Security News

It's a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and CVE-2021-42292, a Microsoft Excel security feature bypass bug.CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let arguments.

Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers. The security flaw tracked as CVE-2021-42321 impacts Exchange Server 2016 and Exchange Server 2019, and it is caused by improper validation of cmdlet arguments according to Redmond's security advisory.

Today is Microsoft's November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest.

Microsoft has released PowerShell 7.2 with automatic updates through the Microsoft Update service on Windows 10 and Windows Server devices. "We have integration with Microsoft Update to automatically keep your installation of 7.2 updated whenever we have a servicing release which only includes critical bug fixes or security updates," said Steve Lee, Principal Software Engineer Manager for PowerShell.

Microsoft said that the new Windows Update for Business deployment service for drivers and firmware will be available in Microsoft Endpoint Manager and Microsoft Graph as a public preview starting with the first half of 2022. This prevents the entire Windows driver catalog from being offered to endpoint users, with only those that receive the admins' approval being delivered instead. "Microsoft is excited to announce a new deployment service for driver and firmware updates, giving you visibility into the drivers hosted in Windows Update that are a match for your enterprise devices," the company said in March when it first announced the new service.

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials. "The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday.

A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware. The ProxyShell attacks against vulnerable Microsoft Exchange servers started several months ago, with LockFile and Conti being among the first ransomware groups to exploit them.

Sniffing the wind after the large uptick in ransomware attacks across the corporate world, Microsoft said it plans to roll out a new Defender for Biz version for SMBs. The preview isn't out yet, but Microsoft lifted the lid on some of the features, which industry watchers have praised as potentially bringing full endpoint detection and response functionality for small and mediumz siezed companies at a low cost. The plans were emitted at the software outfit's Ignite shindig this week, where it also unveiled pricing: the "Standalone" software will set you back $3 per user per month, although it will be bundled into Microsoft 365 Business Premium, if you're a Microsoft Teams and Office 365 shop.

Microsoft says Windows 11 users might experience issues opening or using some built-in apps and features due to an expired digital certificate. "Starting on November 1, 2021, some users might be unable to open or use certain built-in Windows apps or parts of some built-in apps that have not installed KB5006746, released October 21, 2021," Microsoft explained on the Windows health dashboard.

A Microsoft 365 outage prevents access to files, such as Excel documents, stored on the SharePoint Online, OneDrive, Office, and Microsoft Teams cloud storage services. The outage started at approximately 11:40 AM EST, with admins and users reporting on social media that they could not open files stored on OneDrive or SharePoint.