{"id":25855,"date":"2021-11-10T17:00:04","date_gmt":"2021-11-10T17:00:04","guid":{"rendered":"https:\/\/www.n-able.com\/?p=25855"},"modified":"2022-06-10T18:04:11","modified_gmt":"2022-06-10T17:04:11","slug":"november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize","title":{"rendered":"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize"},"content":{"rendered":"<p class=\"p3\">It\u2019s a welcome sign to see the total number of vulnerabilities being addressed this month by Microsoft continue last month\u2019s downward trend, offering lighter workloads for those tasked with ensuring endpoints and servers are in compliance. Unfortunately, six of the 55 security vulnerabilities this month are zero-days and should receive priority attention.<\/p>\n<p class=\"p3\">First, let\u2019s take a moment to appreciate what tools, such as <a href=\"https:\/\/www.n-able.com\/features\/windows-patch-management?promo=blog\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">patch management<\/span><\/a> from N&#8209;able<sup>\u2122<\/sup> or WSUS from Microsoft, have done to streamline and automate the workflows around handling system updates. A centrally manageable patching solution offers a significant force multiplier, allowing a single engineer to discover, schedule, deploy, and audit patching on thousands of systems with only the investment of a few hours every month.<\/p>\n<h2 class=\"p4\">Microsoft vulnerabilities<\/h2>\n<p class=\"p3\">Including Microsoft Edge vulnerabilities (typically patched prior to Patch Tuesdays), we have 56 in total for November. Six of them are zero-days, with two of those under active exploitation. Down significantly from last month, where only three vulnerabilities were listed as <i>Exploitation More Likely<\/i>\u2014but those should be on everyone\u2019s prioritization list as well.<span class=\"Apple-converted-space\">\u00a0 \u00a0<\/span><\/p>\n<p class=\"p3\">The first zero-day under active attack is <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-42292\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-42292<\/span><\/a>, a Microsoft Excel vulnerability. It is a security bypass vulnerability that allows loading of malicious code just by opening a payload-laden Excel file. Due to the ability for this malicious code to be additionally obfuscated by an attacker, this threat will likely be moderately effective at evading traditional AV solutions that can\u2019t detect fileless attacks.<\/p>\n<p class=\"p3\">The second zero-day under active attack is <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-42321\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-42321<\/span><\/a>, a Microsoft Exchange Server Remote Code Execution critical vulnerability. While this isn\u2019t in the same league as Exchange vulnerabilities from earlier in the year\u2014it requires an attacker to already be authenticated to the system\u2014it should still be a prioritization for anyone managing Microsoft Exchange Servers. If you want a deeper explanation on this vulnerability, Microsoft\u2019s Exchange Team has a great write-up <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-november-2021-exchange-server-security-updates\/ba-p\/2933169\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">here<\/span><\/a>.<\/p>\n<p class=\"p3\">Other Microsoft vulnerabilities of note this month are <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-38631\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-38631<\/span><\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-38631\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-41371<\/span><\/a><span class=\"s1\">,<\/span> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-38666\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-38666<\/span><\/a>. All are related to Remote Desktop Protocol, which is a common target for threat actors. Despite only one being marked as <i>Critical<\/i> and <i>Exploitation More Likely, <\/i>they should all be high priority this month because they are zero-days related to a common threat actor target.<\/p>\n<h2 class=\"p4\">Vulnerability prioritization<\/h2>\n<p class=\"p3\">The table below lists Critical, <i>Exploitation More Likely,<\/i> or <i>Exploitation Detected <\/i>vulnerabilities. This is to highlight how some might have their patching deferred due to a false sense of importance based on a severity rating. Vulnerabilities marked <i>Exploitation More Likely <\/i>are just as important to address, and quickly, due to their increased likelihood to cause impacts to an environment.<\/p>\n<table class=\"t1\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p5\"><strong>CVE<\/strong><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p5\"><strong>Description<\/strong><\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\"><strong>Exploitability<\/strong><\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\"><strong>Severity<\/strong><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p7\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-42316\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">CVE-2021-42316<\/span><\/a><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p6\">Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation Less Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p7\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-3711\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">CVE-2021-3711<\/span><\/a><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p6\">OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation Less Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p7\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-42298\" target=\"_blank\" rel=\"noopener\"><br \/>\n<span class=\"s2\">CVE-2021-42298<\/span><\/a><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p8\">Microsoft Defender Remote Code Execution Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation More Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p7\"><span class=\"s2\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-38666\" target=\"_blank\" rel=\"noopener\">CVE-2021-38666<\/a><\/span><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p8\">Remote Desktop Client Remote Code Execution Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation More Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p9\"><span class=\"s2\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-42279\" target=\"_blank\" rel=\"noopener\">CVE-021-42279<\/a><\/span><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p8\">Chakra Scripting Engine Memory Corruption Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation Less Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p9\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-26443\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">CVE-2021-26443<\/span><\/a><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p8\">Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation Less Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p10\"><span class=\"s2\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-42321%22%20%5Co%20%22Open%20%5C%22https:\/\/msrc.microsoft.com\/\/update-guide\/vulnerability\/CVE-2021-42321\" target=\"_blank\" rel=\"noopener\">CVE-2021-42321<\/a><\/span><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p6\">Microsoft Exchange Server Remote Code Execution Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation Detected<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p10\"><span class=\"s2\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-42292%22%20%5Co%20%22Open%20%5C%22https:\/\/msrc.microsoft.com\/\/update-guide\/vulnerability\/CVE-2021-42292\" target=\"_blank\" rel=\"noopener\">CVE-2021-42292<\/a><\/span><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p6\">Microsoft Excel Security Feature Bypass Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation Detected<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Critical<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td class=\"td1\" valign=\"top\">\n<p class=\"p12\"><span class=\"s2\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-41356%22%20%5Co%20%22Open%20%5C%22https:\/\/msrc.microsoft.com\/\/update-guide\/vulnerability\/CVE-2021-41356\" target=\"_blank\" rel=\"noopener\">CVE-2021-41356<\/a><\/span><\/p>\n<\/td>\n<td class=\"td2\" valign=\"top\">\n<p class=\"p14\">Windows Denial of Service Vulnerability<\/p>\n<\/td>\n<td class=\"td3\" valign=\"top\">\n<p class=\"p6\">Exploitation More Likely<\/p>\n<\/td>\n<td class=\"td4\" valign=\"top\">\n<p class=\"p6\">Important<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 class=\"p4\">Cumulative updates<\/h2>\n<p class=\"p3\">KB5007186 and KB5007189 cumulative updates were released with typical previous security fixes included for Windows 10 versions 21H1, 20H2, and 2004. Windows 10 versions 1809 saw KB5007206 released, containing security fixes and addressed some known issues. As of print, no remarkable bug fixes aside from addressing issues with lock screen backgrounds appearing black when slideshow is used for it.<\/p>\n<h2 class=\"p4\">End of Service for Windows 10 2004<\/h2>\n<p class=\"p3\">Joining previous Windows builds that hit EoS this year, Windows 10 2004 will no longer receive security updates after December 14, 2021. That\u2019s only three months to plan for transition to newer builds. If you don\u2019t already have plans in motion, then today is the day to start.<\/p>\n<h2 class=\"p4\">Apple<\/h2>\n<p class=\"p3\">Apple released <a href=\"https:\/\/support.apple.com\/en-us\/HT212875\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">Safari 15.1<\/span><\/a> in late October to address several vulnerabilities. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-30889\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-30889<\/span><\/a> is marked as High severity and could allow arbitrary code execution from maliciously crafted web content. See Apple\u2019s <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">security updates<\/span><\/a> for information about recent vulnerability fixes.<\/p>\n<h2 class=\"p4\">Cisco<\/h2>\n<p class=\"p3\">We don\u2019t usually talk about firmware vulnerabilities, but this month is a first. Cisco released security updates to address critical unauthenticated user vulnerabilities involving hard-coded credentials on Catalyst PON Switches or default SSH keys in Cisco Policy Suite. See <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-catpon-multivulns-CE3DSYGr\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-34795<\/span><\/a> and <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cps-static-key-JmS92hNv\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">CVE-2021-40119<\/span><\/a> for information on remediation of these vulnerabilities from Cisco.<\/p>\n<h2 class=\"p4\">Summary<\/h2>\n<p class=\"p3\">As always, make sure you have established patching processes for evaluation, testing, and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity, now is the time to start including prioritization of patches for Zero-Days, <i>Exploitation Detected,<\/i> and <i>Exploitation More Likely<\/i> vulnerabilities in your <a href=\"https:\/\/www.n-able.com\/features\/windows-patch-management?promo=blog\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\">patch management<\/span><\/a> routines.<\/p>\n<p class=\"p15\"><i>Lewis Pope is the Head Security Nerd at N&#8209;able. You can follow him on:<\/i><\/p>\n<p class=\"p16\"><span class=\"s6\"><i>Twitter:\u00a0<\/i><a href=\"https:\/\/twitter.com\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s7\"><i>@cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p16\"><span class=\"s6\"><i>LinkedIn:\u00a0<\/i><a href=\"https:\/\/www.linkedin.com\/in\/thesecuritypope\" target=\"_blank\" rel=\"noopener\"><span class=\"s7\"><i>thesecuritypope<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p17\"><span class=\"s6\"><i>Twitch:\u00a0<\/i><a href=\"https:\/\/www.twitch.tv\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s1\"><i>cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While November\u2019s Patch Tuesday continues the downward trend of vulnerabilities for Microsoft, it does include six zero-days, which should get priority attention.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-25855","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>November 2021 Patch Tuesday: two actively exploited zero-days to prioritize - N-able<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize - N-able\" \/>\n<meta property=\"og:description\" content=\"While November\u2019s Patch Tuesday continues the downward trend of vulnerabilities for Microsoft, it does include six zero-days, which should get priority attention.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-10T17:00:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-10T17:04:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"720\" \/>\n\t<meta property=\"og:image:height\" content=\"356\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize\",\"datePublished\":\"2021-11-10T17:00:04+00:00\",\"dateModified\":\"2022-06-10T17:04:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\"},\"wordCount\":843,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Head Nerds\",\"Patch Management\",\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\",\"name\":\"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2021-11-10T17:00:04+00:00\",\"dateModified\":\"2022-06-10T17:04:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize - N-able","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize","og_locale":"de_DE","og_type":"article","og_title":"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize - N-able","og_description":"While November\u2019s Patch Tuesday continues the downward trend of vulnerabilities for Microsoft, it does include six zero-days, which should get priority attention.","og_url":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2021-11-10T17:00:04+00:00","article_modified_time":"2022-06-10T17:04:11+00:00","og_image":[{"width":720,"height":356,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg","type":"image\/jpeg"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"Lewis Pope","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize","datePublished":"2021-11-10T17:00:04+00:00","dateModified":"2022-06-10T17:04:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize"},"wordCount":843,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Head Nerds","Patch Management","Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize","url":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize","name":"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2021-11-10T17:00:04+00:00","dateModified":"2022-06-10T17:04:11+00:00","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/november-2021-patch-tuesday-two-actively-exploited-zero-days-to-prioritize#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/de\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"November 2021 Patch Tuesday: two actively exploited zero-days to prioritize"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/25855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=25855"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/25855\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=25855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}