Patch Tuesday Webinar: Wednesday, November 10, 2021
Patch Tuesday Webinar: Wednesday, November 10, 2021
Patch Tuesday Webinar: Wednesday, November 10, 2021
In the News
Q&A
Overview
November Patch Tuesday 2021
November Patch Tuesday feels light, but there are a couple of chilling vulnerabilities to resolve. Microsoft
has resolved a total of 55 vulnerabilities (CVE’s), six of which are rated as Critical. The updates include the
normal lineup of Windows OS, Office, Azure, and some dev tools like Visual Studio. There are two Zero
Day vulnerabilities in Microsoft Exchange (CVE-2021-42321) and Excel (CVE-2021-42292) which need
attention. Along with the two Zero Day vulnerabilities there are also four publicly disclosed vulnerabilities.
From a risk perspective let’s start with the most severe, the two zero days. DHS CISA has also released
BOD 22-01 which outlines 287 vulnerabilities, many over a year old, that are still commonly exploited by
threat actors. Perform an evaluation to see if you have some low hanging fruit to pluck from the reach of
threat actors.
Copyright © 2021 Ivanti. All rights reserved.
In the News
In the News
Pwn2Own Austin Event Occurred on Nov 1-4
Successful attacks on Routers, Printers and NAS, and Cell Phones
https://www.zerodayinitiative.com/blog/2021/11/1/pwn2ownaustin
Binding Operational Directive 22-01
Reducing the Significant Risk of Known Exploited Vulnerabilities
https://cyber.dhs.gov/bod/22-01/
Total of 287 CVEs are released in the alert
32 of them are trending in the last 30 days where attackers are focused
on targeting and advancing their tactics
53 CVEs are actively used by Ransomware groups
54 CVEs are used by Malware authors
87 CVEs are capable of a Remote Code Execution
166 CVEs are Weaponized
Security (w/o CVEs): iTunes (1), Audacity (1), Box Edit (1), Camtasia (1), CCleaner (1), ClickShare App
Machine-Wide Installer (1), Falcon Sensor for Windows (1), Dropbox (1), Eclipse Adoptium JDK 11 (1), Eclipse
Adoptium JDK 8 (1), Evernote (3), Firefox (1), FileZilla Client (2), GoodSync (10), GIT for Windows (1), Jabra
Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (3), Notepad++ (4), Opera (4), VirtualBox (1),
Pidgin (1), Plex Media Server (2), RedHat OpenJDK JDK 11 (1), Skype (2), Slack Machine-Wide Installer (2),
Splunk Universal Forwarder (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1),
Thunderbird (2), VMware Workstation Player (1), VMware Workstation Pro (1), WinSCP (1), Zoom Client (1),
Zoom Outlook Plugin (1), Zoom VDI (1)
Non-Security Updates: AIMP (3), CutePDF Writer (1), Google Drive File Stream (2), NextCloud Desktop
Client (1), PDF-Xchange PRO (2), R for Windows (1), RingCentral App (Machine-Wide Installer) (2), RealVNC
Server (1), RealVNC Viewer (1), Cisco WebEx Teams (2), WinMerge (1)