Video: Could criminalizing ransomware payments put a stop to the current crime wave?
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and CVE-2021-42292, a Microsoft Excel security feature bypass bug.
CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let (cmdlet) arguments.
“In order to exploit this flaw, an attacker would need to be authenticated, which limits some of the impact. Microsoft says they are aware of ‘limited targeted attacks’ using this vulnerability in the wild,” says Satnam Narang, staff research engineer at Tenable.
In a blog post published by the Exchange Team, the company recommended that the provided updates for Microsoft Exchange be installed immediately. They delineated two possible update paths, and shared a PowerShell query that security teams can use to check to see if an exploit was attempted on their servers.
The in-the-wild exploitation of CVE-2021-42292, the Microsoft Excel security feature bypass zero-day, was apparently discovered by Microsoft’s Security Threat Intelligence Center (MSTIC).
“This patch fixes a bug that could allow code execution when opening a specially crafted file with an affected version of Excel. This is likely due to loading code that should be behind a prompt, but for whatever reason, that prompt does not appear, thus bypassing that security feature,” noted Dustin Childs, with Trend Micro’s Zero Day Initiative.
“It’s unclear if it’s a malicious macro or some other form of code loading within a spreadsheet, but I would be reluctant to open any unexpected attachments for a while. This is especially true for users of Office for Mac because there currently is no patch available for Mac users.”
Other vulnerabilities worth singling out include: