Virtual Administrator’s November 2021 Patch Recommendations
This month Microsoft released patches for 55 vulnerabilities with 6 rated “Critical” and 49 “Important” in severity.
All patches have been approved in our patch policy.
Only 55 patches for November. Two are being actively exploited (CVE-2021-42292, CVE-2021-42321) and four others are publicly known. CVE-2021-42292 is a security feature bypass problem with Microsoft Excel versions 2013 and later. There is no Office for Mac patch yet.
CVE-2021-42321 is an Exchange bug in the wild but authentication is required to exploit. While the known issues listed for the Exchange patch are not new, Microsoft provides a link for installation guidance – see “Known Issues” below. Microsoft is investigation a new issue with Domain Controllers (DC) where authentication might fail with certain Kerberos Tickets acquired via S4u2self – see “Known Issues” below.
No new printer patches but Microsoft provides mitigation advice for those still seeing issues with Windows print servers. No new standalone SSUs this month.
Disclosed: CVE-2021-38631, CVE-2021-43208, CVE-2021-43209, CVE-2021-41371
Exploited: CVE-2021-42292, CVE-2021-42321
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories – None
Known Issues
There is a new issue with authentication on some Windows Server Domain Controllers being investigated by Microsoft. Mitigation advice for printers shared via print server. Specific guidance for this month’s Exchange patch.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Authentication might fail on DCs with certain Kerberos delegation scenarios
Symptom: Clients and servers using Single Sign On via Kerberos Tickets acquired via S4u2self might be unable to authenticate.
Workaround: We are working on a resolution and will provide a solution in the near term.
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 9, 2021 (KB5007409)
Released: November 2021 Exchange Server Security Updates
Connections to printers shared via print server might encounter errors
Symptom: After installing October 2021 update Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:
0x000006e4 (RPC_S_CANNOT_SUPPORT)
0x0000007c (ERROR_INVALID_LEVEL)
0x00000709 (ERROR_INVALID_PRINTER_NAME)
Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.
Workaround: See Windows release health (https://docs.microsoft.com/en-us/windows/release-health/).
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5007236 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5007247 – Windows 8.1, Windows Server 2012 R2
- KB5007260 – Windows Server 2012
- KB5007263 – Windows Server 2008 (ESU)
Security Only Update
- KB5007233 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5007255 – Windows 8.1, Windows Server 2012 R2
- KB5007245 – Windows Server 2012
- KB5007246 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5007207 – Original release version 1507 (OS Build 10240)
- KB5007192 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5007206 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5007189 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5007186 – Version 2004 “May 2020 Update” (OS Build 19041)
- KB5007186 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5007186 – Version 21H1 “May 2021 Update” (OS Build 19043)
(Versions 1511,1703,1709,1803,1903 are no longer under support)
Windows 11
- KB5007215 – Original release (OS Build 22000)
Windows Server
- KB5007192 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5007206 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5007205 – Server 2022 (OS Build 20348)
November 2021 updates for Microsoft Office
Notable CVEs
CVE-2021-26443 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26443
CVE-2021-38631Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38631
CVE-2021-38666 | Remote Desktop Client Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38666
CVE-2021-41371 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41371
CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability (KB per Office version)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42292
CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability (KB5007409)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321
CVE-2021-43208/CVE-2021-43209 | 3D Viewer Remote Code Execution Vulnerability (Microsoft Store will automatically update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43208
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43209