By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
By security practitioners, for security practitioners

October Patch Tuesday Updates More Than 40 Microsoft Products and Technologies

Microsoft has patched a host of vulnerabilities, including three rated “critical” and one actively being exploited by nation state threat actors.


Microsoft came out swinging this month with a loaded Patch Tuesday, patching 74 vulnerabilities across 43 products and technologies.

This includes three critical vulnerabilities, a slew of Remote Code Execution (RCE) vulnerabilities, and some under active exploit.

Vulnerability details

– CVE-2021-40449 – A use-after-free zero-day in the Win32 kernel driver. Kaspersky researchers identified nation-state threat actors utilizing this vulnerability as a privilege escalation method in their Remote Access Trojan (RAT).

– A critical Remote Code Execution vulnerability impacting Exchange servers.

– Two HyperV Remote Code Execution Vulnerabilities (CVE-2021-40461 and CVE-2021-38672), which ThreatPost reports can also allow for the VM guest to escape restrictions preventing it from tampering with the host.

– A fix for PrintNightmare (CVE-2021-36970), whose previous patch did not resolve the issue.

– Other notable Remote Code Execution Vulnerabilities: 

  • Word/Office/Sharepoint (CVE-2021-40486), 
  • SharePoint Server (CVE-2021-40487) and 
  • DNS Servers (CVE-2021-40469). 

An extensive writeup has been provided by ThreatPost.


The extensive list of impacted products is listed on the Microsoft Patch Tuesday Notes.

It is urgent that affected systems be updated as soon as possible.  


Microsoft’s Patch Tuesday Notes

CISA Patch Tuesday Advisory

ThreatPost Patch Tuesday Writeup

Kaspersky Documenting MysterySnail RAT

Previous Post

Apple Releases Updates to Actively Exploited iOS and iPadOS Vulnerability

Next Post

Zero Trust Network Access and SASE

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.