{"id":8483,"date":"2021-11-17T17:31:33","date_gmt":"2021-11-18T00:31:33","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8483"},"modified":"2023-03-03T14:19:58","modified_gmt":"2023-03-03T21:19:58","slug":"october-2021-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/october-2021-patch-watch-digest\/","title":{"rendered":"October 2021: Patch Watch Digest"},"content":{"rendered":"<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 800px; height: 406px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-1-21.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\">Highlights of October Digest<\/h2>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Known exploits\">18 vendors released security patches for 998 vulnerabilities, including 107 CVEs with known exploits.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#CISA Alert\">20 vulnerabilities that were patched in October had been red-flagged by CISA.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Old CVEs\">231 old vulnerabilities have been patched.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Microsoft Patches\">Microsoft plugged 74 bugs, including 4 zero days.<\/a><\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><a id=\"Known exploits\" name=\"Known exploits\"><\/a>Weaponized Vulnerabilities<\/h2>\n<p>We have 107 vulnerabilities that have known exploits. Here is our analysis \u2013<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs are associated with ransomware strains that include Maze.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs are linked to APT 1.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and HELAUTO) are correlated to 5 CVEs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">17 CVEs are classified as Remote Code Execution.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs have local Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs with Cross-Site Scripting (XSS) flaws.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">28 CVEs are linked to Denial of Service (DoS).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">56 CVEs fall into other categories.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">20 CVEs are rated critical and 52 are of high severity.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Of these 107 weaponized CVEs, 3 are alerted by CISA.<\/p>\n<\/li>\n<\/ul>\n<p><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 316px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-6.png\" alt=\"\" \/><\/p>\n<h2><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a>Old Vulnerabilities<\/h2>\n<p dir=\"ltr\">231 old vulnerabilities have been fixed by vendors, ranging from the year 2015 to 2020.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs are associated with ransomware strains that include Maze and Cring.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs are linked to APT 1.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and\u00a0 HELAUTO) are correlated to 3 CVEs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">14 CVEs are featured by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Of these, 43 CVEs have known exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE has Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs are Remote Code Execution bugs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">29 CVEs are rated critical and 97 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"width: 550px; height: 378px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-3-16.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<h2 dir=\"ltr\"><a id=\"Microsoft Patches\" name=\"Microsoft Patches\"><\/a>Microsoft October\u00a0Patches 2021<\/h2>\n<p>Microsoft had released patches for four zero-day vulnerabilities (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-40449\">CVE-2021-40449<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-40469\">CVE-2021-40469<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-41335\">CVE-2021-41335<\/a>, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-41338\">CVE-2021-41338<\/a>) this October. Three CVEs, CVE-2021-40469, CVE-2021-41335, and CVE-2021-41338, have been publicly disclosed, however no active exploitation has been discovered.<\/p>\n<p dir=\"ltr\">CVE-2021-40449 is a Win32k Kernel driver elevation of privilege vulnerability that has been actively exploited in attacks. To exploit this Windows vulnerability, the threat actors use a remote access trojan (RAT) that is elevated with legal permissions as part of the intrusions. Kaspersky has termed this cluster of malicious activity as MysterSnail and has linked it to the Chinese-speaking APT group IronHusky.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 396px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-4-13.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/october-microsoft-patches-74-security-vulnerabilities.html\">Check out our Microsoft patch watch edition here.<\/a><\/p>\n<h2 dir=\"ltr\"><a id=\"CISA Alert\" style=\"font-size: 24px; background-color: #ffffff;\" name=\"CISA Alert\"><\/a>CISA Alerts<\/h2>\n<p>CISA has issued alerts for 20 vulnerabilities, including 3 publicly-known exploits.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is associated with Maze and APT 1.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is classified as a Local Privilege Escalation.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs are rated critical and 8 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 341px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-5-4.png\" alt=\"\" \/><\/p>\n<p><a id=\"Airtable\" name=\"Airtable\"><\/a><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrcn6MTQrVO87Deh?backgroundColor=green&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\"><strong>Table: October Security Patches 2021<\/strong><\/p>\n<p>Security patching should be a part of an Organization&#8217;s basic system maintenance procedure as there are numerous vulnerabilities that get discovered every week. Patching helps to guard against known vulnerabilities in areas where you are entirely exposed. As a result, patching should be given significant emphasis, and it should be done on a regular basis as part of a system\/normal platform&#8217;s maintenance.<\/p>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\">Concerned about a cyber-attack?<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\">Want to know more about Vulnerability Management as a Service.<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to us<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Highlights of October Digest 18 vendors released security patches for 998 vulnerabilities, including 107 CVEs with known exploits. 20 vulnerabilities that were patched in October had been red-flagged by CISA. 231 old vulnerabilities have been patched. Microsoft plugged 74 bugs, including 4 zero days. Weaponized Vulnerabilities We have 107 vulnerabilities that have known exploits. Here [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14443,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[288],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8483"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14443"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8483"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}