October 15th Newsletter

Microsoft Patches New Windows 10 Zero Day Under Attack

Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems.

Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows —

At the top of the list is CVE-2021-40449, a use-after-free vulnerability in the Win32k kernel driver discovered by Kaspersky as being exploited in the wild in late August and early September 2021 as part of a widespread espionage campaign targeting IT companies, defence contractors, and diplomatic entities. The Russian cybersecurity firm dubbed the threat cluster "MysterySnail."

Other bugs of note include remote code execution vulnerabilities affecting Microsoft Exchange Server (CVE-2021-26427), Windows Hyper-V (CVE-2021-38672 and CVE-2021-40461), SharePoint Server (CVE-2021-40487 and CVE-2021-41344), and Microsoft Word (CVE-2021-40486) as well as an information disclosure flaw in Rich Text Edit Control (CVE-2021-40454).

CVE-2021-26427, which has a CVSS score of 9.0 and was identified by the U.S. National Security Agency, once again underscoring that exchange servers are high-value targets for hackers looking to penetrate businesses networks.

The October Patch Tuesday release is rounded out by fixes for two shortcomings newly discovered in the Print Spooler component — CVE-2021-41332 and CVE-2021-36970 — each concerning an information disclosure bug and a spoofing vulnerability, which has been tagged with an "Exploitation More Likely" exploitability index assessment.

"A spoofing vulnerability usually indicates that an attacker can impersonate or identify as another user," security researcher ollypwn noted in a Twitter thread. "In this case, it looks like an attacker can abuse the Spooler service to upload arbitrary files to other servers."





Click here to subscribe to our premium monthly newsletter and get in-depth cybersecurity tips and analysis of the latest threats and scams. New subscribers also get a free copy of our guide to cybersecurity for small businesses.