Microsoft has released the October 2021 Security Updates that includes patches for 74 vulnerabilities, 3 of those rated Critical. The updates also address 4 zero-day bugs, 1 of those actively exploited in the wild.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
In all, the Microsoft security updates address vulnerabilities in the following products:
- .NET Core & Visual Studio
- Active Directory Federation Services
- Console Window Host
- Microsoft DWM Core Library
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Intune
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft Office Word
- Microsoft Windows Codecs Library
- Rich Text Edit Control
- Role: DNS Server
- Role: Windows Active Directory Server
- Role: Windows AD FS Server
- Role: Windows Hyper-V
- System Center
- Visual Studio
- Windows AppContainer
- Windows AppX Deployment Service
- Windows Bind Filter Driver
- Windows Cloud Files Mini Filter Driver
- Windows Common Log File System Driver
- Windows Desktop Bridge
- Windows DirectX
- Windows Event Tracing
- Windows exFAT File System
- Windows Fastfat Driver
- Windows Installer
- Windows Kernel
- Windows MSHTML Platform
- Windows Nearby Sharing
- Windows Network Address Translation (NAT)
- Windows Print Spooler Components
- Windows Remote Procedure Call Runtime
- Windows Storage Spaces Controller
- Windows TCP/IP
- Windows Text Shaping
- Windows Win32K.
On Tuesday, Microsoft warned of active exploits in the wild for a Win32k Elevation of Privilege Vulnerability (CVE-2021-40449).
Kaspersky Technologies discovered attacks in late August and early September 2021 that used the privileged escalation exploits. Kaspersky promptly reported the issue to Microsoft.
“We discovered that it was using a previously unknown vulnerability in the Win32k driver and exploitation relies heavily on a technique to leak the base addresses of kernel modules,” Boris Larin of Kaspersky wrote in a blog post.
Moreover, Kaspersky also found the zero-day attacks were linked to malware activity they collectively dubbed MysterySnail.
“Besides finding the zero-day in the wild, we analyzed the malware payload used along with the zero-day exploit, and found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities,” Larin added.
In addition, Microsoft also fixed 3 other zero-day vulnerabilities:
- CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability.
- CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability.
- CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability.
Critical RCE vulnerabilities
Moreover, Microsoft also addressed 3 Critical RCE vulnerabilities in Windows 10, Windows 11, Windows Server, and multiple Microsoft Office products.
One of the Critical patches fixes a Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-38672).
“For successful exploitation, this vulnerability could allow a malicious guest VM to read kernel memory in the host. To trigger this vulnerability the guest VM requires a memory allocation error to first occur on the guest VM. This bug could be used for a VM escape from guest to host,” Microsoft stated in the advisory.
Other security updates
In addition to the Critical RCEs and zero-day fixes, Microsoft also patched an additional 66 Important and 1 Low rated vulnerabilities across multiple products to include: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing, and Tampering vulnerabilities.
- Adobe security update for Acrobat and Reader (APSB21-104)
- Apple releases iOS 15.0.2 with fix for zero-day exploited in the wild
- Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack
- Microsoft: Nobelium cybergang deploys FoggyWeb backdoor to target AD FS servers
- Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions
- Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated
- Microsoft issues guidance on mitigating PetitPotam NTLM relay attacks
- Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability
- Zloader trojan bypasses Microsoft Office malware-protection defenses
- Microsoft patches PrintNightmare vulnerability
- Microsoft uncovers NOBELIUM ‘sophisticated email-based attack’