CyberScotland Bulletin

Technical Bulletin December 2021

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

Microsoft released its monthly security update on Tuesday 14th December 2021, disclosing 67 vulnerabilities across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes 7 Critical ratings, and 6 zero-days, one of which is being actively exploited.

CVE-2021-41333 – Windows Print Spooler Elevation of Privilege

CVE-2021-43240 – NTFS Set Short Name Elevation of Privilege bug

CVE-2021-43880 – Elevation of Privilege in Windows Mobile Device Management

CVE-2021-43883 – Privilege escalation impacting Windows Installer

CVE-2021-43890 – Windows AppX Installer Spoofing

CVE-2021-43893 – Elevation of Privilege in Windows EFS

With this round of patches, Microsoft has addressed a total of 887 CVEs in 2021, according to stats by the Zero Day Initiative and zdnet.

A full list of Microsoft’s December 2021 Patches, their CVE’s severities, and updates can be found here: Microsoft Security Response Center

Section Critical Log4j Vulnerability

Critical Log4j Vulnerability

A zero-day was discovered in the Apache Log4j 2 library, which is a common logging utility featured in applications and services built using Java technology. The vulnerability, coined Log4Shell and tracked as CVE-2021-44228, can allow an attacker to perform remote code execution on systems that use vulnerable versions of Log4j. Exploiting this vulnerability is considered trivial and can be achieved with as little as a single line of code.

The earliest non-vulnerable version of the library is 2.17.0 (as of 21/12/2021). If an earlier version of the library is found to be in use by organisations, then it should be updated to the latest version.

Further information regarding this vulnerability can be found here: sbrcentre.co.uk

Section Google Chrome Zero-Day Found in the Wild

Google Chrome Zero-Day Found in the Wild

Google has released patches for five vulnerabilities in the Chrome web browser. One of the five vulnerabilities has been exploited in the wild. The Use-After-Free bug (meaning referencing memory after is has been freed) can cause the application to crash, become corrupted, or even execute code. Tracked as CVE-2021-4102, the bug exists in the V8 JavaScript and WebAssembley engine. The other four CVEs can be seen below.

CVE-2021-4099 – use after free vulnerability

CVE-2021-4100 – object lifecycle issue

CVE-2021-4101 – Heap buffer overflow vulnerability

CVE-2021-4098 – Insufficient Data Validation Issue

It is recommended that Google Chrome users update to the latest version, which is currently 96.0.4664.110.

Section Apple December Security Patches

Apple December Security Patches

Apple has released a series of updates for its operating systems, including iOS, macOS, tvOS, and watchOS. Among the addressed issues are two memory corruption vulnerabilities and two buffer overflow vulnerabilities, which could allow rogue applications to run malicious code. Furthermore, issues in which a person can retrieve passwords and sensitive data from the lock screen have been resolved. A macOS issue was also patched, in which a local user could exploit the Wi-Fi module to cause unexpected system termination.

It is recommended that Apple OS users update their devices to their most recent versions.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page