Microsoft released fixes for a total of 67 vulnerabilities, including 7 Critical CVEs. CVE-2021-43890 was rated High, but is noted to have been exploited in the wild, making this the lone zero-day released from Microsoft today.
Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228. Log4Shell is a CVSS 10.0 vulnerability. Organizations using the Log4j library are advised to upgrade to the latest release immediately, seeing that attackers are already searching for exploitable targets. A mitigation Worklet and more information around this vulnerability can be found in our blog here.
Adobe released updates for 11 of their products including Adobe Premiere Rush Pro, Photoshop, Media Encoder, amongst others. All 11 bulletins were given Adobe Priority 3. In total, there were 60 CVEs from Adobe, including 28 Critical, 18 High, and 13 Medium.
Google has rolled out fixes for five security vulnerabilities in its Chrome web browser. These include one which Google says is being exploited in the wild (CVE-2021-4102), so we recommend upgrading to Chrome version 96.0.4664.110 immediately.
At the beginning of December, Mozilla patched a Critical vulnerability in their Network Security Services (NSS) that could exploited to execute arbitrary code. About a week later, Mozilla rolled out fixes for Thunderbird, Firefox, and Firefox ESR. All three of these respective bulletins were rated High by the software company.