Microsoft has released important “Patch Tuesday” monthly security updates. These should applied promptly as some of these vulnerabilities have potential to be actively exploited in-the-wild later:

https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/

https://www.zerodayinitiative.com/blog/2021/12/14/the-december-2021-security-update-review

http://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/14/microsoft-releases-december-2021-security-updates

https://redmondmag.com/articles/2021/12/14/microsoft-december-security-patches-arrive.aspx

https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

https://patchtuesdaydashboard.com/

Microsoft on Tuesday released security patches for 67 common vulnerabilities and exploits, even as organizations are scrambling to address a Log4j flaw in Apache servers that’s under active exploit. Of Microsoft’s December patch total, seven vulnerabilities are labeled “Critical” by security researchers. There are six “Important” vulnerabilities, but they’ve all been publicly exposed before Microsoft’s Tuesday patch release, which ups risks for organizations. In addition, one of those six Important vulnerabilities, namely CVE-2021-43890, a Windows AppX Installer spoofing flaw for Windows 10 systems, is known to have been exploited. It’s this month’s zero-day vulnerability.