place-project.org
  • Home
  • Privacy Policy
  • Contact Us
  • Guest Post – Write For Us
  • Sitemap
place-project.org

The zero-day vulnerability used to spread Emotet malware has been fixed

  • James Gussie
  • December 14, 2021
Total
0
Shares
0
0
0

The zero-day vulnerability that allowed the Emotet malware to spread so aggressively has been fixed. This will allow Microsoft and other anti-virus software providers to track down infected computers, while also preventing a new wave of infections in the future.

The “cve-2021-40444 exploit” is a zero-day vulnerability that was used to spread the Emotet malware. The vulnerability has been fixed by Microsoft in the latest update of Windows 10.

The-Settings-app-crashes-in-Windows-11-Quick-Workaround

Madalina has been a Windows user since she initially installed Windows XP on her computer. She is fascinated by all things technological, particularly new technologies such as artificial intelligence and DNA computing.

14th of December, 2021

Originally published in December 2018

The-zero-day-vulnerability-used-to-spread-Emotet-malware-has-been

Yes, it’s that time of the month again, and there’s a lot to consider in terms of software release now that the December 2021 Patch Tuesday updates are out.

Microsoft has issued a total of 67 software security solutions, including seven serious problems and a zero-day bug that is being actively exploited by unscrupulous third parties.

Microsoft has addressed several critical issues in this month’s patch, which is normally released on the second Tuesday of each month.

Remote code execution (RCE) problems, privilege escalation security flaws, spoofing bugs, and denial-of-service faults are among them.

Another noteworthy feature of this month’s distribution is that Windows 10 version 2004 has hit end-of-life status and will no longer get security updates.

Microsoft also had a lot of work to do in December.

Office, PowerShell, the Chromium-based Edge browser, the Windows Kernel, Print Spooler, and Remote Desktop Client are among the programs targeted by Microsoft’s December security update. 

There are a total of six zero-day vulnerabilities fixed in this release, albeit only one is known to be actively exploited in the wild, as follows:

CVE Title Severity CVSS Public Exploited Type
CVE-2021-43890 Vulnerability in the Windows AppX Installer Important 7.1 Yes Yes Spoofing
CVE-2021-43240 Elevation of Privilege Vulnerability in NTFS Set Short Name Important 7.8 Yes No EoP
CVE-2021-43893 Elevation of Privilege Vulnerability in Windows Encrypting File System (EFS) Important 7.5 Yes No EoP
CVE-2021-43883 Elevation of Privilege Vulnerability in Windows Installer Important 7.1 Yes No EoP
CVE-2021-43880 Vulnerability in Windows Mobile Device Management Privilege Escalation Important 5.5 Yes No EoP
CVE-2021-41333 Elevation of Privilege Vulnerability in Windows Print Spooler Important 7.8 Yes No EoP
CVE-2021-43215 Remote Code Execution Vulnerability in the iSNS Server Critical 9.8 No No RCE
CVE-2021-43899 Remote Code Execution Vulnerability in Microsoft’s 4K Wireless Display Adapter Critical 9.8 No No RCE
CVE-2021-42310 Remote Code Execution Vulnerability in Microsoft Defender for IoT Critical 8.1 No No RCE
CVE-2021-43905 Remote Code Execution Vulnerability in Microsoft Office Critical 9.6 No No RCE
CVE-2021-43233 Remote Code Execution Vulnerability in the Remote Desktop Client Critical 7 No No RCE
CVE-2021-43907 Remote Code Execution Vulnerability in the Visual Studio Code WSL Extension Critical 9.8 No No RCE
CVE-2021-43217 Remote Code Execution Vulnerability in Windows Encrypting File System (EFS) Critical 8.1 No No RCE
CVE-2021-43877 Elevation of Privilege Vulnerability in ASP.NET Core and Visual Studio Important 7.8 No No EoP
CVE-2021-43225 Vulnerability in the Bot Framework SDK for Remote Code Execution Important 7.5 No No RCE
CVE-2021-43219 Vulnerability in the DirectX Graphics Kernel File Denial of Service Important 7.4 No No DoS
CVE-2021-40452 Video Extensions for HEVC Vulnerability to Remote Code Execution Important 7.8 No No RCE
CVE-2021-40453 Video Extensions for HEVC Vulnerability to Remote Code Execution Important 7.8 No No RCE
CVE-2021-41360 Video Extensions for HEVC Vulnerability to Remote Code Execution Important 7.8 No No RCE
CVE-2021-43892 Spoofing Vulnerability in Microsoft BizTalk ESB Toolkit Important 7.1 No No Spoofing
CVE-2021-42312 Microsoft Defender for IoT Vulnerability in Privilege Escalation Important 7.8 No No EoP
CVE-2021-43888 Information Disclosure Vulnerability in IoT Microsoft Defender Important 7.5 No No Info
CVE-2021-41365 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 8.8 No No RCE
CVE-2021-42311 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 8.8 No No RCE
CVE-2021-42313 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 8.8 No No RCE
CVE-2021-42314 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 8.8 No No RCE
CVE-2021-42315 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 8.8 No No RCE
CVE-2021-43882 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 9 No No RCE
CVE-2021-43889 Remote Code Execution Vulnerability in Microsoft Defender for IoT Important 7.2 No No RCE
CVE-2021-43256 Vulnerability in Microsoft Excel for Remote Code Execution Important 7.8 No No RCE
CVE-2021-42293 Elevation of Privilege Vulnerability in Microsoft Jet Red Database Engine and Access Connectivity Engine Important 6.5 No No EoP
CVE-2021-43216 Information Disclosure Vulnerability in Microsoft’s Local Security Authority Server (lsasrv) Important 6.5 No No Info
CVE-2021-43222 Vulnerability in Microsoft Message Queuing Information Disclosure Important 7.5 No No Info
CVE-2021-43236 Vulnerability in Microsoft Message Queuing Information Disclosure Important 7.5 No No Info
CVE-2021-43875 Remote Code Execution Vulnerability in Microsoft Office Graphics Important 7.8 No No RCE
CVE-2021-43255 Spoofing Vulnerability in Microsoft Office Trust Center Important 5.5 No No Spoofing
CVE-2021-43896 Vulnerability in Microsoft PowerShell Important 5.5 No No Spoofing
CVE-2021-42294 Remote Code Execution Vulnerability in Microsoft SharePoint Server Important 7.2 No No RCE
CVE-2021-42309 Remote Code Execution Vulnerability in Microsoft SharePoint Server Important 8.8 No No RCE
CVE-2021-42320 Spoofing Vulnerability in Microsoft SharePoint Server Important 8 No No Spoofing
CVE-2021-43242 Spoofing Vulnerability in Microsoft SharePoint Server Important 7.6 No No Spoofing
CVE-2021-43227 Vulnerability in the Storage Spaces Controller Information Disclosure Important 5.5 No No Info
CVE-2021-43235 Vulnerability in the Storage Spaces Controller Information Disclosure Important 5.5 No No Info
CVE-2021-43228 Denial of Service Vulnerability in SymCrypt Important 7.5 No No DoS
CVE-2021-42295 Applications written in Visual Basic Vulnerability to Information Disclosure Important 5.5 No No Info
CVE-2021-43891 Remote Code Execution Vulnerability in Visual Studio Code Important 7.8 No No RCE
CVE-2021-43908 Vulnerability in Visual Studio Code Spoofing Important N/A No No Spoofing
CVE-2021-43243 Video Extensions for VP9 Vulnerability to Information Disclosure Important 5.5 No No Info
CVE-2021-43214 Remote Code Execution Vulnerability in Web Media Extensions Important 7.8 No No RCE
CVE-2021-43207 Elevation of Privilege Vulnerability in the Windows Common Log File System Driver Important 7.8 No No EoP
CVE-2021-43226 Elevation of Privilege Vulnerability in the Windows Common Log File System Driver Important 7.8 No No EoP
CVE-2021-43224 Vulnerability in the Windows Common Log File System Driver Information Disclosure Important 5.5 No No Info
CVE-2021-43248 Elevation of Privilege Vulnerability in Windows Digital Media Receiver Important 7.8 No No EoP
CVE-2021-43245 Elevation of Privilege Vulnerability in Windows Digital TV Tuner Important 7.8 No No EoP
CVE-2021-43232 Remote Code Execution Vulnerability in Windows Event Tracing Important 7.8 No No RCE
CVE-2021-43234 Vulnerability in the Windows Fax Service that allows remote code execution Important 7.8 No No RCE
CVE-2021-43246 Denial of Service Vulnerability in Windows Hyper-V Important 5.6 No No DoS
CVE-2021-43244 Vulnerability in the Windows Kernel Information Disclosure Important 6.5 No No Info
CVE-2021-40441 Elevation of Privilege Vulnerability in Windows Media Center Important 7.8 No No EoP
CVE-2021-43229 Elevation of Privilege Vulnerability in Windows NTFS Important 7.8 No No EoP
CVE-2021-43230 Elevation of Privilege Vulnerability in Windows NTFS Important 7.8 No No EoP
CVE-2021-43231 Elevation of Privilege Vulnerability in Windows NTFS Important 7.8 No No EoP
CVE-2021-43239 Vulnerability in the Windows Recovery Environment Agent’s Privilege Escalation Important 7.1 No No EoP
CVE-2021-43223 Elevation of Privilege Vulnerability in Windows Remote Access Connection Manager Important 7.8 No No EoP
CVE-2021-43238 Vulnerability in Windows Remote Access Privilege Escalation Important 7.8 No No EoP
CVE-2021-43237 Elevation of Privilege Vulnerability in Windows Setup Important 7.8 No No EoP
CVE-2021-43247 Elevation of Privilege Vulnerability in the Windows TCP/IP Driver Important 7.8 No No EoP
* CVE-2021-4052 CVE-2021-4052 CVE-2021-4052 CVE CVE-2021-4052 CVE-2021-4052 CVE-2021-4052 CVE-2021-4052 CVE-20 In web applications, use after for free. High N/A No No RCE
* CVE-2021-4053 CVE-2021-4053 CVE-2021-4053 CVE CVE-2021-4053 is a chromium vulnerability. In the UI, use after free. High N/A No No RCE
* CVE-2021-4054 CVE-2021-4054 CVE-2021-4054 CVE CVE-2021-4054 is a chromium vulnerability. In autofill, the security UI is incorrect. High N/A No No RCE
* CVE-2021-4055 CVE-2021-4055 CVE-2021-4055 CVE CVE-2021-4055 is a chromium vulnerability. Extensions with a heap buffer overflow High N/A No No RCE
* CVE-2021-4056 CVE-2021-4056 CVE-2021-4056 CVE CVE-2021-4056: Type Confusion in the Loader in Chromium High N/A No No RCE
* CVE-2021-4057 CVE-2021-4057 CVE-2021-4057 CVE CVE-2021-4057 is a chromium vulnerability. In the file API, use after free. High N/A No No RCE
* CVE-2021-4058 CVE-2021-4058 CVE-2021-4058 CVE CVE-2021-4058 Heap buffer overflow in ANGLE in Chromium High N/A No No RCE
* CVE-2021-4059 CVE-2021-4059 CVE-2021-4059 CVE CVE-2021-4059 CVE-2021-4059 CVE-2021-4059 CVE-2021-4059 CVE-20 Inadequate data validation in the loader High N/A No No RCE
CVE-2021-4061 CVE-2021-4061 CVE-2021-4061 CVE-20 CVE-2021-4061 Type Confusion in V8 Chromium High N/A No No RCE
* CVE-2021-4062 CVE-2021-4062 CVE-2021-4062 CVE CVE-2021-4062 CVE-2021-4062 CVE-2021-4062 CVE-2021-4062 CVE-20 In BFCache, there is a heap buffer overflow. High N/A No No RCE
* CVE-2021-4063 CVE-2021-4063 CVE-2021-4063 CVE CVE-2021-4063 is a chromium vulnerability. After that, you may use the development tools for free. High N/A No No RCE
* CVE-2021-4064 CVE-2021-4064 CVE-2021-4064 CVE CVE-2021-4064 is a vulnerability in chromium. In screen capture, use after free. High N/A No No RCE
* CVE-2021-4065 CVE-2021-4065 CVE-2021-4065 CVE CVE-2021-4065 CVE-2021-4065 CVE-2021-4065 CVE-2021-4065 CVE-20 In autofill, use after free. High N/A No No RCE
* CVE-2021-4066 CVE-2021-4066 CVE-2021-4066 CVE CVE-2021-4066 Integer underflow in ANGLE in Chromium High N/A No No RCE
CVE-2021-4067 CVE-2021-4067 CVE-2021-4067 CVE-20 CVE-2021-4067 chromium In the window manager, use after free. High N/A No No RCE
* CVE-2021-4068 CVE-2021-4068 CVE-2021-4068 CVE CVE-2021-4068 chromium In the new tab page, there is insufficient validation of untrusted input. Low N/A No No Spoofing

Microsoft has corrected a total of 887 CVE-assigned vulnerabilities this year, which, although high, is a 29 percent drop from 2020. (not including Chromium-based Edge). 

One of the most significant achievements is that this patch corrects a Windows-related problem in the AppX installation.

The weakness has been spotted in malware from the Emotet/Trickbot/Bazaloader family, according to Redmond authorities, and an attacker would need to create a malicious file to employ in phishing attacks.

Because code execution seems to occur at the level of the logged-on user, attackers are likely to combine this with another flaw to gain control of a machine.

Another flaw in the Internet Storage Name Service (iSNS) server has been fixed, which might enable remote code execution if an attacker submits a specially crafted request to an affected server.

To refresh your memory, iSNS is an automated discovery and administration protocol for iSCSI devices on a TCP/IP storage network.

So, if your company has a SAN, you either have an iSNS server or you setup each of the logical interfaces separately.

This is one of three CVSS 9.8 problems that have been resolved in the last month. Prioritize testing and deployment of this patch if you have a SAN. 

Remember that Microsoft isn’t the only firm that publishes updates and repair patches around this time of the month, so look into:

What are your views on the new release this month? Please let us know what you think in the comments area below.

Was this page of assistance to you?

Thank you very much!

There are insufficient details It’s difficult to comprehend Other Speak with a Professional

Start a discussion.

Watch This Video-

The “microsoft patch tuesday october 2021” is a zero-day vulnerability used to spread the Emotet malware. Microsoft has released patches for Windows and MacOS, which will fix the issue.

Related Tags

  • microsoft zero-day exploit
  • microsoft zero-day vulnerability 2021
  • patch tuesday september 2021 issues
  • mshtml zero-day
  • zero-day patch september 2021
Total
0
Shares
Share 0
Tweet 0
Pin it 0
James Gussie

Previous Article

Read Only Memories: NEURODIVER New Trailer Released

  • James Gussie
  • December 14, 2021
View Post
Next Article

Zoom is unable to detect a camera in Windows 11 & 10

  • James Gussie
  • December 15, 2021
View Post
Featured
  • 1
    Save space on apple watch
    • June 8, 2022
  • 2
    Essay On Laughter Is The Best Medicine For Class 4 Students – Read Here
    • December 25, 2021
  • 3
    Essay on Raksha Bandhan For Students in Easy Words – Read Here
    • December 24, 2021
  • 4
    Microsoft Store gives gamers more control over installed games
    • December 24, 2021
  • 5
    10 Ways to Improve your Google Meet Meeting Experience
    • December 23, 2021
Must Read
  • 1
    Phantasy Star Online 2 New Genesis unveils Retem region, promises more frequent content updates
  • 2
    How to Find Codename of Intel Processors in Windows 10/11 in 2 Ways
  • 3
    Download Gnula for PC Windows 10,8,7
place-project.org
  • Home
  • Privacy Policy
  • Contact Us
  • Guest Post – Write For Us
  • Sitemap
Stay Updated Always.

Input your search keywords and press Enter.