Microsoft October 2021 patch Tuesday has arrived with the latest updates! In this month’s security update, Microsoft has fixed a total of 74 flaws including four zero-day vulnerabilities. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one as Low.
This update covers the products such as Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge browser.
These 74 vulnerabilities are classified as:
- 9 Spoofing vulnerabilities
- 5 Denial of Service vulnerabilities
- 21 Elevation of Privilege vulnerabilities
- 6 Security Feature Bypass vulnerabilities
- 13 Information Disclosure vulnerabilities
- 20 Remote Code Execution vulnerabilities
Patch Tuesday for October contains updates for four zero-day vulnerabilities, including a Win32k Elevation of Privilege vulnerability that has been actively exploited in the wild.
Microsoft considers a vulnerability as zero-day if it is publicly published or actively being exploited without any available official remedy.
CVE-2021-40449 is currently being exploited. This vulnerability affects the Win32K kernel driver. The threat actors used a zero-day Windows vulnerability to install a Remote Access Trojan (RAT) with higher rights as part of the attacks. This cluster of malicious activity is named MysterSnail by Kaspersky.
Microsoft also patched three other publicly revealed flaws that haven’t been used in any attacks. The vulnerabilities are tracked as CVE-2021-41338, a Windows AppContainer Firewall bug that permits attackers to bypass security features; CVE-2021-40469, an RCE in Windows DNS Server; and CVE-2021-41335, an elevation of privilege bug in the Windows Kernel.
CVE-2021-40486, CVE-2021-38672, and CVE-2021-40461 are three serious vulnerabilities to be aware of. CVE-2021-40486 affects Microsoft Word, while Hyper-V is affected by the other two. All of them have the potential to lead to remote code execution if exploited.
In the September batch of security updates, Microsoft fixed over 60 flaws, including an RCE exploit in MSHTML and a Windows DNS privilege escalation zero-day vulnerability.
Visit the October 2021 Security Updates page to access the full description of each vulnerability and the systems that it affects.
Qualys Detection
Qualys customers can scan their devices with QIDs 91824, 91826, 110392, 110393, and 91827 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct
https://threatpost.com/microsoft-patch-tuesday-bug-exploited-mysterysnail-espionage-campaign/175431/
https://www.zdnet.com/article/microsoft-october-2021-patch-tuesday-71-vulnerabilities-four-zero-days-squashed/
https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2021-patch-tuesday-fixes-4-zero-days-71-flaws/