The most talked about CVEs for Q4 2021 (that aren’t Log4j)
This year has featured one security headline after another, with attacks by advanced persistent threats (APTs), a barrage of CVEs in Microsoft products, attacks on infrastructure, supply chain, and MSPs, along with increasing refinement in social engineering and other trajectories.
That’s to say nothing of the recent critical Log4j vulnerabilities that shook the cyber security world to its core. You can read about those here.
Here are some of the other most talked about CVEs for Q4 of 2021.
VMware trivial remote exploit vulnerability (CVE-2021-22005)
First discovered in September 2021, this is easily one of the most threatening vulnerabilities of 2021, since it is very easy to exploit through a simple file upload via Port 443 on vCenter Server—“ regardless of the configuration settings of vCenter Server,” according to VMware.
This exploit lets a user open a reverse shell on the server, allowing an attacker to execute arbitrary code. VMware reported that this vulnerability had been exploited in the wild. Due to its severity and simplicity to exploit, it has been assigned a CVSS score of 9.8 out of 10.
A patch is available for versions 6.5 and up through the applicable VMware Service Advisory (VMSA).
Microsoft Excel remote code execution vulnerability (CVE-2021-42292)
This vulnerability was reported in November 2021, with Microsoft Threat Intelligence immediately reporting that exploitation had been detected in the wild. This vulnerability affects 18 versions of Microsoft Excel (The Preview Pane is unaffected.).
Attack takes place either locally or remotely (e.g., via SSH) following a social engineering attack, generally by tricking a legitimate user into downloading and opening an unsafe Excel file (spear phishing).
The only mitigation available is to patch all applicable versions of Microsoft Excel; however, to date, there is still no patch for affected Mac versions of Microsoft Office, so users must be educated to exercise extreme caution about Excel attachments until a patch is released.
Microsoft exchange server remote code execution vulnerability (CVE-2021-42321)
Microsoft Exchange Server has been plagued with security issues over the past year—including four zero-day exploits early in 2021, among them ProxyToken (CVE-2021-33766), which allowed attackers to forward all incoming emails to their account.
First reported in late November 2021, CVE-2021-42321 is a post-authentication remote code execution (RCE) vulnerability. Some Exchange Server vulnerabilities are already being exploited by advanced persistent threat (APT) groups to target institutions, governments, businesses, and more.
Microsoft has issued instructions to roll out its patch on all relevant systems, beginning with identifying which servers need updating through the Exchange Server Health Checker script. As in other Exchange Server attacks, patching should be followed by investigation for signs of compromise.
At Vulcan Cyber, we’re dedicated to bringing you all the information you need to keep your systems up to date and secure against trending threats. Keep up with emerging vulnerabilities. Get free access to thousands of vulnerabilities and get fix done with Remedy Cloud.