Microsoft released its monthly security update Tuesday 12th October 2021, disclosing 71 vulnerabilities across its suite of products.
This Patch Tuesday, 4 zero-days were mentioned, the first of which Microsoft has detected active exploitation:
- CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
- CVE-2021-41338 – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
- CVE-2021-40469 – Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability
One of the zero-day vulnerabilities is being actively exploited. CVE-2021-40449, which was originally reported to Microsoft by Boris Lorin with Kaspersky, uses a previously unknown vulnerability, and impacts the Win32k Kernel driver. The remaining zero-days involve a Windows AppContainer Firewall issue which allows attackers to bypass security features, a remote code execution in Windows DNS Server, and an elevation of privilege vulnerability in the Windows Kernel.
As reported by zdnet.com, the products affected by these vulnerabilities are Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge Browser.