Microsoft Patch Tuesday – October 2021

Patch Tuesday is once again upon us. The October 2021 edition of Patch Tuesday brings us 76 fixes, 3 of which are rated as critical with one actively exploited. We've listed the most important changes below.

⚡ TL;DR | Go Straight to the October 2021 Patch Tuesday Audit Report

MysterySnail Zero-day

Dubbed "MysterySnail", CVE-2021-40449 is an elevation of privilege exploit that has been exploited in the wild according to Kaspersky. This use-after-free vulnerability in the Win32k kernel driver lies in the Win32k NtGdiResetDC function. Alongside the zero-day vulnerability itself, Kaspersky found that: "variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities."

Two Hyper-V Remote Code Execution Vulnerabilities

Two of the three critically rated fixes are in Hyper-V this month. CVE-2021-38672 and CVE-2021-40461 are both RCE vulnerabilities and while Microsoft has not provided many details of exactly where the vulnerability in Hyper-V resides, the vulnerabilities both score a CVSS 3.1 base score of 8.0. The only detail known details regarding exploitation is that this vulnerability can allow a malicious guest VM to read kernel memory in the host. To exploit the vulnerability the guest VM needs a memory allocation error to occur first, then the bug can be used for a VM escape from guest to host.

Microsoft Word Remote Code Execution Vulnerability

The third critical vulnerability this month is in Microsoft Word. CVE-2021-40486 has a CVSS 3.1 base score of 7.8. Very little is known about the details since Microsoft isn't releasing much. Microsoft has shared that even the Preview Pane is an attack vector.

Windows Thin PC End of Life

Microsoft's lightweight Windows 7 version, named Windows Thin PC is going end of life today. Three weeks ago, we released our Windows Thin PC EOL blog post containing a report to help you migrate or decommission any Windows Thin PCs left in your environment.

Run the Patch Tuesday October 2021 Audit Report

To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

Patch Tuesday October 2021 CVE Codes & Titles

CVE NumberCVE Title
CVE-2021-41353Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVE-2021-41354Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-40449Win32k Elevation of Privilege Vulnerability
CVE-2021-33781Azure AD Security Feature Bypass Vulnerability
CVE-2021-38624Windows Key Storage Provider Security Feature Bypass Vulnerability
CVE-2021-34453Microsoft Exchange Server Denial of Service Vulnerability
CVE-2021-36953Windows TCP/IP Denial of Service Vulnerability
CVE-2021-40454Rich Text Edit Control Information Disclosure Vulnerability
CVE-2021-40455Windows Installer Spoofing Vulnerability
CVE-2021-40456Windows AD FS Security Feature Bypass Vulnerability
CVE-2021-40457Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2021-40475Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2021-40476Windows AppContainer Elevation Of Privilege Vulnerability
CVE-2021-40477Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-40478Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-41348Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-41350Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-41355.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-41361Active Directory Federation Server Spoofing Vulnerability
CVE-2021-3449OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing
CVE-2020-1971OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference
CVE-2021-26427Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-38662Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVE-2021-38663Windows exFAT File System Information Disclosure Vulnerability
CVE-2021-38672Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-40460Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
CVE-2021-40461Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-40462Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
CVE-2021-40463Windows NAT Denial of Service Vulnerability
CVE-2021-40464Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-40465Windows Text Shaping Remote Code Execution Vulnerability
CVE-2021-40468Windows Bind Filter Driver Information Disclosure Vulnerability
CVE-2021-40469Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-40471Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40472Microsoft Excel Information Disclosure Vulnerability
CVE-2021-40473Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40474Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40479Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40480Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-40481Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-40482Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-40483Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-40484Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-40485Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40486Microsoft Word Remote Code Execution Vulnerability
CVE-2021-40488Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40489Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-26441Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-26442Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2021-41330Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-41331Windows Media Audio Decoder Remote Code Execution Vulnerability
CVE-2021-41332Windows Print Spooler Information Disclosure Vulnerability
CVE-2021-41334Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-41335Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-41336Windows Kernel Information Disclosure Vulnerability
CVE-2021-41337Active Directory Security Feature Bypass Vulnerability
CVE-2021-41338Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-41339Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-41340Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-41342Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-41343Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVE-2021-41345Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-41346Console Window Host Security Feature Bypass Vulnerability
CVE-2021-41347Windows AppX Deployment Service Elevation of Privilege Vulnerability
CVE-2021-41352SCOM Information Disclosure Vulnerability
CVE-2021-41363Intune Management Extension Security Feature Bypass Vulnerability
CVE-2021-36970Windows Print Spooler Spoofing Vulnerability
CVE-2021-40443Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-41344Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-40450Win32k Elevation of Privilege Vulnerability
CVE-2021-40466Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40467Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40470DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2021-40487Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-41357Win32k Elevation of Privilege Vulnerability
CVE-2021-3450OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​