Microsoft on Tuesday rolled out safety patches to include a complete of 71 vulnerabilities in Microsoft Home windows and different software program, together with a repair for an actively exploited privilege escalation vulnerability that may very well be exploited at the side of distant code execution bugs to take management over weak techniques.
Two of the addressed safety flaws are rated Important, 68 are rated Necessary, and one is rated Low in severity, with three of the problems listed as publicly identified on the time of the discharge. The 4 zero-days are as follows —
- CVE-2021-40449 (CVSS rating: 7.8) – Win32k Elevation of Privilege Vulnerability
- CVE-2021-41335 (CVSS rating: 7.8) – Home windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-40469 (CVSS rating: 7.2) – Home windows DNS Server Distant Code Execution Vulnerability
- CVE-2021-41338 (CVSS rating: 5.5) – Home windows AppContainer Firewall Guidelines Safety Function Bypass Vulnerability
On the prime of the record is CVE-2021-40449, a use-after-free vulnerability within the Win32k kernel driver found by Kaspersky as being exploited within the wild in late August and early September 2021 as a part of a widespread espionage marketing campaign concentrating on IT firms, protection contractors, and diplomatic entities. The Russian cybersecurity agency dubbed the menace cluster “MysterySnail.”
“Code similarity and re-use of C2 [command-and-control] infrastructure we found allowed us to attach these assaults with the actor often called IronHusky and Chinese language-speaking APT exercise courting again to 2012,” Kaspersky researchers Boris Larin and Costin Raiu stated in a technical write-up, with the an infection chains resulting in the deployment of a distant entry trojan able to gathering and exfiltrating system info from compromised hosts earlier than reaching out to its C2 server for additional directions.
Different bugs of word embody distant code execution vulnerabilities affecting Microsoft Alternate Server (CVE-2021-26427), Home windows Hyper-V (CVE-2021-38672 and CVE-2021-40461), SharePoint Server (CVE-2021-40487 and CVE-2021-41344), and Microsoft Phrase (CVE-2021-40486) in addition to an info disclosure flaw in Wealthy Textual content Edit Management (CVE-2021-40454).
CVE-2021-26427, which has a CVSS rating of 9.0 and was recognized by the U.S. Nationwide Safety Company, underscores that “Alternate servers are high-value targets for hackers trying to penetrate enterprise networks,” Bharat Jogi, senior supervisor of vulnerability and menace analysis at Qualys, stated.
The October Patch Tuesday is rounded out by fixes for 2 shortcomings newly found within the Print Spooler part — CVE-2021-41332 and CVE-2021-36970 — every regarding an info disclosure bug and a spoofing vulnerability, which has been tagged with an “Exploitation Extra Probably” exploitability index evaluation.
“A spoofing vulnerability often signifies that an attacker can impersonate or establish as one other consumer,” safety researcher ollypwn famous in a Twitter thread. “On this case, it seems like an attacker can abuse the Spooler service to add arbitrary recordsdata to different servers.”
Software program Patches From Different Distributors
Along with Microsoft, patches have additionally been launched by quite a few different distributors to handle a number of vulnerabilities, together with —