Microsoft has released a light November 2021 Patch Tuesday: CVE-2021-42321, a Microsoft Exchange RCE, and CVE-2021-42292, a Microsoft Excel security feature bypass problem, are two of the 55 patched CVEs, both of which are active zero-days.
The remote code execution vulnerability CVE-2021-42321, which affects Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let (cmdlet) arguments.
Satnam Narang, Staff Research Engineer at Tenable, said “In order to exploit this flaw, an attacker would need to be authenticated, which limits some of the impact. Microsoft says they are aware of ‘limited targeted attacks’ using this vulnerability in the wild,”
In a blog post, the Exchange Team recommended that the provided updates for Microsoft Exchange be installed as soon as possible. They outlined two possible update paths and shared a PowerShell query that security teams can use to identify if an exploit was attempted on their servers.
Microsoft’s Security Threat Intelligence Center (MSTIC) appears to have discovered the in-the-wild exploitation of CVE-2021-42292, the Microsoft Excel security feature bypass zero-day.
Dustin Childs, with Trend Micro’s Zero Day Initiative, noted “This patch fixes a bug that could allow code execution when opening a specially crafted file with an affected version of Excel. This is likely due to loading code that should be behind a prompt, but for whatever reason, that prompt does not appear, thus bypassing that security feature,”
“It’s unclear if it’s a malicious macro or some other form of code loading within a spreadsheet, but I would be reluctant to open any unexpected attachments for a while. This is especially true for users of Office for Mac because there currently is no patch available for Mac users.”