The Microsoft December 2021 security updates have been released and consist of 67 CVEs. Of these CVEs, 7 are rated Critical, and 60 are rated Important severity. At the time of release, five are listed as publicly known and one is listed as under active exploit.
The updates apply to the following long list of products: Apps, ASP.NET Core & Visual Studio, Azure Bot Framework SDK, BizTalk ESB Toolkit, Internet Storage Name Service, Microsoft Defender for IoT, Microsoft Devices, Microsoft Edge (Chromium-based), Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office Access, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft PowerShell, Microsoft Windows Codecs Library, Office Developer Platform, Remote Desktop Client, Role: Windows Fax Service, Role: Windows Hyper-V, Visual Studio Code, Visual Studio Code - WSL Extension, Windows Common Log File System Driver, Windows Digital TV Tuner, Windows DirectX, Windows Encrypting File System (EFS), Windows Event Tracing, Windows Installer, Windows Kernel, Windows Media, Windows Mobile Device Management, Windows NTFS, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows Storage, Windows Storage Spaces Controller, Windows SymCrypt, Windows TCP/IP, and Windows Update Stack.
See the KBs listed at December 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.
Note: This is the month for the quarterly MSRT run. Although included with Windows updates, it can be downloaded separately:
- For 32-bit x86-based systems: Download the x86 MSRT package now
- For 64-bit x64-based systems: Download the x64 MSRT package now
Recommended Reading: See Dustin Childs review and analysis in Zero Day Initiative -- The December 2021 Security Update Review.
Additional Update Notes:
- MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly. See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
- Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
- Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
- Windows Update History:
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment