Microsoft has released October Patch Tuesday security updates with a total of 81 vulnerabilities, which include Four Zero-Days, Three CVEs rated as critical, and 70 rated as important. The products covered in October’s security update include Microsoft Office, Windows Kernel, Windows AppContainer, Visual Studio, etc.
One of the already publicly disclosed CVEs resolves a critical zero-day vulnerability (CVE-2021-40449) in the Win32 kernel driver, dubbed MysterySnail.
CVE-2021-40449 – Microsoft Win32k Privilege escalation Vulnerability. The flaw was discovered by researcher Boris Larin (oct0xor) at Kaspersky, who observed it being exploited in the wild as a zero-day attack linked to a remote access trojan known as MysterySnail. According to the research, vulnerability is triggered when the function ResetDC is executed a second time for the same handle during its callback.
CVE-2021-40469 – Windows DNS Server Remote Code Execution Vulnerability. This vulnerability is caused due to improper input validation in Windows DNS Server. The vulnerability allows a remote user to execute arbitrary code on the target system. A remote administrator can send a specially crafted request and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of the vulnerable systems.
CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability. The vulnerability is caused due to improper application of security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation. Successful exploitation allows a local user to escalate privileges on the system.
CVE-2021-41338 – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. The flaw is caused due to error in the Windows AppContainer Firewall Rules. Successful exploitation will allow a local user to bypass the authentication process.
CVE-2021-40486 – Microsoft released patches addressing a remote code execution flaw in Microsoft Word. This flaw was caused due to improper input validation in Microsoft Word. A remote attacker can trick a victim into opening a specially crafted file and execute arbitrary code on the target system. Complete compromise of the vulnerable system can be caused by successful exploitation.
CVE-2021-40461, CVE-2021-38672 – Windows Hyper-V Remote Code Execution Vulnerability. Microsoft released patches addressing a remote code execution flaw in Windows Hyper-V. The improper input validation in windows hyper-v allows the attacker to execute arbitrary code on the target system.
Microsoft security bulletin summary for October 2021
- Microsoft Office
- Windows Kernel
- Windows AppContainer
- Microsoft Windows 10, 11
- Visual Studio
- Windows Installer
- Windows Kernel
- Windows MSHTML Platform
- Windows Remote Procedure Call Runtime
- Windows Win32K
Product: Microsoft Windows
CVEs/Advisory: CVE-2021-26441, CVE-2021-26442, CVE-2021-36953, CVE-2021-36970, CVE-2021-38662, CVE-2021-38663, CVE-2021-40443, CVE-2021-40449, CVE-2021-40450, CVE-2021-40454, CVE-2021-40455, CVE-2021-40456, CVE-2021-40460, CVE-2021-40462, CVE-2021-40463, CVE-2021-40464, CVE-2021-40465, CVE-2021-40466, CVE-2021-40467, CVE-2021-40468, CVE-2021-40469, CVE-2021-40470, CVE-2021-40475, CVE-2021-40476, CVE-2021-40477, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41330, CVE-2021-41331, CVE-2021-41332, CVE-2021-41334, CVE-2021-41335, CVE-2021-41336, CVE-2021-41337, CVE-2021-41338, CVE-2021-41339, CVE-2021-41340, CVE-2021-41342, CVE-2021-41343, CVE-2021-41345, CVE-2021-41346, CVE-2021-41347, CVE-2021-41357, CVE-2021-41361
Impact: Security Feature Bypass, Elevation of Privilege, Spoofing, Denial of Service, Information Disclosure, Remote Code Execution
KBs: 5006670, 5006675, 5006674, 5006669, 5006699, 5006743, 5006728, 5006714, 5006729, 5006739, 5006732, 5006736, 5006715, 5006667, 5006672, 5006671
Product: Microsoft Office
CVEs/Advisory: CVE-2021-40474, CVE-2021-40479, CVE-2021-40481, CVE-2021-40480, CVE-2021-40471, CVE-2021-40472, CVE-2021-40454, CVE-2021-40485, CVE-2021-40473
Impact: Remote Code Execution, Information Disclosure