Microsoft patched 74 CVEs in the October 2021 Patch Tuesday release, including three rated as critical, 70 rated as important and one rated as low. The zero-day bugs are tracked as CVE-2021-40449, CVE-2021-41338, CVE-2021-40469, and CVE-2021-41335.

CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability

This is an RCE vulnerability in Microsoft Exchange Server which received a CVSSv3 score of 9.0, the highest rated in this Patch Tuesday release. Despite the high CVSS score, the advisory does specifically point out that the vulnerability would only be exploitable from an adjacent network.

CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability. (MystrySnail)

This CVE is a use-after-free EoP vulnerability in Win32k. The flaw being exploited in the wild as a zero-day in attacks linked to a remote access trojan known as MysterySnail. The vulnerability is a patch bypass for CVE-2016-3309, a separate EoP vulnerability in the Windows Kernel. EoP vulnerabilities, especially zero-days, are often linked to malware campaigns such as MysterySnail, and they are primarily associated with targeted attacks.

CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability

This CVE is a spoofing vulnerability in the Windows Print Spooler that received a CVSSv3 score of 8.8 and the designation of Exploitation More Likely. This vulnerability requires that an attacker have access to the same network as a target and user interaction. The advisory lists that a functional exploit does exist for this vulnerability so we may see a PoC circulating in the wild.

CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability

This CVE is an RCE vulnerability in Windows DNS Server. This vulnerability affects Windows server installs that have been configured as DNS servers. According to the advisory, this flaw was publicly disclosed, but it was categorized as “Exploitation Less Likely.” It received a CVSSv3 score of 7.2 because an attacker needs a privileged user account in order to exploit this across the network.

CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability

This CVE is an EoP vulnerability in the Windows Kernel which could be used by a low privileged, local attacker to elevate their privileges on an affected system. Microsoft assigned it a CVSSv3 score of 7.8 and rates this as “Exploitation Less Likely,” despite the vulnerability being publicly disclosed. EoP vulnerabilities like this are popular with malicious actors, helping them pivot from a low level user account to a privileged account with access to potentially sensitive data and the ability to execute arbitrary code.

Also Read : September 2021 Patch Tuesday

Brief on This month patch cycle

  • .NET Core & Visual Studio
  • Active Directory Federation Services
  • Console Window Host
  • HTTP.sys
  • Microsoft DWM Core Library
  • Microsoft Dynamics
  • Microsoft Dynamics 365 Sales
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Intune
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Office Word
  • Microsoft Windows Codecs Library
  • Rich Text Edit Control
  • Role: DNS Server
  • Role: Windows Active Directory Server
  • Role: Windows AD FS Server
  • Role: Windows Hyper-V
  • System Center
  • Visual Studio
  • Windows AppContainer
  • Windows AppX Deployment Service
  • Windows Bind Filter Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Desktop Bridge
  • Windows DirectX
  • Windows Event Tracing
  • Windows exFAT File System
  • Windows Fastfat Driver
  • Windows Installer
  • Windows Kernel
  • Windows MSHTML Platform
  • Windows Nearby Sharing
  • Windows Network Address Translation (NAT)
  • Windows Print Spooler Components
  • Windows Remote Procedure Call Runtime
  • Windows Storage Spaces Controller
  • Windows TCP/IP
  • Windows Text Shaping
  • Windows Win32K

Stay Vigilant, Stay Updated, Stay Safe ! Happy Patching