9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
For a detailed advisory, download the pdf file here.
For the month of November, Microsoft has reported a total of 55 vulnerabilities, 6(CVE-2021-38666, CVE-2021-26443, CVE-2021-42279, CVE-2021-42298, CVE-2021-42316, CVE-2021-3711) of which have been rated critical. Four (CVE-2021-43208, CVE-2021-43209) of these vulnerabilities have been publicly known and two (CVE-2021-42292, CVE-2021-42321) of them have been exploited in the wild. Patches of all these vulnerabilities have been published by Microsoft. This Advisory only focuses on the important 12 vulnerabilities.
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42292>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43208>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43209>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38631>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41371>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38666>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26443>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42279>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42298>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42316>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-3711>
<https://threatpost.com/microsoft-nov-patch-tuesday-fixes-six-zero-days-55-bugs/176143/>
<https://www.zerodayinitiative.com/blog/2021/11/9/the-november-2021-security-update-review>
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C