[SANS ISC] Microsoft October 2021 Patch Tuesday, (Tue, Oct 12th)

This month we got patches for 81 vulnerabilities. Of these, 3 are critical, 3 were previously disclosed and 1 is being exploited according to Microsoft.

The exploited vulnerability (CVE-2021-40449) is an elevation of privilege affecting Win32k on virtually all supported Windows versions. According to the advisory, a local attacker may elevate privileges with no user interactions. 

Among critical vulnerabilities, there are two Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-40461 and CVE-2021-38672) affecting multiple versions of Windows 10, 11 and Server. An attacker within the same physical or logical network with low privileges and no user interaction could exploit this vulnerability to execute code on the targeted system. The CVSS V3 for both vulnerabilities is 8.0. The third critical vulnerabilty is the Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486) with the CVSS V3 of 7.8.

Another vulnerability worth mentioning due to recent vulnerabilities involving the print spooler, albeit without much detail, is the Windows Print Spooler Spoofing Vulnerability (CVE-2021-36970). The CVSS V3 for this vulnerability is 8.8 and the exploitability assessment is ‘Exploitation more likely’.

The highest CVSS v3 this month (9.0) was associated to the Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26427). According to the advisory, the attack vector for this vulnerablity is ‘adjacent’, which means the attack can not be done accross the internet. The vulnerabilty affects Windows Exchange Server on versions 2013, 2016 and 2019.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

October 2021 Security Updates

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

.NET Core and Visual Studio Information Disclosure Vulnerability

%%cve:2021-41355%%
No
No
Less Likely
Less Likely
Important
5.7
5.0

Active Directory Federation Server Spoofing Vulnerability

%%cve:2021-41361%%
No
No
Less Likely
Less Likely
Important
5.4
4.7

Active Directory Security Feature Bypass Vulnerability

%%cve:2021-41337%%
No
No
Less Likely
Less Likely
Important
4.9
4.3

Chromium: CVE-2021-37974 Use after free in Safe Browsing

%%cve:2021-37974%%
No
No



 
 

Chromium: CVE-2021-37975 Use after free in V8

%%cve:2021-37975%%
No
No



 
 

Chromium: CVE-2021-37976 Information leak in core

%%cve:2021-37976%%
No
No



 
 

Chromium: CVE-2021-37977 Use after free in Garbage Collection

%%cve:2021-37977%%
No
No



 
 

Chromium: CVE-2021-37978 Heap buffer overflow in Blink

%%cve:2021-37978%%
No
No



 
 

Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC

%%cve:2021-37979%%
No
No



 
 

Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox

%%cve:2021-37980%%
No
No



 
 

Console Window Host Security Feature Bypass Vulnerability

%%cve:2021-41346%%
No
No
Less Likely
Less Likely
Important
5.3
4.6

DirectX Graphics Kernel Elevation of Privilege Vulnerability

%%cve:2021-40470%%
No
No
More Likely
More Likely
Important
7.8
6.8

Intune Management Extension Security Feature Bypass Vulnerability

%%cve:2021-41363%%
No
No
Less Likely
Less Likely
Important
4.2
3.8

Microsoft DWM Core Library Elevation of Privilege Vulnerability

%%cve:2021-41339%%
No
No
Less Likely
Less Likely
Important
4.7
4.2

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

%%cve:2021-41354%%
No
No


Important
4.1
3.6

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

%%cve:2021-41353%%
No
No


Important
5.4
4.7

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

%%cve:2021-40457%%
No
No
Less Likely
Less Likely
Important
7.4
6.9

Microsoft Excel Information Disclosure Vulnerability

%%cve:2021-40472%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Excel Remote Code Execution Vulnerability

%%cve:2021-40471%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40473%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40474%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40479%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40485%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Exchange Server Denial of Service Vulnerability

%%cve:2021-34453%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Microsoft Exchange Server Elevation of Privilege Vulnerability

%%cve:2021-41348%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

Microsoft Exchange Server Remote Code Execution Vulnerability

%%cve:2021-26427%%
No
No
Less Likely
Less Likely
Important
9.0
7.8

Microsoft Exchange Server Spoofing Vulnerability

%%cve:2021-41350%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Microsoft Office Visio Remote Code Execution Vulnerability

%%cve:2021-40480%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40481%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

Microsoft SharePoint Server Information Disclosure Vulnerability

%%cve:2021-40482%%
No
No
Less Likely
Less Likely
Important
5.3
4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

%%cve:2021-41344%%
No
No
More Likely
More Likely
Important
8.1
7.1

%%cve:2021-40487%%
No
No
More Likely
More Likely
Important
8.1
7.1

Microsoft SharePoint Server Spoofing Vulnerability

%%cve:2021-40483%%
No
No
Less Likely
Less Likely
Low
7.6
6.6

%%cve:2021-40484%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

%%cve:2021-41330%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Word Remote Code Execution Vulnerability

%%cve:2021-40486%%
No
No
Less Likely
Less Likely
Critical
7.8
6.8

OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference

%%cve:2020-1971%%
No
No
Less Likely
Less Likely
Important
 
 

OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing

%%cve:2021-3449%%
No
No
Less Likely
Less Likely
Important
 
 

OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

%%cve:2021-3450%%
No
No
Unlikely
Unlikely
Important
 
 

Rich Text Edit Control Information Disclosure Vulnerability

%%cve:2021-40454%%
No
No
Less Likely
Less Likely
Important
5.5
5.1

SCOM Information Disclosure Vulnerability

%%cve:2021-41352%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Storage Spaces Controller Elevation of Privilege Vulnerability

%%cve:2021-40478%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40488%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-40489%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-26441%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-41345%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Win32k Elevation of Privilege Vulnerability

%%cve:2021-40449%%
No
Yes
Detected
Detected
Important
7.8
7.2

%%cve:2021-40450%%
No
No
More Likely
More Likely
Important
7.8
6.8

%%cve:2021-41357%%
No
No
More Likely
More Likely
Important
7.8
7.2

Windows AD FS Security Feature Bypass Vulnerability

%%cve:2021-40456%%
No
No
Less Likely
Less Likely
Important
5.3
4.6

Windows AppContainer Elevation Of Privilege Vulnerability

%%cve:2021-40476%%
No
No
Less Likely
Less Likely
Important
7.5
6.7

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

%%cve:2021-41338%%
Yes
No
Less Likely
Less Likely
Important
5.5
5.0

Windows AppX Deployment Service Elevation of Privilege Vulnerability

%%cve:2021-41347%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Bind Filter Driver Information Disclosure Vulnerability

%%cve:2021-40468%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

%%cve:2021-40475%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

%%cve:2021-40443%%
No
No
More Likely
More Likely
Important
7.8
6.8

%%cve:2021-40466%%
No
No
More Likely
More Likely
Important
7.8
6.8

%%cve:2021-40467%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows DNS Server Remote Code Execution Vulnerability

%%cve:2021-40469%%
Yes
No
Less Likely
Less Likely
Important
7.2
6.5

Windows Desktop Bridge Elevation of Privilege Vulnerability

%%cve:2021-41334%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

Windows Event Tracing Elevation of Privilege Vulnerability

%%cve:2021-40477%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Fast FAT File System Driver Information Disclosure Vulnerability

%%cve:2021-38662%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

%%cve:2021-41343%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Graphics Component Remote Code Execution Vulnerability

%%cve:2021-41340%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows HTTP.sys Elevation of Privilege Vulnerability

%%cve:2021-26442%%
No
No
Less Likely
Less Likely
Important
7.0
6.1

Windows Hyper-V Remote Code Execution Vulnerability

%%cve:2021-38672%%
No
No
Less Likely
Less Likely
Critical
8.0
7.0

%%cve:2021-40461%%
No
No
Less Likely
Less Likely
Critical
8.0
7.0

Windows Installer Spoofing Vulnerability

%%cve:2021-40455%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Kernel Elevation of Privilege Vulnerability

%%cve:2021-41335%%
Yes
No
Less Likely
Less Likely
Important
7.8
7.0

Windows Kernel Information Disclosure Vulnerability

%%cve:2021-41336%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows MSHTML Platform Remote Code Execution Vulnerability

%%cve:2021-41342%%
No
No
Less Likely
Less Likely
Important
6.8
6.1

Windows Media Audio Decoder Remote Code Execution Vulnerability

%%cve:2021-41331%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

%%cve:2021-40462%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows NAT Denial of Service Vulnerability

%%cve:2021-40463%%
No
No
Less Likely
Less Likely
Important
7.7
6.7

Windows Nearby Sharing Elevation of Privilege Vulnerability

%%cve:2021-40464%%
No
No
Less Likely
Less Likely
Important
8.0
7.0

Windows Print Spooler Information Disclosure Vulnerability

%%cve:2021-41332%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows Print Spooler Spoofing Vulnerability

%%cve:2021-36970%%
No
No
More Likely
More Likely
Important
8.8
8.2

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

%%cve:2021-40460%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows TCP/IP Denial of Service Vulnerability

%%cve:2021-36953%%
No
No
Less Likely
Less Likely
Important
7.5
6.5

Windows Text Shaping Remote Code Execution Vulnerability

%%cve:2021-40465%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows exFAT File System Information Disclosure Vulnerability

%%cve:2021-38663%%
No
No
Less Likely
Less Likely
Important
5.5
4.8


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

All posts, HackerNews

The U.S. Justice Department (DoJ) on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have “stolen funds through a […]

Read More

[BleepingComputer] Microsoft’s Windows 365 Cloud PC service is live – Costs from $24 to $162

Microsoft’s Windows 365 Cloud PC service is now generally available, allowing businesses to deploy Windows 10 desktops in the cloud for prices ranging between $24 and $162 per device. […] Source: Read More (BleepingComputer)

Read More

Daily NCSC-FI news followup 2019-12-23

Finnish government supports local authorities in cyber security initiative www.computerweekly.com/news/252475795/Finnish-government-supports-local-authorities-in-cyber-security-initiative Over 200 of Finlands 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises. Venäjä testasi verkkoyhteyksiä ulkoisen hyökkäyksen varalta yle.fi/uutiset/3-11133312 Venäjän viranomaiset ilmoittavat varautuvansa ääritilanteeseen, jossa maa joutuisi maailmanlaajuisen verkon ulkopuolelle ja eristyksiin muusta maailmasta. […]

Read More