Microsoft Security Bulletin Coverage for December 2021

December 14, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2021. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2021-41333 Windows Print Spooler Elevation of Privilege Vulnerability
ASPY 272:Malformed-File exe.MP_221

CVE-2021-43207 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 274:Malformed-File exe.MP_223

CVE-2021-43226 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 276:Malformed-File exe.MP_225

CVE-2021-43233 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 273:Malformed-File exe.MP_222

CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability
ASPY 275:Malformed-File exe.MP_224

The following vulnerabilities do not have exploits in the wild :
CVE-2021-40441 Windows Media Center Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-40452 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40453 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41360 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41365 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-42294 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-42309 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42312 Microsoft Defender for IOT Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42314 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42315 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-42320 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43215 iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution
There are no known exploits in the wild.
CVE-2021-43216 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43217 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43219 DirectX Graphics Kernel File Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-43222 Microsoft Message Queuing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43223 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43224 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43225 Bot Framework SDK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43227 Storage Spaces Controller Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43228 SymCrypt Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-43229 Windows NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43230 Windows NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43231 Windows NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43232 Windows Event Tracing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43234 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43235 Storage Spaces Controller Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43236 Microsoft Message Queuing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43238 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43239 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43240 NTFS Set Short Name Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-43243 VP9 Video Extensions Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43245 Windows Digital TV Tuner Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43246 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-43247 Windows TCP/IP Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43248 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43255 Microsoft Office Trust Center Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-43256 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43875 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43877 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43880 Windows Mobile Device Management Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43888 Microsoft Defender for IoT Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-43889 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43891 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43893 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-43896 Microsoft PowerShell Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43905 Microsoft Office app Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-43907 Visual Studio Code WSL Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.