The Security Engineer’s Most-Used Tool (Excel) has a Zero-Day
Welcome to November 2021. This month brings us 55 new security issues to patch for Microsoft and related software, chief among which is a zero-day bug for Microsoft Excel. CVE-2021-42292 is a “security feature bypass’ issue that can be triggered by users opening a malicious Excel file. Worse yet, the vulnerability has been reported for both Windows and Mac operating systems. However only a patch for Windows has been released at this time of writing.
A second critical bug is also already being actively exploited in the wild. It is for none other than Microsoft Exchange Server. Much like Microsoft Print Services, Exchange has become a punching bag for attackers as of late. Fortunately, CVE-2021-42321 is not nearly as damaging as the earlier threats posed to Exchange this year. It involves improper validation of cmdlet arguments and can lead to Remote Code Execution (RCE), but it also requires prior authentication by the bad actor. Regardless, it is still a software vulnerability that needs to be patched ASAP.
Other patches for this month include two RCE vulnerabilities for Microsoft’s Remote Desktop Protocol (RDP). CVE-2021-38631 and CVE-2021-41371 affect Windows 7 through Windows 11 systems and Windows Server 2008-2019 systems. It can allow an attacker to read the RDP password for the vulnerable system.
As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Users can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.
If you have additional questions, please contact firstname.lastname@example.org.