October 2021 Patch Tuesday Analysis

0

Today’s GREEN Alert addresses Microsoft’s October 2021 security updates. GREEN is actively working to cover these vulnerabilities and plans to ship ASPL-968 on Wednesday, October 13.

CVE in nature and disclosed

CVE-2021-40449

This month we have an elevation of privilege in Win32k which has been exploited in the wild via MysterySnail. This vulnerability appears to impact all systems from Windows 7 to the new version of Windows 11.

Microsoft has classified this as Exploitation detected on the latest software version on the exploitability index.

CVE-2021-40469

This remote code execution vulnerability in Microsoft DNS server affects all operating systems from Server 2008 to Server 2022. Only servers with the configured DNS server role are affected by the vulnerability.

Microsoft ranked it in the Less Likely Exploitation category on the latest software version on the Exploitability Index.

CVE-2021-41335

A publicly disclosed vulnerability in the Windows kernel could result in elevation of privilege. Unlike CVE-2021-40449, this vulnerability does not include Windows 11 and Windows Server 2022.

Microsoft ranked it in the Less Likely Exploitation category on the latest software version on the Exploitability Index.

CVE-2021-41338

This vulnerability was initially closed by Microsoft Security as a “Won’t Fix” issue. They have since reconsidered and released an update. The vulnerability was discovered by James Forshaw of Google Project Zero and is detailed here with the specific Project Zero issue tracked here.

Microsoft ranked it in the Less Likely Exploitation category on the latest software version on the Exploitability Index.

Breakdown of CVEs by tag

While historical groupings of Microsoft Security Bulletins have disappeared, Microsoft vulnerabilities are tagged with an ID. This list provides a breakdown of VECs by tag. Vulnerabilities are also color coded to help identify key issues.

  • Traditional software
  • Mobile software
  • Cloud or Adjacent Cloud
  • Vulnerabilities exploited or disclosed will be fat
Label Number of CVE CVE
.NET Core and Visual Studio 1 CVE-2021-41355
Windows Fastfat Driver 2 CVE-2021-38662, CVE-2021-41343
Console window host 1 CVE-2021-41346
Microsoft Office Word 1 CVE-2021-40486
HTTP.sys 1 CVE-2021-26442
Windows Installer 1 CVE-2021-40455
Visual studio 3 CVE-2021-3450, CVE-2021-3449, CVE-2020-1971
Microsoft Dynamics 3 CVE-2021-40457, CVE-2021-41353, CVE-2021-41354
Windows Storage Controller 5 CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-26441, CVE-2021-41345
Windows DirectX 1 CVE-2021-40470
Windows AppX Deployment Service 1 CVE-2021-41347
Microsoft Office SharePoint 5 CVE-2021-41344, CVE-2021-40482, CVE-2021-40483, CVE-2021-40484, CVE-2021-40487
Microsoft Windows Codec Library 3 CVE-2021-40462, CVE-2021-41330, CVE-2021-41331
Windows Cloud Files Mini-Filter Driver 1 CVE-2021-40475
Microsoft Office Excel 6 CVE-2021-40471, CVE-2021-40472, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485
Microsoft Graphics Component 1 CVE-2021-41340
Windows Event Tracking 1 CVE-2021-40477
Windows kernel 2 CVE-2021-41335, CVE-2021-41336
Microsoft Exchange Server 4 CVE-2021-34453, CVE-2021-41348, CVE-2021-41350, CVE-2021-26427
Windows Share near me 1 CVE-2021-40464
Rich text editing control 1 CVE-2021-40454
Windows remote procedure call execution 1 CVE-2021-40460
Active Directory Federation Services 1 CVE-2021-41361
Windows AppContainer 2 CVE-2021-40476, CVE-2021-41338
Windows Link Filter Driver 1 CVE-2021-40468
Windows Desktop Bridge 1 CVE-2021-41334
Windows Network Address Translation (NAT) 1 CVE-2021-40463
Windows platform MSHTML 1 CVE-2021-41342
Role: DNS Server 1 CVE-2021-40469
Windows Win32K 3 CVE-2021-40449, CVE-2021-40450, CVE-2021-41357
Windows TCP / IP 1 CVE-2021-36953
Microsoft DWM Core Library 1 CVE-2021-41339
Windows Print Spooler Components 2 CVE-2021-36970, CVE-2021-41332
Role: Windows Hyper-V 2 CVE-2021-38672, CVE-2021-40461
Windows exFAT file system 1 CVE-2021-38663
Microsoft Edge (Chrome based) 7 CVE-2021-37974, CVE-2021-37975, CVE-2021-37976, CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980
Role: Windows AD FS Server 1 CVE-2021-40456
Microsoft Office Visio 2 CVE-2021-40480, CVE-2021-40481
Windows text formatting 1 CVE-2021-40465
Microsoft Intune 1 CVE-2021-41363
Windows Common Log File System Driver 3 CVE-2021-40443, CVE-2021-40466, CVE-2021-40467
Role: Windows Active Directory Server 1 CVE-2021-41337
System Center 1 CVE-2021-41352

other information

There were no new notices included in the October Safety Guide, but there was an update.

ADV200011 – Microsoft Tips for Resolving Security Feature Bypass in GRUB

Microsoft has updated its GRUB notice regarding a number of vulnerabilities released in July 2020 and March 2021. The update says new versions of Windows, including Windows 11, are affected and that an update will be released. published to resolve this issue in the spring of 2022.


Source link

Leave A Reply

Your email address will not be published.