2021 November Patch Tuesday

Patch Tuesday Webinar
Wednesday, November 10, 2021
Hosted by Chris Goettl and Todd Schell

Agenda
November 2021 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2021 Ivanti. All rights reserved.
November Patch Tuesday 2021
November Patch Tuesday feels light, but there are a couple of chilling vulnerabilities to resolve. Microsoft
has resolved a total of 55 vulnerabilities (CVE’s), six of which are rated as Critical. The updates include the
normal lineup of Windows OS, Office, Azure, and some dev tools like Visual Studio. There are two Zero
Day vulnerabilities in Microsoft Exchange (CVE-2021-42321) and Excel (CVE-2021-42292) which need
attention. Along with the two Zero Day vulnerabilities there are also four publicly disclosed vulnerabilities.
From a risk perspective let’s start with the most severe, the two zero days. DHS CISA has also released
BOD 22-01 which outlines 287 vulnerabilities, many over a year old, that are still commonly exploited by
threat actors. Perform an evaluation to see if you have some low hanging fruit to pluck from the reach of
threat actors.

In the News
 Pwn2Own Austin Event Occurred on Nov 1-4
 Successful attacks on Routers, Printers and NAS, and Cell Phones
 https://www.zerodayinitiative.com/blog/2021/11/1/pwn2ownaustin
 Binding Operational Directive 22-01
 Reducing the Significant Risk of Known Exploited Vulnerabilities
 https://cyber.dhs.gov/bod/22-01/
 Total of 287 CVEs are released in the alert
 32 of them are trending in the last 30 days where attackers are focused
on targeting and advancing their tactics
 53 CVEs are actively used by Ransomware groups
 54 CVEs are used by Malware authors
 87 CVEs are capable of a Remote Code Execution
 166 CVEs are Weaponized

What Risk Based Vulnerability Management Looks Like:

Exploited Vulnerabilities
 CVE-2021-42292 Microsoft Excel Security Feature Bypass Vulnerability
 CVSS 3.1 Scores: 7.8 / 7.0
 Severity: Important
 Impacts Excel in standalone, Office, 365 Apps, etc, on both Windows and macOS
 CVE-2021-42321 Microsoft Exchange Server Remote Code Execution
Vulnerability
 CVSS 3.1 Scores: 8.8 / 7.7
 Impacts Exchange Server 2016 Cumulative Updates 21 and 22, and Exchange Server
2019 Cumulative Updates 10 and 11

Publicly Disclosed Vulnerabilities
 CVE-2021-38631 Windows Remote Desktop Protocol (RDP)
Information Disclosure Vulnerability
 CVSS 3.0 Scores: 4.4 / 3.9
 Impacts all Workstation and Server versions from Server 2008 through Windows 11
 CVE-2021-41371 Windows Remote Desktop Protocol (RDP)
Information Disclosure Vulnerability
 CVSS 3.1 Scores: 4.4 / 3.9
 Impacts all Workstation and Server versions from Server 2008 through Windows 11

Publicly Disclosed Vulnerabilities (cont)
 CVE-2021-43208 3D Viewer Remote Code Execution Vulnerability
 CVSS 3.1 Scores: 7.8 / 6.8
 Impacts the 3D Viewer application
 CVE-2021-43209 3D Viewer Remote Code Execution Vulnerability
Vulnerability
 CVSS 3.1 Scores: 7.8 / 6.8
 Impacts the 3D Viewer application

Microsoft Patch Tuesday Updates of Interest
 No Servicing Stack Updates (SSUs) this month
 Development Tool and Other Updates
 Azure FSLogix
 Azure RTOS
 Azure Sphere
 Visual Studio Code
 Visual Studio 2015 Update 3
 Visual Studio 2017 version 15.9
 Visual Studio 2019 versions 16.7 through 16.11

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
2004 5/27/2020 12/14/2021
1909 11/12/2019 5/10/2022
Windows 10 Pro and Pro Workstation
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
Windows Datacenter and Standard Server
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
Windows 11 Home and Pro
21H2 10/4/2021 10/10/2023
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

MS21-11-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium
 Description: This bulletin references KB 5007215.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure
 Fixes 22 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and
CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the
complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: None reported

MS21-11-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2,
21H1, Server 2016, Server 2019, Server 2022, Server version 1909, Server version
2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium
 Description: This bulletin references 6 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege and Information Disclosure
 Known Issues: See next slides

November Known Issues for Windows 10
 KB 5007207 – Windows 10, Version 1507 LTSC
 [Print Server] After installing this update, Windows print clients might encounter the
following errors when connecting to a remote printer shared on a Windows print
server:
 0x000006e4 (RPC_S_CANNOT_SUPPORT)
 0x0000007c (ERROR_INVALID_LEVEL)
 0x00000709 (ERROR_INVALID_PRINTER_NAME)
 Workaround: See release health page for options. Microsoft is working on a
resolution.
 KB 5007192 – Windows 10, version 1607, Windows Server 2016
 [Print Server]

November Known Issues for Windows 10 (cont)
 KB 5007206 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
 [Print Server]

 KB 5007189 – Windows 10 Enterprise, version 1909 Windows 10
Enterprise and Education, version 1909 Windows 10 IoT Enterprise,
version 1909
 [Print Server]

 KB 5007186 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2,
Windows 10 version 21H1
 [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices
cannot install new updates, such as the July 6, 2021 (KB5004945) or later
updates. You will receive the error message,
"PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For
more information and a workaround, see KB5005322.
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the
custom offline media or ISO image before slipstreaming the LCU. See KB for
details.

 KB 5006670 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2,
Windows 10 version 21H1
 [Smart Card Failure] After installing this update, when connecting to devices in an
untrusted domain using Remote Desktop, connections might fail to authenticate
when using smart card authentication. You might receive the prompt, "Your
credentials did not work. The credentials that were used to connect to [device
name] did not work. Please enter new credentials." and "The login attempt failed"
in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for
details.
 [Print Server]

MS21-11-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part
of update KB 5006736 (released October 12, 2021). This update contains several
printer driver fixes and miscellaneous security improvements to internal OS
functionality. Bulletin is based on KB 5007263.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Known Issues: See next slide.

November Known Issues for Server 2008
 KB 5007263 – Windows Server 2008 (Monthly Rollup)
 [File Rename] Certain operations, such as rename, that you perform on files or
folders that are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you
perform the operation on a CSV owner node from a process that doesn’t have
administrator privilege. Workaround: Perform the operation from a process that
has administrator privilege or perform the operation from a node that doesn’t have
CSV ownership. Microsoft is working on a resolution.
 [Print Server]
 KB 5007246 – Windows Server 2008 (Security-only Update)
 [File Rename]
 [Print Server]

MS21-11-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 5007246. This update contains several printer
driver fixes and miscellaneous security improvements to internal OS functionality.
 Known Issues: See previous slide.

MS21-11-MR7-ESU: Monthly Rollup for Win 7
MS21-11-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: This security update includes improvements and fixes that were a part of
update KB 5006743 (released October 12, 2021). This update contains several printer
driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin
is based on KB 5007236.
 Fixes 15 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-
2021-41371 are publicly disclosed. See the Security Update Guide for the complete list
of CVEs.
 Known Issues: [File Rename] and [Print Server]

MS21-11-SO7-ESU: Security-only Update for Win 7
MS21-11-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2

MS21-11-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB5006739 (released October 12, 2021). This update contains several printer
driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin
is based on KB 5007260.
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure
 Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-
2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of
CVEs.

MS21-11-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
driver fixes and miscellaneous security improvements to internal OS functionality. No
additional issues were documented for this release.
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure

MS21-11-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part of update
KB 5006714 (released October 12, 2021). This update contains several printer driver fixes and
miscellaneous security improvements to internal OS functionality. No additional issues were
documented for this release. Bulletin is based on KB 5007247.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information
Disclosure
 Fixes 17 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-
41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.

MS21-11-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure

MS21-11-EXCH: Security Updates for Exchange Server
 Maximum Severity: Important
 Affected Products: Microsoft Exchange Server 2013 - 2019
 Description: This security update fixes vulnerabilities in Microsoft
Exchange. This bulletin is based on KB 5007409.
 Impact: Remote Code Execution and Spoofing
 Fixes 3 Vulnerabilities: CVE-2021-42321 is known exploited.
CVE-2021-41349 and CVE-2021-42305 are fixed in this release.
 Known Issues: See next slide

November Known Issues for Exchange Server
 KB 5007409 – Exchange Server 2013, 2016 and 2019
 [Issue 1] If the update is run it in Normal mode (that is, not as an administrator),
some files are not correctly updated and there are no error messages. This occurs
because UAC prevents the security update from correctly stopping certain
Exchange-related services. Workaround: Run as administrator in manual mode.
See KB for more details.
 [Issue 2] Exchange services might remain in a disabled state after you install this
security update. Workaround: Use Services Manager to restore the startup type
to Automatic, and then start the affected Exchange services manually. To avoid this
issue, run the security update at an elevated command prompt.
 [Issue 3] When you block third-party cookies in a web browser, you might be
continually prompted to trust a particular add-in even though you keep selecting
the option to trust it. Workaround: Enable third-party cookies for the domain
that's hosting OWA or Office Online Server in the browser settings. See KB for
more details.

November Known Issues for Exchange Server (cont)
 [Issue 4] When you try to request free/busy information for a user in a different
forest in a trusted cross-forest topology, the request fails and generates a "(400)
Bad Request" error message. Workaround: See Microsoft help article "(400) Bad
Request" error during Autodiscover for per-user free/busy in a trusted cross-forest
topology for guidance.

MS21-11-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Enterprise Server 2013
 Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on KB 5002063.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited.
CVE-2021-40442 is fixed in this release.

MS21-11-OFF: Security Updates for Microsoft Office
 Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 and LTSC
2021 for macOS, Office Online Server, and Office Web Apps Server 2013
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references just the release notes for the macOS Office.
 Impact: Remote Code Execution and Security Feature Bypass
 Fixes 3 Vulnerabilities: CVE-2021-42292 is known exploited. CVE-2021-40442
and CVE-2021-41368 are fixed in this release.
 Restart Required: Requires application restart

MS21-11-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution and Security Feature Bypass
 Fixes 4 Vulnerabilities: CVE-2021-42292 is known exploited. CVE-2021-40442,
CVE-2021-41368, and CVE-2021-42296 are fixed in this release.
 Restart Required: Requires application restart

Release Summary
 Security Updates (with CVEs): Google Chrome (2), Amazon Corretto 11 (1), Amazon Corretto 8 (1),
Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 8 (1), Nitro Pro (1),
Nitro Pro Enterprise (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), RedHat
OpenJDK 8 (1), Azul Zulu JDK 11 (1), Azul Zulu JDK 8 (1), Azul Zulu JRE 11 (1), Azul Zulu JRE 8 (1)
 Security (w/o CVEs): iTunes (1), Audacity (1), Box Edit (1), Camtasia (1), CCleaner (1), ClickShare App
Machine-Wide Installer (1), Falcon Sensor for Windows (1), Dropbox (1), Eclipse Adoptium JDK 11 (1), Eclipse
Adoptium JDK 8 (1), Evernote (3), Firefox (1), FileZilla Client (2), GoodSync (10), GIT for Windows (1), Jabra
Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (3), Notepad++ (4), Opera (4), VirtualBox (1),
Pidgin (1), Plex Media Server (2), RedHat OpenJDK JDK 11 (1), Skype (2), Slack Machine-Wide Installer (2),
Splunk Universal Forwarder (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1),
Thunderbird (2), VMware Workstation Player (1), VMware Workstation Pro (1), WinSCP (1), Zoom Client (1),
Zoom Outlook Plugin (1), Zoom VDI (1)
 Non-Security Updates: AIMP (3), CutePDF Writer (1), Google Drive File Stream (2), NextCloud Desktop
Client (1), PDF-Xchange PRO (2), R for Windows (1), RingCentral App (Machine-Wide Installer) (2), RealVNC
Server (1), RealVNC Viewer (1), Cisco WebEx Teams (2), WinMerge (1)

Third Party CVE Information
 Google Chrome 95.0.4638.54
 CHROME-211019, QGC950463854
 Fixes 16 Vulnerabilities: CVE-2021-37981, CVE-2021-37982, CVE-2021-37983,
CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-
2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-
37992, CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996
 Google Chrome 95.0.4638.69
 CHROME-211028, QGC950463869
CVE-2021-38000, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003

Third Party CVE Information (cont)
 Java 8 Update 311
 JAVA8-311, QJAVA8U311
 Java Development Kit 8 Update 311
 JDK8-311, QJDK8U311
 RedHat OpenJDK 8.0.312
 RHTJDK8-211102, QRHTJDK180312
2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603

 Amazon Corretto 11.0.13.8.1
 CORRETTO11-211019, QCORRETTO11013
 Amazon Corretto 8 Update 312
 CORRETTO8-312, QCORRETTO8312
 Java Development Kit 11 update 11.0.13
 JDK11-211019, QJDK11U11013
2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-
35586, CVE-2021-35588, CVE-2021-35603

 Firefox 94.0
 FF-211102, QFF94
2021-38510
 Firefox ESR 91.3.0
 FFE-211102, QFFE9130
2021-38510

 Nitro Pro 13.50.4.1013
 NITRO-211026, QNITRO135041013
 Fixes 2 Vulnerabilities: CVE-2021-21796, CVE-2021-21797
 Nitro Pro Enterprise 13.50.4.1013
 NITROE-211026, QNITROE135041013
 Node.JS 16.11.1 (Current)
 NOJSC-211013, QNODEJSC16111
 Node.JS 12.22.7 (LTS Lower)
 NOJSLL-211013, QNODEJSL12227
 Node.JS 14.18.1 (LTS Upper)
 NOJSLU-211013, QNODEJSLU14181

 Azul Zulu JDK 11.52.13 (11.0.13)
 ZULUJDK11-211020, QZULUJDK115213
 Azul Zulu JDK 8.58.0.13 (8u312)
 ZULUJDK8-211019, QZULUJDK858013
 Azul Zulu JRE 11.52.13 (11.0.13)
 ZULUJRE11-211020, QZULUJRE115213
 Azul Zulu JRE 8.58.0.13 (8u312)
 ZULUJRE8-211019, QZULUJRE858013
2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-
35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603

Thank You!

2021 November Patch Tuesday

More Related Content

What's hot

Similar to 2021 November Patch Tuesday

More from Ivanti

Recently uploaded

2021 November Patch Tuesday