Patch Tuesday – October 2021

Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2021/10/12/patch-tuesday-october-2021/

Patch Tuesday - October 2021

Today’s Patch Tuesday sees Microsoft issuing fixes for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike.

One vulnerability has already been seen exploited in the wild: CVE-2021-40449 is an elevation of privilege vulnerability in all supported versions of Windows, including the newly released Windows 11. Rated as Important, this is likely being used alongside Remote Code Execution (RCE) and/or social engineering attacks to gain more complete control of targeted systems.

Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.

Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.

Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.

Finally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a VM to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.

Summary Charts

Patch Tuesday - October 2021
Patch Tuesday - October 2021
Patch Tuesday - October 2021
Patch Tuesday - October 2021

Summary Tables

Apps Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-41363 Intune Management Extension Security Feature Bypass Vulnerability No No 4.2 Yes

Browser Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-37980 Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox No No N/A Yes
CVE-2021-37979 Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC No No N/A Yes
CVE-2021-37978 Chromium: CVE-2021-37978 Heap buffer overflow in Blink No No N/A Yes
CVE-2021-37977 Chromium: CVE-2021-37977 Use after free in Garbage Collection No No N/A Yes
CVE-2021-37976 Chromium: CVE-2021-37976 Information leak in core No No N/A Yes
CVE-2021-37975 Chromium: CVE-2021-37975 Use after free in V8 No No N/A Yes
CVE-2021-37974 Chromium: CVE-2021-37974 Use after free in Safe Browsing No No N/A Yes

Developer Tools Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-3450 OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT No No N/A Yes
CVE-2021-3449 OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing No No N/A Yes
CVE-2020-1971 OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference No No N/A Yes
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability No No 5.7 Yes

ESU Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-38663 Windows exFAT File System Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-40465 Windows Text Shaping Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-36953 Windows TCP/IP Denial of Service Vulnerability No No 7.5 No
CVE-2021-40460 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability No No 6.5 Yes
CVE-2021-36970 Windows Print Spooler Spoofing Vulnerability No No 8.8 No
CVE-2021-41332 Windows Print Spooler Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-41342 Windows MSHTML Platform Remote Code Execution Vulnerability No No 6.8 Yes
CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-40455 Windows Installer Spoofing Vulnerability No No 5.5 No
CVE-2021-26442 Windows HTTP.sys Elevation of Privilege Vulnerability No No 7 No
CVE-2021-41340 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38662 Windows Fast FAT File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-41343 Windows Fast FAT File System Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-40469 Windows DNS Server Remote Code Execution Vulnerability No Yes 7.2 Yes
CVE-2021-40443 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40466 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40467 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-40489 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 Yes

Exchange Server Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability No No 6.5 No
CVE-2021-26427 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9 Yes
CVE-2021-41348 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 No
CVE-2021-34453 Microsoft Exchange Server Denial of Service Vulnerability No No 7.5 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40457 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability No No 7.4 Yes
CVE-2021-41353 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability No No 5.4 No
CVE-2021-41354 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No No 4.1 No

Microsoft Office Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40486 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40484 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.1 No
CVE-2021-40487 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2021-40482 Microsoft SharePoint Server Information Disclosure Vulnerability No No 5.3 Yes
CVE-2021-40480 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40481 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.1 Yes
CVE-2021-40471 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40473 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40474 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40479 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40485 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-40472 Microsoft Excel Information Disclosure Vulnerability No No 5.5 Yes

Microsoft Office Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40454 Rich Text Edit Control Information Disclosure Vulnerability No No 5.5 Yes

System Center Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-41352 SCOM Information Disclosure Vulnerability No No 7.5 Yes

Windows Vulnerabilities

CVE Title Exploited Publicly Disclosed? CVSSv3 Base Score has FAQ?
CVE-2021-40464 Windows Nearby Sharing Elevation of Privilege Vulnerability No No 8 No
CVE-2021-40463 Windows NAT Denial of Service Vulnerability No No 7.7 No
CVE-2021-40462 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38672 Windows Hyper-V Remote Code Execution Vulnerability No No 8 Yes
CVE-2021-40461 Windows Hyper-V Remote Code Execution Vulnerability No No 8 No
CVE-2021-40477 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41334 Windows Desktop Bridge Elevation of Privilege Vulnerability No No 7 No
CVE-2021-40475 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-40468 Windows Bind Filter Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability No Yes 5.5 No
CVE-2021-40476 Windows AppContainer Elevation Of Privilege Vulnerability No No 7.5 No
CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability No No 5.3 Yes
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40488 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26441 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-41339 Microsoft DWM Core Library Elevation of Privilege Vulnerability No No 4.7 No
CVE-2021-40470 DirectX Graphics Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-41346 Console Window Host Security Feature Bypass Vulnerability No No 5.3 No
CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability No No 4.9 Yes
CVE-2021-41361 Active Directory Federation Server Spoofing Vulnerability No No 5.4 Yes