{"id":8498,"date":"2021-10-26T17:58:09","date_gmt":"2021-10-27T00:58:09","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8498"},"modified":"2023-03-03T14:20:55","modified_gmt":"2023-03-03T21:20:55","slug":"october-microsoft-patches-74-security-vulnerabilities","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/october-microsoft-patches-74-security-vulnerabilities\/","title":{"rendered":"October 2021: Microsoft Patches 74 Security Vulnerabilities"},"content":{"rendered":"<p><strong>Microsoft<\/strong> patched 74 unique security vulnerabilities in October 2021, which includes four zero-day exploits. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 800px; height: 513px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-1-19.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><strong>Microsoft Patches: Overview<\/strong><\/h2>\n<p dir=\"ltr\">\n<p dir=\"ltr\">This October, Microsoft patched 74 vulnerabilities discovered in 2021.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">20 CVEs are classified as Remote Code Execution bugs<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">21 CVEs with Privilege Escalation capabilities<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">13 CVEs are linked to Information Disclosure<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs have Denial of Service capabilities<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">9 CVEs has Spoofing possibilities<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">6 CVEs are Security Bypass bugs<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-3-14.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">Three of the CVEs <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-40469\">CVE-2021-40469<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-41335\">CVE-2021-41335<\/a>, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-41338\">CVE-2021-41338<\/a> have been disclosed publicly, though haven\u2019t been observed in active exploitation.<\/p>\n<p dir=\"ltr\">\n<h2 dir=\"ltr\"><strong>Zero-days<\/strong><\/h2>\n<p dir=\"ltr\">\n<p>Microsoft had released patches for four zero-day vulnerabilities this month:<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-40449\">CVE-2021-40449<\/a> &#8211; Win32K kernel driver<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-40469\">CVE-2021-40469<\/a> &#8211; Windows DNS Server<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-41335\">CVE-2021-41335<\/a> &#8211; Windows Kernel<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-41338\">CVE-2021-41338<\/a> &#8211; Windows AppContainer Firewall Rules<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\">\n<p dir=\"ltr\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-40449\">CVE-2021-40449<\/a> is an elevation of privilege vulnerability\u00a0 in the Win32k Kernel driver known to have been actively exploited in attacks. According to researchers, Chinese hacking groups are leveraging this vulnerability to launch espionage campaigns. As part of the intrusions, the threat actors deploy a remote access trojan (RAT) that is elevated with authorized rights to exploit this Windows vulnerability. This cluster of malicious activity is dubbed as MysterSnail by Kaspersky and is linked to the Chinese-speaking APT group, IronHusky.<\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\"><strong>RCE\/PE<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">Microsoft has patched a remote code execution (RCE) vulnerability in Exchange Server (CVE-2021-26427) that was disclosed by the <a href=\"https:\/\/twitter.com\/NSACyber\/status\/1447971244935110656\">National Security Agency<\/a> (NSA). An attacker would need direct network access to an Exchange Server to exploit this weakness, therefore it isn&#8217;t easily accessible via the Internet. However, because email servers are constantly attacked, it&#8217;s a good idea to fix your Exchange Servers as soon as possible. This CVE received a CVSS score of 9.0, the highest rated vulnerability of this month\u2019s patch release.<\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\"><strong>Additional Fix for PrintNightmare<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">Another important spoofing vulnerability (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-36970\">CVE-2021-36970<\/a>), reported as \u201cmore likely to be exploited\u201d in the Windows Print Spooler, got a CVSSv3 score of 8.8 (high). This flaw necessitates an attacker to have access to the same network as the target, as well as user interaction.<\/p>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">The PrintNightmare and Exchange Server bugs are worth keeping an eye on as they are more interested by the threat actors for exploiting.<\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\"><strong>Severity Scores<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">Of these 74 vulnerabilities, three CVEs have been marked critical. All the critical CVEs are classified as Remote Code Execution bugs.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 475px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-2-21.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><strong>Product Analysis<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">The products impacted in the October patch bundle include Windows, Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge browser. Windows products received a fix for 45 vulnerabilities in which 9 CVEs accounted for Remote Code Execution, 20 for Privilege Escalation possibilities. There are 15 vulnerabilities fixed in Microsoft Office that include 11 Remote Code Execution bugs.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 334px;\" src=\"\/wp-content\/uploads\/2021\/06\/patch-watch-4-11.png\" alt=\"\" \/><\/p>\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrxwZSumynye4viC?backgroundColor=cyan&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\"><strong>Table: Microsoft October Patches 2021<\/strong><\/p>\n<p dir=\"ltr\">CISA has issued an <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/10\/12\/microsoft-releases-october-2021-security-updates\">advisory<\/a> urging users to update these October released patches. We recommend users to patch systems as quickly as possible and monitor their environment on a regular basis to detect systems that have not been completely patched.<\/p>\n<h3 dir=\"ltr\" style=\"text-align: center;\"><\/h3>\n<h3 dir=\"ltr\" style=\"text-align: center;\"><strong>Concerned about a cyber-attack?<\/strong><\/h3>\n<h3 dir=\"ltr\" style=\"text-align: center;\"><strong>Want to know more about Vulnerability Management as a Service.\u00a0<\/strong><\/h3>\n<h3 dir=\"ltr\" style=\"text-align: center;\"><strong><a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to us<\/a>.<\/strong><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft patched 74 unique security vulnerabilities in October 2021, which includes four zero-day exploits. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority. Microsoft Patches: Overview This October, Microsoft patched 74 vulnerabilities discovered in 2021. 20 CVEs are classified as Remote Code Execution bugs 21 CVEs with [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14440,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[290],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8498"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14440"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8498"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}