You are currently viewing Microsoft’s October 2021 Patch Tuesday Squashes 4 Zero-days and a Total of 81 Vulnerabilities

Microsoft’s October 2021 Patch Tuesday Squashes 4 Zero-days and a Total of 81 Vulnerabilities

  • Post author:
  • Reading time:11 mins read

Microsoft has released October Patch Tuesday security updates with a total of 81 vulnerabilities, which include Four Zero-Days, Three CVEs rated as critical, and 70 rated as important by a vulnerability scanning tool. The products covered in October’s security update include Microsoft Office, Windows Kernel, Windows AppContainer, Visual Studio, etc.

One of the already publicly disclosed CVEs resolves a critical zero-day vulnerability (CVE-2021-40449) in the Win32 kernel driver, dubbed MysterySnail.

Zero-day Vulnerabilities

CVE-2021-40449Microsoft Win32k Privilege escalation Vulnerability. The flaw was discovered by researcher Boris Larin (oct0xor) at Kaspersky, who observed it being exploited in the wild as a zero-day attack linked to a remote access trojan known as MysterySnail. According to the research, vulnerability is triggered when the function ResetDC is executed a second time for the same handle during its callback.

CVE-2021-40469Windows DNS Server Remote Code Execution Vulnerability. This vulnerability is caused due to improper input validation in Windows DNS Server. The vulnerability allows a remote user to execute arbitrary code on the target system. A remote administrator can send a specially crafted request and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of the vulnerable systems.

CVE-2021-41335Windows Kernel Elevation of Privilege Vulnerability. The vulnerability is caused due to improper application of security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation. Successful exploitation allows a local user to escalate privileges on the system.

CVE-2021-41338Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. The flaw is caused due to error in the Windows AppContainer Firewall Rules. Successful exploitation will allow a local user to bypass the authentication process.

Critical Vulnerabilities

CVE-2021-40486 –  Microsoft released patches addressing a remote code execution flaw in Microsoft Word. This flaw caused due to improper input validation in Microsoft Word. A remote attacker can trick a victim into opening a specially crafted file and execute arbitrary code on the target system. Complete compromise of the vulnerable system caused by successful exploitation.

CVE-2021-40461, CVE-2021-38672Windows Hyper-V Remote Code Execution Vulnerability. Microsoft released patches addressing a remote code execution flaw in Windows Hyper-V. The improper input validation in windows hyper-v allows the attacker to execute arbitrary code on the target system.

Microsoft security bulletin summary for October 2021

  • Microsoft Office
  • Windows Kernel
  • Windows AppContainer
  • Microsoft Windows 10, 11
  • Visual Studio
  • Windows Installer
  • Windows Kernel
  • Windows MSHTML Platform
  • Windows Remote Procedure Call Runtime
  • Windows Win32K

  1. Product: Microsoft Windows
    CVEs/Advisory: CVE-2021-26441, CVE-2021-26442, CVE-2021-36953, CVE-2021-36970, CVE-2021-38662, CVE-2021-38663, CVE-2021-40443, CVE-2021-40449, CVE-2021-40450, CVE-2021-40454, CVE-2021-40455, CVE-2021-40456, CVE-2021-40460, CVE-2021-40462, CVE-2021-40463, CVE-2021-40464, CVE-2021-40465, CVE-2021-40466, CVE-2021-40467, CVE-2021-40468, CVE-2021-40469, CVE-2021-40470, CVE-2021-40475, CVE-2021-40476, CVE-2021-40477, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41330, CVE-2021-41331, CVE-2021-41332, CVE-2021-41334, CVE-2021-41335, CVE-2021-41336, CVE-2021-41337, CVE-2021-41338, CVE-2021-41339, CVE-2021-41340, CVE-2021-41342, CVE-2021-41343, CVE-2021-41345, CVE-2021-41346, CVE-2021-41347, CVE-2021-41357, CVE-2021-41361
    Impact: Security Feature Bypass, Elevation of Privilege, Spoofing, Denial of Service, Information Disclosure, Remote Code Execution
    KBs: 5006670, 5006675, 5006674, 5006669, 5006699, 5006743, 5006728, 5006714, 5006729, 5006739, 5006732, 5006736, 5006715, 5006667, 5006672, 5006671

2. Product: Microsoft Office
CVEs/Advisory: CVE-2021-40474, CVE-2021-40479, CVE-2021-40481, CVE-2021-40480, CVE-2021-40471, CVE-2021-40472, CVE-2021-40454, CVE-2021-40485, CVE-2021-40473
Impact: Remote Code Execution, Information Disclosure
Severity: Important

3. Product: Microsoft Visual Studio
CVEs/Advisory:CVE-2020-1971, CVE-2021-3449, CVE-2021-3450, CVE-2021-41355
Impact: Denial of Service, Information Disclosure
Severity: Important

SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

Share this article