Service Notices

All Notices > Security Notices > Microsoft Releases December 2021 Security Updates

Microsoft Releases December 2021 Security Updates

Dec 17, 2021 GMT+08:00

I. Overview

Microsoft has released its December 2021 Security Updates. A total of 67 security vulnerabilities have been disclosed, among which 7 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The following software is affected: Microsoft Windows, Microsoft Office, Microsoft Visual Studio Code and Microsoft Defender for IoT.

For details, visit Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec

The following vulnerabilities have been exploited by attackers:

Windows App X Installer Spoofing Vulnerability (CVE-2021-43890): An attacker could craft a malicious attachment to be used in phishing campaigns, then convince the user to open the specially crafted attachment. The POC of this vulnerability has been disclosed. It is a high-risk vulnerability and has been exploited in the wild.

Windows Installer Elevation of Privilege Vulnerability (CVE-2021-43883): Details of the vulnerability have been disclosed.

Windows Mobile Device Management Elevation of Privilege Vulnerability (CVE-2021-43880): Details of the vulnerability have been disclosed.

Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2021-41333): Details of the vulnerability have been disclosed.

Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Visual Studio Code, Microsoft Defender for IoT.

IV. Vulnerability Details

CVE ID

Vulnerability Name

Severity

Affected Product

CVE-2021-43905

Microsoft Office app Remote Code Execution Vulnerability

Important

Office app

CVE-2021-43899

Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

Important

Microsoft 4K Wireless Display Adapter

CVE-2021-42310

Microsoft Defender for IoT Remote Code Execution Vulnerability

Important

Microsoft Defender for IoT

CVE-2021-43233

Remote Desktop Client Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008R/2012/2012R/2016/2019/2022, Windows Server, version 20H2/2004

CVE-2021-43217

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server, version 20H2/2004

CVE-2021-43215

iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008R/2012/2012R/2016/2019, Windows Server, version 20H2/2004

CVE-2021-43907

Visual Studio Code WSL Extension Remote Code Execution Vulnerability

Important

Visual Studio Code WSL Extension

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.