Microsoft Patch Tuesday – October 2021
Microsoft patched 74 vulnerabilities in their October 2021 Patch Tuesday release, of which three are rated as critical severity and four were previously reported as zero-days.
Critical Microsoft Vulnerabilities Patched
CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
This was a zero-day, and one of the four addressed by Microsoft this month. This vulnerability impacts the Win32K kernel driver. This is being actively exploited by IronHusky and Chinese APT groups. Microsoft has assigned a CVSSv3 base score of 7.8 to this vulnerability and it should be prioritized for patching.
CVE-2021- 40486 – Microsoft Word Remote Code Execution Vulnerability
This vulnerability is due to improper input validation in Microsoft Word. Adversaries can exploit this vulnerability by tricking target users to open a specially crafted file and perform arbitrary code execution. Microsoft has assigned a CVSSv3 base score of 7.8 to this vulnerability.
CVE-2021-40461, CVE-2021-38672– Windows Hyper-V Remote Code Execution Vulnerabilities
These vulnerabilities are due to a set of flaws in the Network Virtualization Service Provider. They could allow an attacker to execute remote code on the target machine. These CVEs are assigned a CVSSv3 base score of 8.0 by the vendor.
CVE-2021-26427: Microsoft Exchange Server Remote Code Execution Vulnerability
This is an RCE vulnerability targeting Microsoft Exchange Server. Adversaries can only exploit this vulnerability on target machines from an adjacent network. Microsoft assigned a base score of 9.0 for this vulnerability.
Following were the three of the four zero-day vulnerabilities
CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability
Adobe Patch Tuesday – October 2021
Adobe addressed 10 CVEs this Patch Tuesday, and 6 of them are rated as critical severity impacting Acrobat and Reader, Adobe Connect, Opd-cli, Commerce, and Campaign products.
Discover Patch Tuesday Vulnerabilities in VMDR
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).
You can see all your impacted hosts by these vulnerabilities using the following QQL query:
vulnerabilities.vulnerability:(qid:`50115` OR qid:`91822` OR qid:`91823` OR qid:`91824` OR qid:`91825` OR qid:`91826` OR qid:`91827` OR qid:`91828` OR qid:`100416` OR qid:`110392` OR qid:`110393` OR qid:`375952` OR qid:`375953`)
Respond by Patching
VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches in one go.
The following QQL will return the missing patches pertaining to this Patch Tuesday.
(qid:`50115` OR qid:`91822` OR qid:`91823` OR qid:`91824` OR qid:`91825` OR qid:`91826` OR qid:`91827` OR qid:`91828` OR qid:`100416` OR qid:`110392` OR qid:`110393` OR qid:`375952` OR qid:`375953`)
Patch Tuesday Dashboard
The current updated Patch Tuesday dashboards are available in Dashboard Toolbox: 2021 Patch Tuesday Dashboard.
Webinar Series: This Month in Vulnerabilities and Patches
To help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series This Month in Vulnerabilities and Patches.
We discuss some of the key vulnerabilities disclosed in the past month and how to patch them:
- Microsoft Patch Tuesday, October 2021
- Adobe Patch Tuesday, October 2021