Tripwire’s Repair Priority Index (PPI) from November 2021 combines important vulnerabilities for open source and Microsoft software components.
First on the priority list of fixes this month are patches for open management infrastructure (CVE-2021-38648, CVE-2021-38647), Eclipse Jetty (CVE-2021-28164) and ExifTool (CVE-2021-22204). Exploitation of these vulnerabilities was recently added to the Metasploit Exploit Framework. These systems should be repaired as soon as possible.
The following is a patch for Microsoft Edge (Chrome-based) and Windows Scripting that resolves counterfeit and memory corruption vulnerabilities.
The following are fixes for Microsoft Office Access and Excel. These fixes fix 3 issues, including remote code execution and security feature bypass vulnerabilities.
The following are patches that affect components of Windows operating systems. These fixes address more than 20 vulnerabilities, including elevating privileges, revealing information, bypassing security features, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect Windows Core, FAT file system driver, kernel, desktop bridge, COM, NTFS, diagnostic hub, and others.
Finally, administrators should focus on server-side fixes for Microsoft Active Directory, Hyper-V, Dynamics, Power BI, and Exchange. These fixes fix many issues including forgery, raising permissions, remote code execution and denial of service vulnerabilities.
bulletin | CVE |
Exploit Framework – Metasploit | CVE-2021-38648, CVE-2021-38647, CVE-2021-28164, CVE-2021-22204 |
Microsoft Edge (Chrome based) in IE mode | CVE-2021-41351 |
Windows Scripting | CVE-2021-42279 |
Microsoft Office Access | CVE-2021-41368 |
Microsoft Office Excel | CVE-2021-40442, CVE-2021-42292 |
Microsoft Windows | CVE-2021-41356, CVE-2021-41377, CVE-2021-26443, CVE-2021-41379, CVE-2021-42276, CVE-2021-41366, CVE-2021-422661, CVE-422661, CVE-422661, 2021-38665, CVE-2021-41371, CVE-2021-38631, CVE-2021-36957, CVE-2021-42280, CVE-2021-42288, CVE-2021-422202, CVE-12202, CVE-1 41370, CVE -2021-41367, CVE-2021-42283, CVE-2021-41378, CVE-2021-42277 |
Windows Active Directory | CVE-2021-42278, CVE-2021-42282, CVE-2021-42287, CVE-2021-42291 |
Microsoft Dynamics | CVE-2021-42316 |
Power BI | CVE-2021-41372 |
Microsoft Exchange Server | CVE-2021-42321, CVE-2021-41349, CVE-2021-42305 |
Role: Windows Hyper-V | CVE-2021-42284, CVE-2021-42274 |