October Patch Tuesday 2021 Fixes 71 Flaws and Weaponized Threat
October Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.
Microsoft Releases October 2021 Patch Tuesday Fixes
There are 3 Critical, 67 Important and a single Low fix in this October Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft Edge, Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS, and the Windows 11 has its first every security patch.
Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.
- Windows 7 – 19 Important vulnerabilities fixed
- Windows 2008 R2 – 20 Important vulnerabilities fixed
Robert Brown, Head of Customer Success for Syxsense said, “This may be the first time ever that Microsoft released updates for four end user based operating systems (Windows 7, 8.1, 10 & now 11. Over the next couple of months, we could see an increase in the number of vulnerabilities fixed breaching 100 once again. Should that be the case, careful selection of the most important vulnerabilities to resolve will be extremely important.”
Top October 2021 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.
1. CVE-2021-40449: Win32k Elevation of Privilege Vulnerability
A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges. They can achieve this due to a boundary error within the Win32k driver in Microsoft Windows kernel.
This vulnerability was discovered by Kaspersky, therefore one may assume this may be used in the next ransomware attack if not resolved quickly.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponized: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): No
2. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability
The vulnerability allows a local user to escalate privileges on the system because Windows does not properly impose security restrictions in Windows Kernel.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponized: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
3. CVE-2021-36970: Windows Print Spooler Spoofing Vulnerability
A remote attacker can spoof page content because the Windows Print Spooler incorrectly processes user supplied data. This vulnerability is more likely to be targeted by hackers because of the recent report of printing issues which are ongoing.
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponized: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): No
Syxsense Recommendations
Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.
| CVE Reference | Description | Vendor Severity | CVSS Score | Countermeasure | Publicly Aware | Weaponised | Syxsense Recommended |
| CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | Yes |
| CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | Yes | No | Yes |
| CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | Important | 5.5 | No | Yes | No | Yes |
| CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 8 | No | No | No | Yes |
| CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 8 | No | No | No | Yes |
| CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 9 | No | No | No | Yes |
| CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 8 | No | No | No | Yes |
| CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability | Important | 8 | No | No | No | Yes |
| CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-26441 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-40463 | Windows NAT Denial of Service Vulnerability | Important | 7.7 | No | No | No | |
| CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2021-34453 | Microsoft Exchange Server Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-41352 | SCOM Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important | 7.4 | No | No | No | |
| CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-26442 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | |
| CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability | Important | 5.7 | No | No | No | |
| CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-40455 | Windows Installer Spoofing Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability | Important | 5.4 | No | No | No | |
| CVE-2021-41353 | Microsoft Dynamics 365 Sales Spoofing Vulnerability | Important | 5.4 | No | No | No | |
| CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability | Important | 4.9 | No | No | No | |
| CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important | 4.7 | No | No | No | |
| CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability | Important | 4.2 | No | No | No | |
| CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 4.1 | No | No | No | |
| CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability | Low | 7.6 | No | No | No |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
