Yesterday was Tuesday for updates, but due to various situations it was impossible for us to publish the content. However, today we are ready to inform you of the news that comes to Windows 10 with the November patch. This, known as KB5007186, brings the Windows version up to build 19041.1348, 19042.1348, and 19043.1348.
What’s new in Windows 10 patch KB5007186
This patch, like that of its Windows 11 namesake, focuses on vulnerabilities, killing six of them. Two of these vulnerabilities are said to be actively being exploited.
- CVE-2021-42321: (CVSS: 3.1 8.8 / 7.7). This was an active vulnerability. This vulnerability affects Microsoft Exchange Server and, due to incorrect validation of cmdlet arguments, can lead to RCE. However, the attackers must be authenticated.
- CVE-2021-42292: (CVSS: 3.1 7.8 / 7.0). Also detected as exploited. It was found in Microsoft Excel and can be used to bypass security controls. Microsoft says that the preview pane is not an attack vector. There is currently no patch available for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021.
- CVE-2021-43209: (CVSS: 3.1 7.8 / 6.8). A released 3D Viewer vulnerability, this bug can be exploited locally to trigger RCE.
- CVE-2021-43208: (CVSS: 3.1 7.8 / 6.8). Another known issue, this 3D Viewer security flaw can also be armed by a local attacker for code execution purposes.
- CVE-2021-38631: (CVSS: 3.0 4.4 / 3.9). Also made public, this security flaw, found in Windows Remote Desktop Protocol (RDP), can be used for information disclosure.
- CVE-2021-41371: (CVSS: 3.1 4.4 / 3.9). Finally, this RDP vulnerability, known before the patch was available, can also be exploited locally to force an information leak.
In addition, Microsoft already warns us, due to minimal operations during the holidays and the next Western New Year, there will not be a preliminary version (known as version “C”) for the month of December 2021. There will be a monthly security version (known as version “B”) by December 2021. Normal monthly service for versions B and C will resume in January 2022.