The latest release of Microsoft Patch Tuesday is now active with the security update offering 67 overall vulnerabilities categorised as; 7 critical and 60 important, with 6 publicly disclosed and 1 seen being exploited in the wild.
The AppX Installer service vulnerability affecting Windows systems is the only flaw this month that is being actively exploited in the wild. This vulnerability, labelled critical, is being exploited to spread the Emotet/Trickbot/Bazaloader malware types. Microsoft commented on this, saying: "An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment".
Hackers could potentially gain elevated privileges on an affected system through the Windows Print Spool service. This is one of the 6 vulnerabilities that has been publicly released and has a low attack complexity, meaning it is easier to exploit.
Similar to the previous flaw, this publicly disclosed vulnerability could allow for unauthorised privilege escalation on a mobile device using Windows MDM. This vulnerability also allows local hackers to delete files located on the system.
Software patches are essential to keeping any device secure from potential threats. We highly recommend that you update these as soon as possible given the high-risk excel and VM vulnerabilities posing serious security concerns.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.