Microsoft October 2021 Security Updates includes fixes for 4 zero-days, 1 actively exploited

Microsoft has released the October 2021 Security Updates that includes patches for 74 vulnerabilities, 3 of those rated Critical. The updates also address 4 zero-day bugs, 1 of those actively exploited in the wild.

A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.

In all, the Microsoft security updates address vulnerabilities in the following products:

• .NET Core & Visual Studio
• Active Directory Federation Services
• Console Window Host
• HTTP.sys
• Microsoft DWM Core Library
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Intune
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Rich Text Edit Control
• Role: DNS Server
• Role: Windows Active Directory Server
• Role: Windows AD FS Server
• Role: Windows Hyper-V
• System Center
• Visual Studio
• Windows AppContainer
• Windows AppX Deployment Service
• Windows Bind Filter Driver
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows Desktop Bridge
• Windows DirectX
• Windows Event Tracing
• Windows exFAT File System
• Windows Fastfat Driver
• Windows Installer
• Windows Kernel
• Windows MSHTML Platform
• Windows Nearby Sharing
• Windows Network Address Translation (NAT)
• Windows Print Spooler Components
• Windows Remote Procedure Call Runtime
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Text Shaping
• Windows Win32K.

Zero-day vulnerabilities

On Tuesday, Microsoft warned of active exploits in the wild for a Win32k Elevation of Privilege Vulnerability (CVE-2021-40449).

Kaspersky Technologies discovered attacks in late August and early September 2021 that used the privileged escalation exploits. Kaspersky promptly reported the issue to Microsoft.

“We discovered that it was using a previously unknown vulnerability in the Win32k driver and exploitation relies heavily on a technique to leak the base addresses of kernel modules,” Boris Larin of Kaspersky wrote in a blog post.

Moreover, Kaspersky also found the zero-day attacks were linked to malware activity they collectively dubbed MysterySnail.

“Besides finding the zero-day in the wild, we analyzed the malware payload used along with the zero-day exploit, and found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities,” Larin added.

In addition, Microsoft also fixed 3 other zero-day vulnerabilities:

• CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability.
• CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability.
• CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability.

Critical RCE vulnerabilities

Moreover, Microsoft also addressed 3 Critical RCE vulnerabilities in Windows 10, Windows 11, Windows Server, and multiple Microsoft Office products.

One of the Critical patches fixes a Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-38672).

“For successful exploitation, this vulnerability could allow a malicious guest VM to read kernel memory in the host. To trigger this vulnerability the guest VM requires a memory allocation error to first occur on the guest VM. This bug could be used for a VM escape from guest to host,” Microsoft stated in the advisory.

Microsoft also patched another Critical Windows Hyper-V RCE vulnerability (CVE-2021-40461), as well as a Critical Word RCE vulnerability (CVE-2021-40486) in this patch Tuesday release.

Other security updates

In addition to the Critical RCEs and zero-day fixes, Microsoft also patched an additional 66 Important and 1 Low rated vulnerabilities across multiple products to include: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing, and Tampering vulnerabilities.

Finally, readers can review the October 2021 Security Updates Release Notes and also download more vulnerability and patch details via Microsoft’s Security Update Guide.

Related Articles

• Adobe security update for Acrobat and Reader (APSB21-104)
• Apple releases iOS 15.0.2 with fix for zero-day exploited in the wild
• Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack
• Microsoft: Nobelium cybergang deploys FoggyWeb backdoor to target AD FS servers
• Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions
• Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated
• Microsoft issues guidance on mitigating PetitPotam NTLM relay attacks
• Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability
• Zloader trojan bypasses Microsoft Office malware-protection defenses
• Microsoft patches PrintNightmare vulnerability
• Microsoft uncovers NOBELIUM ‘sophisticated email-based attack’