{"id":26935,"date":"2021-12-16T10:21:57","date_gmt":"2021-12-16T10:21:57","guid":{"rendered":"https:\/\/www.n-able.com\/?p=26935"},"modified":"2022-06-10T18:03:38","modified_gmt":"2022-06-10T17:03:38","slug":"december-2021-patch-tuesday","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/pt-br\/blog\/december-2021-patch-tuesday","title":{"rendered":"December 2021 Patch Tuesday: 76 vulnerabilities and 5 zero days to round out the year"},"content":{"rendered":"

Happy holidays! Congratulations on making it through another year of keeping your systems patched and environments secure. The final Patch Tuesday of 2021 brings us a year-end gift of patches for 72 new vulnerabilities with 4 old vulnerabilities receiving updated patches, for a total of 76. There are also 5 zero days, with one actively exploited Windows AppX Installer spoofing vulnerability in Emotet and Trickbot campaigns\u2014which should be high on priorities lists.<\/p>\n

The big story is the Log4Shell CVE-2021-44228<\/span><\/a> vulnerability. N‑able RMM and N‑central have been cleared as either not using the vulnerable Log4J Java library or have had the vulnerability mitigated where Log4J is used. For more information on the N‑able response to Log4Shell, please check our updated statement here<\/span><\/a>. The silver lining is that the Log4J library typically exists in server-side applications, so efforts can focus on those systems first. For additional information and guidance on Log4Shell, check these Microsoft<\/span><\/a> and CISA<\/span><\/a> resources.<\/p>\n

Microsoft vulnerabilities<\/h2>\n

Microsoft released fixes for 59 vulnerabilities marked as Important and eight as Critical. It\u2019s going to be a busy month for teams responsible for patching, with nine of those marked as exploitation more likely. Your teams may need additional bandwidth to deal with these vulnerabilities this month.<\/p>\n

While it might be overshadowed by Log4Shell, the Windows AppX Installer vulnerability CVE-2021-43890<\/span><\/a> should also be one of your top priorities. It is a zero day under active exploit, and it requires end-user interaction. However, threat actors leveraging the vulnerability to deliver malware like Emotet and Trickbot are proficient at exploiting end users. Informing end users about this spoofing attack and how to avoid it might be warranted if fixes cannot be immediately applied to environments. See Microsoft\u2019s mitigation and workaround information here<\/span><\/a>.<\/p>\n

Vulnerability prioritization<\/h2>\n

As always, it is important to not just prioritize vulnerabilities based on their severity but also on how likely they are to be exploited. Addressing vulnerabilities marked as exploitation more likely is as important\u2014some might say even more so\u2014due to their increased likelihood to actually affect an environment. These 10 CVEs from Microsoft should be top of the list, because they are all marked as Exploitation More Likely or Exploitation Detected.<\/p>\n