Patch Tuesday is once again upon us. The October 2021 edition of Patch Tuesday brings us 76 fixes, 3 of which are rated as critical with one actively exploited. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the October 2021 Patch Tuesday Audit Report
MysterySnail Zero-day
Dubbed “MysterySnail”, CVE-2021-40449 is an elevation of privilege exploit that has been exploited in the wild according to Kaspersky. This use-after-free vulnerability in the Win32k kernel driver lies in the Win32k NtGdiResetDC function. Alongside the zero-day vulnerability itself, Kaspersky found that: “variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.“
Two Hyper-V Remote Code Execution Vulnerabilities
Two of the three critically rated fixes are in Hyper-V this month. CVE-2021-38672 and CVE-2021-40461 are both RCE vulnerabilities and while Microsoft has not provided many details of exactly where the vulnerability in Hyper-V resides, the vulnerabilities both score a CVSS 3.1 base score of 8.0. The only detail known details regarding exploitation is that this vulnerability can allow a malicious guest VM to read kernel memory in the host. To exploit the vulnerability the guest VM needs a memory allocation error to occur first, then the bug can be used for a VM escape from guest to host.
Microsoft Word Remote Code Execution Vulnerability
The third critical vulnerability this month is in Microsoft Word. CVE-2021-40486 has a CVSS 3.1 base score of 7.8. Very little is known about the details since Microsoft isn’t releasing much. Microsoft has shared that even the Preview Pane is an attack vector.
Windows Thin PC End of Life
Microsoft’s lightweight Windows 7 version, named Windows Thin PC is going end of life today. Three weeks ago, we released our Windows Thin PC EOL blog post containing a report to help you migrate or decommission any Windows Thin PCs left in your environment.
Run the Patch Tuesday October 2021 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
Patch Tuesday October 2021 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
| CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-33781 | Azure AD Security Feature Bypass Vulnerability |
| CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability |
| CVE-2021-34453 | Microsoft Exchange Server Denial of Service Vulnerability |
| CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability |
| CVE-2021-40455 | Windows Installer Spoofing Vulnerability |
| CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability |
| CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
| CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability |
| CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability |
| CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability |
| CVE-2021-3449 | OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing |
| CVE-2020-1971 | OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference |
| CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability |
| CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability |
| CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability |
| CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability |
| CVE-2021-40463 | Windows NAT Denial of Service Vulnerability |
| CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability |
| CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability |
| CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability |
| CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-26441 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-26442 | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability |
| CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
| CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability |
| CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
| CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability |
| CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability |
| CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability |
| CVE-2021-41352 | SCOM Information Disclosure Vulnerability |
| CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability |
| CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability |
| CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-3450 | OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT |
Receive the Latest Patch Tuesday Report for FREE Every Month
"*" indicates required fields
