Microsoft October 2021 Patch Tuesday

This month we got patches for 81 vulnerabilities. Of these, 3 are critical, 3 were previously disclosed and 1 is being exploited according to Microsoft.

The exploited vulnerability (CVE-2021-40449) is an elevation of privilege affecting Win32k on virtually all supported Windows versions. According to the advisory, a local attacker may elevate privileges with no user interactions.

Among critical vulnerabilities, there are two Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-40461 and CVE-2021-38672) affecting multiple versions of Windows 10, 11 and Server. An attacker within the same physical or logical network with low privileges and no user interaction could exploit this vulnerability to execute code on the targeted system. The CVSS V3 for both vulnerabilities is 8.0. The third critical vulnerabilty is the Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486) with the CVSS V3 of 7.8.

Another vulnerability worth mentioning due to recent vulnerabilities involving the print spooler, albeit without much detail, is the Windows Print Spooler Spoofing Vulnerability (CVE-2021-36970). The CVSS V3 for this vulnerability is 8.8 and the exploitability assessment is 'Exploitation more likely'.

The highest CVSS v3 this month (9.0) was associated to the Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26427). According to the advisory, the attack vector for this vulnerablity is 'adjacent', which means the attack can not be done accross the internet. The vulnerabilty affects Windows Exchange Server on versions 2013, 2016 and 2019.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

October 2021 Security Updates

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-41355	No	No	Less Likely	Less Likely	Important	5.7	5.0
Active Directory Federation Server Spoofing Vulnerability
CVE-2021-41361	No	No	Less Likely	Less Likely	Important	5.4	4.7
Active Directory Security Feature Bypass Vulnerability
CVE-2021-41337	No	No	Less Likely	Less Likely	Important	4.9	4.3
Chromium: CVE-2021-37974 Use after free in Safe Browsing
CVE-2021-37974	No	No	-	-	-
Chromium: CVE-2021-37975 Use after free in V8
CVE-2021-37975	No	No	-	-	-
Chromium: CVE-2021-37976 Information leak in core
CVE-2021-37976	No	No	-	-	-
Chromium: CVE-2021-37977 Use after free in Garbage Collection
CVE-2021-37977	No	No	-	-	-
Chromium: CVE-2021-37978 Heap buffer overflow in Blink
CVE-2021-37978	No	No	-	-	-
Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC
CVE-2021-37979	No	No	-	-	-
Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox
CVE-2021-37980	No	No	-	-	-
Console Window Host Security Feature Bypass Vulnerability
CVE-2021-41346	No	No	Less Likely	Less Likely	Important	5.3	4.6
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2021-40470	No	No	More Likely	More Likely	Important	7.8	6.8
Intune Management Extension Security Feature Bypass Vulnerability
CVE-2021-41363	No	No	Less Likely	Less Likely	Important	4.2	3.8
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-41339	No	No	Less Likely	Less Likely	Important	4.7	4.2
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-41354	No	No	-	-	Important	4.1	3.6
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVE-2021-41353	No	No	-	-	Important	5.4	4.7
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2021-40457	No	No	Less Likely	Less Likely	Important	7.4	6.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-40472	No	No	Less Likely	Less Likely	Important	5.5	4.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40471	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40473	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40474	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40479	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40485	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Exchange Server Denial of Service Vulnerability
CVE-2021-34453	No	No	Less Likely	Less Likely	Important	7.5	6.5
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-41348	No	No	Less Likely	Less Likely	Important	8.0	7.0
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26427	No	No	Less Likely	Less Likely	Important	9.0	7.8
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-41350	No	No	Less Likely	Less Likely	Important	6.5	5.7
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-40480	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40481	No	No	Less Likely	Less Likely	Important	7.1	6.2
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-40482	No	No	Less Likely	Less Likely	Important	5.3	4.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-41344	No	No	More Likely	More Likely	Important	8.1	7.1
CVE-2021-40487	No	No	More Likely	More Likely	Important	8.1	7.1
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-40483	No	No	Less Likely	Less Likely	Low	7.6	6.6
CVE-2021-40484	No	No	Less Likely	Less Likely	Important	7.6	6.6
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-41330	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-40486	No	No	Less Likely	Less Likely	Critical	7.8	6.8
OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference
CVE-2020-1971	No	No	Less Likely	Less Likely	Important
OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing
CVE-2021-3449	No	No	Less Likely	Less Likely	Important
OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
CVE-2021-3450	No	No	Unlikely	Unlikely	Important
Rich Text Edit Control Information Disclosure Vulnerability
CVE-2021-40454	No	No	Less Likely	Less Likely	Important	5.5	5.1
SCOM Information Disclosure Vulnerability
CVE-2021-41352	No	No	Less Likely	Less Likely	Important	7.5	6.5
Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40478	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40488	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-40489	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-26441	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-41345	No	No	Less Likely	Less Likely	Important	7.8	6.8
Win32k Elevation of Privilege Vulnerability
CVE-2021-40449	No	Yes	Detected	Detected	Important	7.8	7.2
CVE-2021-40450	No	No	More Likely	More Likely	Important	7.8	6.8
CVE-2021-41357	No	No	More Likely	More Likely	Important	7.8	7.2
Windows AD FS Security Feature Bypass Vulnerability
CVE-2021-40456	No	No	Less Likely	Less Likely	Important	5.3	4.6
Windows AppContainer Elevation Of Privilege Vulnerability
CVE-2021-40476	No	No	Less Likely	Less Likely	Important	7.5	6.7
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-41338	Yes	No	Less Likely	Less Likely	Important	5.5	5.0
Windows AppX Deployment Service Elevation of Privilege Vulnerability
CVE-2021-41347	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Bind Filter Driver Information Disclosure Vulnerability
CVE-2021-40468	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2021-40475	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40443	No	No	More Likely	More Likely	Important	7.8	6.8
CVE-2021-40466	No	No	More Likely	More Likely	Important	7.8	6.8
CVE-2021-40467	No	No	More Likely	More Likely	Important	7.8	6.8
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-40469	Yes	No	Less Likely	Less Likely	Important	7.2	6.5
Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-41334	No	No	Less Likely	Less Likely	Important	7.0	6.1
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-40477	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVE-2021-38662	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-41343	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-41340	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2021-26442	No	No	Less Likely	Less Likely	Important	7.0	6.1
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-38672	No	No	Less Likely	Less Likely	Critical	8.0	7.0
CVE-2021-40461	No	No	Less Likely	Less Likely	Critical	8.0	7.0
Windows Installer Spoofing Vulnerability
CVE-2021-40455	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-41335	Yes	No	Less Likely	Less Likely	Important	7.8	7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2021-41336	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-41342	No	No	Less Likely	Less Likely	Important	6.8	6.1
Windows Media Audio Decoder Remote Code Execution Vulnerability
CVE-2021-41331	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
CVE-2021-40462	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows NAT Denial of Service Vulnerability
CVE-2021-40463	No	No	Less Likely	Less Likely	Important	7.7	6.7
Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-40464	No	No	Less Likely	Less Likely	Important	8.0	7.0
Windows Print Spooler Information Disclosure Vulnerability
CVE-2021-41332	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows Print Spooler Spoofing Vulnerability
CVE-2021-36970	No	No	More Likely	More Likely	Important	8.8	8.2
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
CVE-2021-40460	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows TCP/IP Denial of Service Vulnerability
CVE-2021-36953	No	No	Less Likely	Less Likely	Important	7.5	6.5
Windows Text Shaping Remote Code Execution Vulnerability
CVE-2021-40465	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows exFAT File System Information Disclosure Vulnerability
CVE-2021-38663	No	No	Less Likely	Less Likely	Important	5.5	4.8

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Renato

82 Posts
ISC Handler

Oct 12th 2021

Thread locked Subscribe

Oct 12th 2021
7 months ago

Thank you for the information, I have a thought/question regarding your assessment. As you mentioned it only appears that perhaps one of the vulnerabilities show any type of real threat and it is marked as "Important", what factors would you use to determine if one should patch all their devices sooner than on a normal patch cycle? Typically a TVM team would evaluate vulnerabilities and unless they really pose a Zero-day alert, or the like, they maintain a normal monthly patch cycle. However, cve-2021-40449 seems like it should have been marked as "Critical" but was marked as "important" even though it has been exploited and requires local access. What additional evaluations or testing is recommended? Thanks,

Anonymous

Quote

Oct 18th 2021
7 months ago