November 2021 Monthly Patch Release

10 November 2021

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to

Critical vulnerabilities

CVE Number	CVE Name	Base Score	Reference
CVE-2021-26443	Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability	9.0	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26443
CVE-2021-38666	Remote Desktop Client Remote Code Execution Vulnerability	8.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38666
CVE-2021-42316	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	8.7	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42316
CVE-2021-42298	Microsoft Defender Remote Code Execution Vulnerability	7.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42298
CVE-2021-42279	Chakra Scripting Engine Memory Corruption Vulnerability	4.2	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42279
CVE-2021-3711	OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow	TBD	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-3711

Public advisory of scammers impersonating CSA and the SPF