![\"\"](\"\/wp-content\/uploads\/2022\/10\/patch-watch-revamp-1-1.png\")
<\/p>\nMicrosoft patched 74 unique security vulnerabilities in December 2021, including six zero-day exploits. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n
<\/p>\n
This December, Microsoft patched 74 vulnerabilities discovered in 2021.<\/p>\n
The number of CVEs classified as remote code execution bugs: 26<\/p>\n<\/li>\n
The number of CVEs with privilege escalation capabilities: 22<\/p>\n<\/li>\n
The number of CVEs linked to information disclosure: 10<\/p>\n<\/li>\n
The number of CVEs with denial-of-service capabilities: 3<\/p>\n<\/li>\n
The number of CVEs with spoofing possibilities: 7<\/p>\n<\/li>\n<\/ul>\n
Five of these bugs are listed as publicly known, and one is listed as being publicly exploited.<\/p>\n
![\"\"](\"\/wp-content\/uploads\/2022\/10\/weaponized-vulnerabilities.png\")
<\/p>\n
Microsoft had released fixes for six zero-day vulnerabilities this month.<\/p>\n
CVE-2021-43890<\/a>: Windows AppX Installer<\/p>\n<\/li>\n CVE-2021-43240<\/a>: NTFS Set Short Name<\/p>\n<\/li>\n CVE-2021-41333<\/a>: Windows Print Spooler<\/p>\n<\/li>\n CVE-2021-43880<\/a>: Windows Mobile Device Management<\/p>\n<\/li>\n CVE-2021-43883<\/a>: Windows Installer<\/p>\n<\/li>\n CVE-2021-43893<\/a>: Windows Encrypting File System (EFS)<\/p>\n<\/li>\n<\/ul>\n CVE-2021-43890<\/a> is a zero-day spoofing vulnerability in Windows AppX Installer, issued a CVSS severity score of 7.1 (High), and is publicly known and under exploitation. According to Microsoft, it has been linked to attacks tied to the Emotet\/TrickBot\/BazaLoader malware families. An attacker would need to force a user to open a malicious attachment to exploit this vulnerability, which would most likely be done through a phishing attack.<\/p>\n For those who have not been able to install a patch, Microsoft has provided a few workarounds<\/a>.<\/p>\n When analyzing these vulnerabilities based on the Common Weakness Enumeration (CWE) categorization, 19 CVEs carry a CWE of CWE-269 (Improper Privilege Management) that falls under 2021 CWE Top 30 Most Dangerous Software Weaknesses<\/a>. On the whole, 25 CVEs have not been assigned a CWE Identifier yet.<\/p>\n The December patch package influences the following products: Microsoft Azure, the Chromium-based Edge browser, and Microsoft Office, as well as associated products such SP.NET Core and Visual Studio, Microsoft PowerShell, Windows Codecs Library, Remote Desktop Client, Windows Hyper-V, Visual Studio Code, Windows Installer, Windows Encrypting file system, Windows Kernel, Windows Media, Windows NTFS, Windows Print Spooler Components, and Windows Mobile Device Management. Windows products received a fix for 21 vulnerabilities.<\/p>\nSeverity Scores<\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2022\/10\/patch-watch-revamp-3-1.png\")
<\/p>\nCWE Analysis<\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2022\/10\/patch-watch-revamp-2-2.png\")
<\/h2>\nProduct Analysis<\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2022\/10\/patch-watch-revamp-4-2.png\")
<\/p>\n