This week has marked the arrival of scheduled monthly updates from Microsoft. With October Patch Tuesday, Microsoft has fixed 71 different vulnerabilities, including some zero-day bugs.
Multiple Zero-Day Vulnerabilities Fixed
One of the major security bugs receiving fixes this month includes a privilege escalation vulnerability in the Windows kernel. The tech giant has labeled this bug, CVE-2021-40449, as an important severity vulnerability that went under active exploitation without public disclosure.
This bug first caught the attention of a Kaspersky researcher Boris Larin. Larin noticed the threat actors exploiting it to deliver MysterySnail trojan. Elaborating about this malware campaign in a blog post, Kaspersky described MysterSnail as a RAT predominantly targeting companies from the defense, IT, and diplomatic sectors for espionage.
Alongside this one, Microsoft has released patches for three important-severity publicly known vulnerabilities that ditched active exploitation. These include CVE-2021-41338 – a security feature bypass in Windows AppContainer Firewall Rules, CVE-2021-40469 – an RCE flaw in Windows DNS Server, CVE-2021-41335 – a privilege escalation bug in Windows kernel.
Other October Patch Tuesday Fixes From Microsoft
Apart from the zero-day bugs, Microsoft has fixed numerous other vulnerabilities, including three critical-severity flaws.
One of these bugs affected Microsoft Word (CVE-2021-40486) while the other two (CVE-2021-38672 and CVE-2021-40461) existed in the Windows Hyper-V component. All three would lead to remote code execution upon exploitation.
Besides, the tech giant addressed 63 important severity bugs (excluding the zero-days listed above) and 1 low-severity vulnerability. These bugs affected different Microsoft components such as Microsoft SharePoint Server, Microsoft Exchange Server, Storage Spaces Controller, Microsoft Office Visio, Microsoft Excel, Windows Print Spooler, and others.
These scheduled updates have already reached numerous compatible Windows systems globally.
Yet, those who have not received the updates yet or prefer manual installation should update their systems at the earliest to avoid security risks.