226
Bot Framework SDK for .NET Framework Remote Code Execution Important Advisory CVE-2021-43225
Windows Server 2012 R2 (Server Core installation) Information Disclosure Important 5008263 CVE-2021-43224
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43223
Windows Server 2012 R2 (Server Core installation) Information Disclosure Important 5008263 CVE-2021-43222
Windows Server 2012 R2 (Server Core installation) Remote Code Execution Critical 5008263 CVE-2021-43217
Windows Server 2012 R2 (Server Core installation) Information Disclosure Important 5008263 CVE-2021-43216
Windows Server 2012 R2 (Server Core installation) Remote Code Execution Critical 5008263 CVE-2021-43215
Raw Image Extension Remote Code Execution Important CVE-2021-43214
Microsoft SharePoint Server Subscription Edition Spoofing Important 5002045 CVE-2021-42320
Microsoft Office 2013 Service Pack 1 (64-bit editions) Information Disclosure Important 4486726 CVE-2021-42295
Microsoft Office 2013 Service Pack 1 (64-bit editions) Elevation of Privilege Important 5002104 CVE-2021-42293
HEVC Video Extensions Remote Code Execution Important CVE-2021-41360
App Installer Spoofing Important Release Notes CVE-2021-43890
Microsoft SharePoint Foundation 2013 Service Pack 1 Remote Code Execution Important 5002071 CVE-2021-42294
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-41333
HEVC Video Extensions Remote Code Execution Important CVE-2021-40453
HEVC Video Extensions Remote Code Execution Important CVE-2021-40452
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-40441
Visual Studio Code WSL Extension Remote Code Execution Critical Release Notes CVE-2021-43907
Microsoft SharePoint Foundation 2013 Service Pack 1 Spoofing Important 5002071 CVE-2021-43242
Microsoft SharePoint Foundation 2013 Service Pack 1 Remote Code Execution Important 5002071 CVE-2021-42309
Windows Server 2012 R2 (Server Core installation) Elevation of Privilege Important 5008263 CVE-2021-43207
Windows 10 Version 21H2 for x64-based Systems Denial of Service Important 5008212 CVE-2021-43219

 

Adobe Software

Adobe has released 11 patches this month to plug flaws identified in 60 CVEs, including Adobe Audition, Lightroom, Media Encoder, Premiere Pro, Prelude, Dimension, After Effects, Photoshop, Connect, Experience Manager, and Premiere Rush. None of the updates are actively being used by attackers.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

Best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes an problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.

But that is it for another month and happy patching!