By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

October Patch Tuesday Updates More Than 40 Microsoft Products and Technologies

Microsoft has patched a host of vulnerabilities, including three rated “critical” and one actively being exploited by nation state threat actors.

Background

Microsoft came out swinging this month with a loaded Patch Tuesday, patching 74 vulnerabilities across 43 products and technologies.

This includes three critical vulnerabilities, a slew of Remote Code Execution (RCE) vulnerabilities, and some under active exploit.

Vulnerability details

– CVE-2021-40449 – A use-after-free zero-day in the Win32 kernel driver. Kaspersky researchers identified nation-state threat actors utilizing this vulnerability as a privilege escalation method in their Remote Access Trojan (RAT).

– A critical Remote Code Execution vulnerability impacting Exchange servers.

– Two HyperV Remote Code Execution Vulnerabilities (CVE-2021-40461 and CVE-2021-38672), which ThreatPost reports can also allow for the VM guest to escape restrictions preventing it from tampering with the host.

– A fix for PrintNightmare (CVE-2021-36970), whose previous patch did not resolve the issue.

– Other notable Remote Code Execution Vulnerabilities: 

  • Word/Office/Sharepoint (CVE-2021-40486), 
  • SharePoint Server (CVE-2021-40487) and 
  • DNS Servers (CVE-2021-40469). 

An extensive writeup has been provided by ThreatPost.

Mitigations

The extensive list of impacted products is listed on the Microsoft Patch Tuesday Notes.

It is urgent that affected systems be updated as soon as possible.  

Resources

Microsoft’s Patch Tuesday Notes
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct

CISA Patch Tuesday Advisory
https://us-cert.cisa.gov/ncas/current-activity/2021/10/12/microsoft-releases-october-2021-security-updates

ThreatPost Patch Tuesday Writeup
https://threatpost.com/microsoft-patch-tuesday-bug-exploited-mysterysnail-espionage-campaign/175431/

Kaspersky Documenting MysterySnail RAT
https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/

Previous Post

Apple Releases Updates to Actively Exploited iOS and iPadOS Vulnerability

Next Post

Zero Trust Network Access and SASE