On the first patch day of this year, Microsoft announced, among other things, nine as “critical“Security gaps classified as closed. Among others, Active Directory, Exchange and Windows are affected. At the moment there is no evidence from Microsoft that attackers are exploiting gaps. However, six vulnerabilities are publicly known and attacks could be imminent.
Beware of worm attacks
A vulnerability (CVE-2021-21907 “critical”) in Windows 10, 11 and Windows Server 2019, 2022 is considered particularly dangerous. According to a warning from Microsoft, the error can be found in the HTTP protocol stack (http.sys). In order to initiate an attack, attackers would only have to send prepared packets to vulnerable systems without authentication.
If this is successful, malicious code could get onto systems. A Trojan horse should be able to spread like a worm to other PCs from this position, warns Microsoft. In Windows 10 1809 and Windows Server 2019, the vulnerable component should not be active by default. Nevertheless, admins should quickly install the security updates on all systems.
Another critical vulnerability (CVE-2021-21846) affects Microsoft Exchange. Here an attacker with network access could gain control of Exchange Server. The vulnerability was reported by the National Security Agency (NSA).
Another malicious code vulnerability (CVE-2021-21840 “high“) concerns Office. For an attack to be successful, an attacker has to get a victim to open a document manipulated with malicious code. Office security updates for macOS should follow, according to a statement by Microsoft.
There are also security patches for, for example, the .NET Framework, DirectX and Edge. Windows users should ensure that Windows Update is running and that the system is up to date. Further information on Patchday can be found in Microsoft’s Security Update Guide.
[UPDATE 12.01.2022 10:10 Uhr]
Note about macOS updates for Office added to running text.