Head Nerds
Patch-Management
Sicherheit

December 2021 Patch Tuesday: 76 vulnerabilities and 5 zero days to round out the year

Happy holidays! Congratulations on making it through another year of keeping your systems patched and environments secure. The final Patch Tuesday of 2021 brings us a year-end gift of patches for 72 new vulnerabilities with 4 old vulnerabilities receiving updated patches, for a total of 76. There are also 5 zero days, with one actively exploited Windows AppX Installer spoofing vulnerability in Emotet and Trickbot campaigns—which should be high on priorities lists.

The big story is the Log4Shell CVE-2021-44228 vulnerability. N‑able RMM and N‑central have been cleared as either not using the vulnerable Log4J Java library or have had the vulnerability mitigated where Log4J is used. For more information on the N‑able response to Log4Shell, please check our updated statement here. The silver lining is that the Log4J library typically exists in server-side applications, so efforts can focus on those systems first. For additional information and guidance on Log4Shell, check these Microsoft and CISA resources.

Microsoft vulnerabilities

Microsoft released fixes for 59 vulnerabilities marked as Important and eight as Critical. It’s going to be a busy month for teams responsible for patching, with nine of those marked as exploitation more likely. Your teams may need additional bandwidth to deal with these vulnerabilities this month.

While it might be overshadowed by Log4Shell, the Windows AppX Installer vulnerability CVE-2021-43890 should also be one of your top priorities. It is a zero day under active exploit, and it requires end-user interaction. However, threat actors leveraging the vulnerability to deliver malware like Emotet and Trickbot are proficient at exploiting end users. Informing end users about this spoofing attack and how to avoid it might be warranted if fixes cannot be immediately applied to environments. See Microsoft’s mitigation and workaround information here.

Related Product

N‑sight RMM

Legen Sie im Nu los – mit RMM speziell für kleinere MSPs und IT-Abteilungen.

Vulnerability prioritization

As always, it is important to not just prioritize vulnerabilities based on their severity but also on how likely they are to be exploited. Addressing vulnerabilities marked as exploitation more likely is as important—some might say even more so—due to their increased likelihood to actually affect an environment. These 10 CVEs from Microsoft should be top of the list, because they are all marked as Exploitation More Likely or Exploitation Detected.

Cumulative updates

Nothing out of the ordinary for cumulative updates this month. KB5008212 and KB5008206 were released for Windows 10 Version 2004, 20H2, 21H1, and 21H2. These include security improvements and bug fixes.

Related Product

N‑central

Verwalten Sie große Netzwerke oder skalieren Sie den IT-Betrieb – mit RMM speziell für Serviceanbieter auf Wachstumskurs.

End of service for Windows 10 2004

Windows 10 Version 2004 receives its last security update this month, as it has hit EOS. It’s a good time to audit for this older build of Windows 10 in your environments and plan upgrades accordingly.

Apple

If you are supporting Apple devices, make sure to review Apple’s security updates.

Cisco

Cisco published advisories this month concerning Log4Shell along with security updates. If you have Cisco equipment in your stack, you should review security updates.

VMWare

If you support VMWare, check out their advisory about impacts of Log4j and the affected products.

Summary

As always, make sure you have established patching processes for evaluation, testing, and pushing into production. If you have traditionally dealt only with patches by applying them based on their severity, now is the time to start including prioritization of patches for zero-day, exploitation detected, and exploitation more likely vulnerabilities in your Patch Management routines.

 

Lewis Pope is the head security nerd at N‑able. You can follow him on:

Twitter: @cybersec_nerd

LinkedIn: thesecuritypope

Twitch: cybersec_nerd

© N‑able Solutions ULC und N‑able Technologies Ltd. Alle Rechte vorbehalten.

Dieses Dokument dient nur zu Informationszwecken und stellt keine Rechtsberatung dar. N‑able übernimmt weder ausdrücklich noch stillschweigend Gewähr noch Haftung oder Verantwortung für Korrektheit, Vollständigkeit oder Nutzen der in diesem Dokument enthaltenen Informationen.

N-ABLE, N-CENTRAL und andere Marken und Logos von N‑able sind ausschließlich Eigentum von N‑able Solutions ULC und N‑able Technologies Ltd. Sie sind gesetzlich geschützte Marken und möglicherweise beim Patent- und Markenamt der USA und in anderen Ländern registriert oder zur Registrierung angemeldet. Alle anderen hier genannten Marken dienen ausschließlich zu Informationszwecken und sind Marken (oder registrierte Marken) der entsprechenden Unternehmen.