Microsoft discovers new multiple vulnerabilities, Microsoft Defender the most concerning

Microsoft discovers new multiple vulnerabilities, Microsoft Defender the most concerning

Microsoft, a software company, has discovered a whopping total of 55 vulnerabilities –– six of which are rated critical while the remaining 49 are rated important.

These flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, Windows Hyper-V, Windows Defender, and Visual Studio.

But there is one vulnerability that is the most concerning and this is found in Microsoft Defender.


Microsoft Defender vulnerability is the most concerning, expert says

Out of all the vulnerabilities that Microsoft discovered, an expert found that a flaw in Microsoft Defender is the most concerning.

Microsoft Defender vulnerability is the most concerning
Microsoft Defender vulnerability is the most concerning

Virsec principal architect Danny Kim, says that CVE-2021-42298 vulnerability which is found in Microsoft Defender is the most critical and should be a concern for every enterprise.

With the Exploitability assessment of “Exploitation more likely” + the severity score + the repeatability of this attack, I think this CVE should be top of mind for all enterprises,” he says. Windows Defender runs on all supported versions of Windows. This vulnerability significantly increases the potential attack surface for today’s organisations due to the popularity of Windows Defender.

explains Danny Kim.

This particular CVE requires some user interactions. But, as seen in the past, attackers and cybercriminals can use social media to attain such interaction so easily. Also nowadays, phishing emails or services have been widespread.

Read: Beware!!! This Windows 7 end-of-support phishing campaign steals passwords

Another dangerous vulnerability

Additionally, CVE-2021-26443 is a relatively dangerous vulnerability. This allows an attacker to escape a Virtual Machine (VM) and carry out arbitrary code on the victim host itself.

These days, virtual machines are very popular, especially amongst Windows users. The concept is that it is a way to deploy more than one Windows machine on the same physical host. And VMs also give virtual protection so that anything that runs on the VM cannot escape and run on the physical host.

So, what happens if this vulnerability is exploited? Basically, an attacker will be able to escape that virtual protection and further access the physical host.

This means the attacker can inflict damage not only on the VM he/she infiltrated, but all VMs running on that physical host. Gaining access and having the ability to run arbitrary code on a physical host is one of the deepest levels of infiltration an attacker can achieve,” says Danny Kim.

Also read: The new Chrome zero-day is under attack –– what to do?

Microsoft rolled out patches to these vulnerabilities

Good thing, Microsoft was quick to roll out a patch to quickly fix these dangerous vulnerabilities. Some vulnerabilities resolved in the November patch are the following:

  • CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). Under active exploit, this vulnerability impacts Microsoft Exchange Server and due to improper validation of cmdlet arguments, can lead to RCE. However, attackers must be authenticated.
  • CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). Also detected as exploited in the wild, this vulnerability was found in Microsoft Excel and can be used to circumvent security controls. Microsoft says that the Preview Pane is not an attack vector. No patch is currently available for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021.
  • CVE-2021-43209: (CVSS:3.1 7.8 / 6.8). A 3D Viewer vulnerability made public, this bug can be exploited locally to trigger RCE. 
  • CVE-2021-43208: (CVSS:3.1 7.8 / 6.8). Another known issue, this 3D Viewer security flaw can also be weaponized by a local attacker for code execution purposes. 
  • CVE-2021-38631: (CVSS:3.0 4.4 / 3.9). Also made public, this security flaw, found in the Windows Remote Desktop Protocol (RDP), can be used for information disclosure.
  • CVE-2021-41371: (CVSS:3.1 4.4 / 3.9). Finally, this RDP vulnerability, known before patching was available, can also be exploited locally to force an information leak.

More tech news:

Leave a Reply

Your email address will not be published. Required fields are marked *