Report Name: Microsoft Patch Tuesday, October 2021Generated: 2021-10-15 00:36:57
| Product Name | Prevalence | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Active Directory | 0.9 | 1 | Active Directory is a directory service developed by Microsoft for Windows domain networks | ||||
| Active Directory Federation Server | 0.9 | 1 | Active Directory is a directory service developed by Microsoft for Windows domain networks | ||||
| SCOM | 0.9 | 1 | System Center Operations Manager | ||||
| Windows DNS Server | 0.9 | 1 | Windows DNS Server | ||||
| Windows Kernel | 0.9 | 1 | 4 | Windows Kernel | |||
| Windows NAT | 0.9 | 1 | Windows component | ||||
| Windows TCP/IP | 0.9 | 1 | Windows component | ||||
| .NET Core and Visual Studio | 0.8 | 1 | .NET Core and Visual Studio | ||||
| Console Window Host | 0.8 | 1 | Windows component | ||||
| DirectX Graphics Kernel | 0.8 | 1 | DirectX Graphics Kernel | ||||
| Microsoft DWM Core Library | 0.8 | 1 | Windows component | ||||
| Microsoft Exchange Server | 0.8 | 2 | 2 | Microsoft Exchange Server | |||
| OpenSSL | 0.8 | 2 | 1 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |||
| Rich Text Edit Control | 0.8 | 1 | Windows component | ||||
| Storage Spaces Controller | 0.8 | 5 | Storage Spaces Controller | ||||
| Windows AD FS | 0.8 | 1 | Windows component | ||||
| Windows AppContainer | 0.8 | 1 | Windows component | ||||
| Windows AppContainer Firewall Rules | 0.8 | 1 | Windows component | ||||
| Windows AppX Deployment Service | 0.8 | 1 | Windows component | ||||
| Windows Bind Filter Driver | 0.8 | 1 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | Windows component | ||||
| Windows Common Log File System Driver | 0.8 | 3 | Windows component | ||||
| Windows Event Tracing | 0.8 | 1 | Windows Event Tracing | ||||
| Windows Fast FAT File System Driver | 0.8 | 2 | Windows component | ||||
| Windows Graphics Component | 0.8 | 1 | Windows Graphics Component | ||||
| Windows HTTP.sys | 0.8 | 1 | Windows component | ||||
| Windows Installer | 0.8 | 1 | Windows Installer | ||||
| Windows MSHTML Platform | 0.8 | 1 | Windows component | ||||
| Windows Media Audio Decoder | 0.8 | 1 | Windows component | ||||
| Windows Media Foundation | 0.8 | 1 | Windows Media Foundation | ||||
| Windows Media Foundation Dolby Digital Atmos Decoders | 0.8 | 1 | Windows component | ||||
| Windows Nearby Sharing | 0.8 | 1 | Windows component | ||||
| Windows Print Spooler | 0.8 | 2 | Windows component | ||||
| Windows Remote Procedure Call Runtime | 0.8 | 1 | Windows component | ||||
| Windows Text Shaping | 0.8 | 1 | Windows component | ||||
| Windows exFAT File System | 0.8 | 1 | Windows component | ||||
| Microsoft SharePoint | 0.7 | 2 | 3 | Microsoft SharePoint | |||
| Windows Desktop Bridge | 0.7 | 1 | Windows Desktop Bridge | ||||
| Microsoft Excel | 0.6 | 5 | 1 | MS Office product | |||
| Microsoft Office Visio | 0.6 | 2 | Microsoft Visio | ||||
| Microsoft Word | 0.6 | 1 | MS Office product | ||||
| Windows Hyper-V | 0.6 | 2 | Hardware virtualization component of the client editions of Windows NT | ||||
| Microsoft Dynamics 365 (on-premises) | 0.5 | 2 | Microsoft Dynamics 365 (on-premises) | ||||
| Microsoft Dynamics 365 Customer Engagement | 0.5 | 1 | Microsoft Dynamics 365 Customer Engagement | ||||
| Intune Management Extension | 0.3 | 1 | Optional agent for Microsoft Intune |
| Vulnerability Type | Criticality | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 20 | Remote Code Execution | ||||
| Security Feature Bypass | 0.9 | 6 | 1 | Security Feature Bypass | |||
| Denial of Service | 0.7 | 4 | 1 | Denial of Service | |||
| Elevation of Privilege | 0.5 | 1 | 20 | Elevation of Privilege | |||
| Cross Site Scripting | 0.4 | 2 | Cross Site Scripting | ||||
| Information Disclosure | 0.4 | 12 | Information Disclosure | ||||
| Spoofing | 0.4 | 7 | Spoofing |
1. 
Elevation of Privilege - Windows Kernel (CVE-2021-40449) - Critical [622]
Description: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB, Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability. This a zero-day vulnerability impacting the Win32K kernel driver. This is being actively exploited by IronHusky and Chinese APT groups. Microsoft has assigned a CVSSv3 base score of 7.8 to this vulnerability and it should be prioritized for patching.
tenable: CVE-2021-40449 is a use-after-free EoP vulnerability in Win32k. The flaw was discovered by researchers at Kaspersky in August and September, who observed it being exploited in the wild as a zero-day in attacks linked to a remote access trojan known as MysterySnail. According to the researchers, the vulnerability is a patch bypass for CVE-2016-3309, a separate EoP vulnerability in the Windows Kernel. EoP vulnerabilities, especially zero-days, are often linked to malware campaigns such as MysterySnail, and they are primarily associated with targeted attacks.
rapid7: One vulnerability has already been seen exploited in the wild: CVE-2021-40449 is an elevation of privilege vulnerability in all supported versions of Windows, including the newly released Windows 11. Rated as Important, this is likely being used alongside Remote Code Execution (RCE) and/or social engineering attacks to gain more complete control of targeted systems.
zdi: CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability. This patch corrected a kernel bug that could be used to escalate privileges on an affected system. Attackers typically use these types of bugs in conjunction with code execution bugs to take over a system. Considering the source of this report, this bug is likely being used in a targeted malware attack. We will also likely see more information about this bug and the associated attack within the next few days.
2. 
Denial of Service - OpenSSL (CVE-2021-3449) - High [577]
Description: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 1.0 | 17 | Public exploit is found at Vulners (OpenSSL 拒绝服务攻击(CVE-2021-3449)) | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Vulners data |
3. 
Remote Code Execution - Microsoft Exchange Server (CVE-2021-26427) - High [475]
Description: Microsoft Exchange Server Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Exchange Server | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data |
qualys: CVE-2021-26427: Microsoft Exchange Server Remote Code Execution Vulnerability. This is an RCE vulnerability targeting Microsoft Exchange Server. Adversaries can only exploit this vulnerability on target machines from an adjacent network. Microsoft assigned a base score of 9.0 for this vulnerability.
tenable: CVE-2021-26427 is an RCE vulnerability in Microsoft Exchange Server which received a CVSSv3 score of 9.0, the highest rated in this Patch Tuesday release. The vulnerability is credited to Andrew Ruddick of the Microsoft Security Response Center, as well as the National Security Agency (NSA). Despite the high CVSS score, the advisory does specifically point out that the vulnerability would only be exploitable from an adjacent network. In April, the NSA was also credited with the discovery of four RCE vulnerabilities in Microsoft Exchange Server.
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
zdi: CVE-2021-26427 - Microsoft Exchange Server Remote Code Execution Vulnerability. The bug will certainly receive its fair share of attention, if nothing else, due to it being reported by the National Security Agency (NSA). Due to the similar CVE numbers, this bug was likely reported when they reported the more severe Exchange issues back in April. This bug is not as severe since this exploit is limited at the protocol level to a logically adjacent topology and not reachable from the Internet. This flaw, combined with the other Exchange bugs patched this month, should keep Exchange admins busy for a while.
4. Remote Code Execution - Windows DNS Server (CVE-2021-40469) - High [467]
Description: Windows DNS Server Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows DNS Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data |
qualys: CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability. Adobe Patch Tuesday – October 2021
tenable: CVE-2021-40469 is an RCE vulnerability in Windows DNS Server. This vulnerability affects Windows server installs that have been configured as DNS servers. According to the advisory, this flaw was publicly disclosed, but it was categorized as “Exploitation Less Likely.” It received a CVSSv3 score of 7.2 because an attacker needs a privileged user account in order to exploit this across the network.
rapid7: Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
5. Remote Code Execution - Windows Media Foundation Dolby Digital Atmos Decoders (CVE-2021-40462) - High [462]
Description: Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
6. Remote Code Execution - Windows Text Shaping (CVE-2021-40465) - High [462]
Description: Windows Text Shaping Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
7. Remote Code Execution - Windows Media Foundation (CVE-2021-41330) - High [462]
Description: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows Media Foundation | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
8. Remote Code Execution - Windows Media Audio Decoder (CVE-2021-41331) - High [462]
Description: Windows Media Audio Decoder Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
9. Remote Code Execution - Windows Graphics Component (CVE-2021-41340) - High [462]
Description: Windows Graphics Component Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows Graphics Component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
10. Remote Code Execution - Windows MSHTML Platform (CVE-2021-41342) - High [448]
Description: Windows MSHTML Platform Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
11. Remote Code Execution - Microsoft SharePoint (CVE-2021-40487) - High [443]
Description: Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
rapid7: Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
12. Remote Code Execution - Microsoft SharePoint (CVE-2021-41344) - High [443]
Description: Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
13. 
Security Feature Bypass - OpenSSL (CVE-2021-3450) - High [428]
Description: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on NVD data |
14. Security Feature Bypass - Windows Remote Procedure Call Runtime (CVE-2021-40460) - High [428]
Description: Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
15. Remote Code Execution - Windows Hyper-V (CVE-2021-38672) - High [424]
Description: Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40461.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on Microsoft data |
qualys: CVE-2021-40461, CVE-2021-38672– Windows Hyper-V Remote Code Execution Vulnerabilities. These vulnerabilities are due to a set of flaws in the Network Virtualization Service Provider. They could allow an attacker to execute remote code on the target machine. These CVEs are assigned a CVSSv3 base score of 8.0 by the vendor.
rapid7: Finally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a VM to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.
16. Remote Code Execution - Windows Hyper-V (CVE-2021-40461) - High [424]
Description: Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on Microsoft data |
qualys: CVE-2021-40461, CVE-2021-38672– Windows Hyper-V Remote Code Execution Vulnerabilities. These vulnerabilities are due to a set of flaws in the Network Virtualization Service Provider. They could allow an attacker to execute remote code on the target machine. These CVEs are assigned a CVSSv3 base score of 8.0 by the vendor.
rapid7: Finally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a VM to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.
17. Remote Code Execution - Microsoft Excel (CVE-2021-40471) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
18. Remote Code Execution - Microsoft Excel (CVE-2021-40473) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
19. Remote Code Execution - Microsoft Excel (CVE-2021-40474) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40479, CVE-2021-40485.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
20. Remote Code Execution - Microsoft Excel (CVE-2021-40479) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40485.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
21. Remote Code Execution - Microsoft Office Visio (CVE-2021-40480) - High [424]
Description: Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40481.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Visio | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
22. Remote Code Execution - Microsoft Excel (CVE-2021-40485) - High [424]
Description: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
23. Remote Code Execution - Microsoft Word (CVE-2021-40486) - High [424]
Description: Microsoft Word Remote Code Execution Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
rapid7: Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
zdi: CVE-2021-40486 - Microsoft Word Remote Code Execution Vulnerability. This patch corrects a bug that would allow code execution when a specially crafted Word document is viewed on an affected system. Although Microsoft lists user interaction required, the Preview Pane is also listed as an attack vector. This creates a much larger attack surface. When combined with a privilege escalation – like the one currently under active attack – this could be used to take over a target system. This bug came through the ZDI program and results from the lack of validating the existence of an object before performing operations on the object.
24. Denial of Service - Windows TCP/IP (CVE-2021-36953) - High [420]
Description: Windows TCP/IP Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
25. Denial of Service - Windows NAT (CVE-2021-40463) - High [420]
Description: Windows NAT Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.7. Based on Microsoft data |
26. Security Feature Bypass - Active Directory (CVE-2021-41337) - High [420]
Description: Active Directory Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.9. Based on Microsoft data |
27. Security Feature Bypass - Windows AppContainer Firewall Rules (CVE-2021-41338) - High [414]
Description: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
qualys: CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability. Adobe Patch Tuesday – October 2021
rapid7: Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
28. Remote Code Execution - Microsoft Office Visio (CVE-2021-40481) - High [410]
Description: Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40480.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Visio | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
29. Denial of Service - Microsoft Exchange Server (CVE-2021-34453) - High [401]
Description: Microsoft Exchange Server Denial of Service Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Microsoft Exchange Server | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
30. Security Feature Bypass - Windows AD FS (CVE-2021-40456) - High [401]
Description: Windows AD FS Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
31. Security Feature Bypass - Console Window Host (CVE-2021-41346) - High [401]
Description: Console Window Host Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
32. Elevation of Privilege - Windows Kernel (CVE-2021-40450) - Medium [379]
Description: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
33. Elevation of Privilege - Windows Kernel (CVE-2021-41335) - Medium [379]
Description: Windows Kernel Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability. Adobe Patch Tuesday – October 2021
tenable: CVE-2021-41335 is an EoP vulnerability in the Windows Kernel which could be used by a low privileged, local attacker to elevate their privileges on an affected system. Microsoft assigned it a CVSSv3 score of 7.8 and rates this as “Exploitation Less Likely,” despite the vulnerability being publicly disclosed. EoP vulnerabilities like this are popular with malicious actors, helping them pivot from a low level user account to a privileged account with access to potentially sensitive data and the ability to execute arbitrary code.
rapid7: Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
34. Elevation of Privilege - Windows Kernel (CVE-2021-41357) - Medium [379]
Description: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
35. Elevation of Privilege - Storage Spaces Controller (CVE-2021-26441) - Medium [360]
Description: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Storage Spaces Controller | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
36. Elevation of Privilege - Windows Common Log File System Driver (CVE-2021-40443) - Medium [360]
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
37. Elevation of Privilege - Windows Nearby Sharing (CVE-2021-40464) - Medium [360]
Description: Windows Nearby Sharing Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on Microsoft data |
38. Elevation of Privilege - Windows Common Log File System Driver (CVE-2021-40466) - Medium [360]
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
39. Elevation of Privilege - Windows Common Log File System Driver (CVE-2021-40467) - Medium [360]
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
40. Elevation of Privilege - DirectX Graphics Kernel (CVE-2021-40470) - Medium [360]
Description: DirectX Graphics Kernel Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
41. Elevation of Privilege - Windows AppContainer (CVE-2021-40476) - Medium [360]
Description: Windows AppContainer Elevation Of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
42. Elevation of Privilege - Windows Event Tracing (CVE-2021-40477) - Medium [360]
Description: Windows Event Tracing Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Event Tracing | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
43. Elevation of Privilege - Storage Spaces Controller (CVE-2021-40478) - Medium [360]
Description: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Storage Spaces Controller | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
44. Elevation of Privilege - Storage Spaces Controller (CVE-2021-40488) - Medium [360]
Description: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Storage Spaces Controller | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
45. Elevation of Privilege - Storage Spaces Controller (CVE-2021-40489) - Medium [360]
Description: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Storage Spaces Controller | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
46. Elevation of Privilege - Storage Spaces Controller (CVE-2021-41345) - Medium [360]
Description: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Storage Spaces Controller | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
47. Elevation of Privilege - Windows AppX Deployment Service (CVE-2021-41347) - Medium [360]
Description: Windows AppX Deployment Service Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
48. Elevation of Privilege - Microsoft Exchange Server (CVE-2021-41348) - Medium [360]
Description: Microsoft Exchange Server Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Exchange Server | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on Microsoft data |
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
49. 
Information Disclosure - SCOM (CVE-2021-41352) - Medium [359]
Description: SCOM Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | System Center Operations Manager | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
50. 
Spoofing - Windows Print Spooler (CVE-2021-36970) - Medium [354]
Description: Windows Print Spooler Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2021-36970 is a spoofing vulnerability in the Windows Print Spooler that received a CVSSv3 score of 8.8 and the designation of “Exploitation More Likely” according to Microsoft’s Exploitability Index. This vulnerability requires that an attacker have access to the same network as a target and user interaction. The advisory lists that a functional exploit does exist for this vulnerability so we may see a PoC circulating in the wild.
rapid7: Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
51. Denial of Service - OpenSSL (CVE-2020-1971) - Medium [347]
Description: The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Vulners data |
52. Elevation of Privilege - Windows HTTP.sys (CVE-2021-26442) - Medium [347]
Description: Windows HTTP.sys Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
53. Information Disclosure - Windows Kernel (CVE-2021-41336) - Medium [332]
Description: Windows Kernel Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
54. Elevation of Privilege - Windows Desktop Bridge (CVE-2021-41334) - Medium [328]
Description: Windows Desktop Bridge Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.7 | 14 | Windows Desktop Bridge | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
55. Information Disclosure - Windows Print Spooler (CVE-2021-41332) - Medium [327]
Description: Windows Print Spooler Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
56. Spoofing - Microsoft Exchange Server (CVE-2021-41350) - Medium [327]
Description: Microsoft Exchange Server Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Microsoft Exchange Server | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
57. Spoofing - Microsoft SharePoint (CVE-2021-40483) - Medium [321]
Description: Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
58. Spoofing - Microsoft SharePoint (CVE-2021-40484) - Medium [321]
Description: Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
59. Elevation of Privilege - Microsoft DWM Core Library (CVE-2021-41339) - Medium [320]
Description: Microsoft DWM Core Library Elevation of Privilege Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.7. Based on Microsoft data |
60. Spoofing - Active Directory Federation Server (CVE-2021-41361) - Medium [318]
Description: Active Directory Federation Server Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on Microsoft data |
61. Information Disclosure - Windows Fast FAT File System Driver (CVE-2021-38662) - Medium [313]
Description: Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41343.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
62. Information Disclosure - Windows exFAT File System (CVE-2021-38663) - Medium [313]
Description: Windows exFAT File System Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
63. Information Disclosure - Rich Text Edit Control (CVE-2021-40454) - Medium [313]
Description: Rich Text Edit Control Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
zdi: CVE-2021-40454 - Rich Text Edit Control Information Disclosure Vulnerability. We don’t often highlight information disclosure bugs, but this vulnerability goes beyond just dumping random memory locations. This bug could allow an attacker to recover cleartext passwords from memory, even on Windows 11. It’s not clear how an attacker would abuse this bug, but if you are using the rich text edit control in Power Apps, definitely test and deploy this bug quickly.
64. Spoofing - Windows Installer (CVE-2021-40455) - Medium [313]
Description: Windows Installer Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows Installer | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
65. Information Disclosure - Windows Bind Filter Driver (CVE-2021-40468) - Medium [313]
Description: Windows Bind Filter Driver Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
66. Information Disclosure - Windows Cloud Files Mini Filter Driver (CVE-2021-40475) - Medium [313]
Description: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
67. Information Disclosure - Windows Fast FAT File System Driver (CVE-2021-41343) - Medium [313]
Description: Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
68. Information Disclosure - .NET Core and Visual Studio (CVE-2021-41355) - Medium [313]
Description: .NET Core and Visual Studio Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | .NET Core and Visual Studio | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.7. Based on Microsoft data |
69. Security Feature Bypass - Intune Management Extension (CVE-2021-41363) - Medium [293]
Description: Intune Management Extension Security Feature Bypass Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.3 | 14 | Optional agent for Microsoft Intune | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.2. Based on Microsoft data |
70. Information Disclosure - Microsoft SharePoint (CVE-2021-40482) - Medium [281]
Description: Microsoft SharePoint Server Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
71. Information Disclosure - Microsoft Excel (CVE-2021-40472) - Medium [275]
Description: Microsoft Excel Information Disclosure Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
72. 
Cross Site Scripting - Microsoft Dynamics 365 Customer Engagement (CVE-2021-40457) - Medium [270]
Description: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Cross Site Scripting | |
| 0.5 | 14 | Microsoft Dynamics 365 Customer Engagement | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on Microsoft data |
73. Spoofing - Microsoft Dynamics 365 (on-premises) (CVE-2021-41353) - Medium [243]
Description: Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Dynamics 365 (on-premises) | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on Microsoft data |
74. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2021-41354) - Medium [229]
Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Cross Site Scripting | |
| 0.5 | 14 | Microsoft Dynamics 365 (on-premises) | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.1. Based on Microsoft data |
Elevation of Privilege (1)qualys: CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability. This a zero-day vulnerability impacting the Win32K kernel driver. This is being actively exploited by IronHusky and Chinese APT groups. Microsoft has assigned a CVSSv3 base score of 7.8 to this vulnerability and it should be prioritized for patching.
tenable: CVE-2021-40449 is a use-after-free EoP vulnerability in Win32k. The flaw was discovered by researchers at Kaspersky in August and September, who observed it being exploited in the wild as a zero-day in attacks linked to a remote access trojan known as MysterySnail. According to the researchers, the vulnerability is a patch bypass for CVE-2016-3309, a separate EoP vulnerability in the Windows Kernel. EoP vulnerabilities, especially zero-days, are often linked to malware campaigns such as MysterySnail, and they are primarily associated with targeted attacks.
rapid7: One vulnerability has already been seen exploited in the wild: CVE-2021-40449 is an elevation of privilege vulnerability in all supported versions of Windows, including the newly released Windows 11. Rated as Important, this is likely being used alongside Remote Code Execution (RCE) and/or social engineering attacks to gain more complete control of targeted systems.
zdi: CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability. This patch corrected a kernel bug that could be used to escalate privileges on an affected system. Attackers typically use these types of bugs in conjunction with code execution bugs to take over a system. Considering the source of this report, this bug is likely being used in a targeted malware attack. We will also likely see more information about this bug and the associated attack within the next few days.
Denial of Service (1)Remote Code Execution (20)qualys: CVE-2021-26427: Microsoft Exchange Server Remote Code Execution Vulnerability. This is an RCE vulnerability targeting Microsoft Exchange Server. Adversaries can only exploit this vulnerability on target machines from an adjacent network. Microsoft assigned a base score of 9.0 for this vulnerability.
tenable: CVE-2021-26427 is an RCE vulnerability in Microsoft Exchange Server which received a CVSSv3 score of 9.0, the highest rated in this Patch Tuesday release. The vulnerability is credited to Andrew Ruddick of the Microsoft Security Response Center, as well as the National Security Agency (NSA). Despite the high CVSS score, the advisory does specifically point out that the vulnerability would only be exploitable from an adjacent network. In April, the NSA was also credited with the discovery of four RCE vulnerabilities in Microsoft Exchange Server.
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
zdi: CVE-2021-26427 - Microsoft Exchange Server Remote Code Execution Vulnerability. The bug will certainly receive its fair share of attention, if nothing else, due to it being reported by the National Security Agency (NSA). Due to the similar CVE numbers, this bug was likely reported when they reported the more severe Exchange issues back in April. This bug is not as severe since this exploit is limited at the protocol level to a logically adjacent topology and not reachable from the Internet. This flaw, combined with the other Exchange bugs patched this month, should keep Exchange admins busy for a while.
qualys: CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability. Adobe Patch Tuesday – October 2021
tenable: CVE-2021-40469 is an RCE vulnerability in Windows DNS Server. This vulnerability affects Windows server installs that have been configured as DNS servers. According to the advisory, this flaw was publicly disclosed, but it was categorized as “Exploitation Less Likely.” It received a CVSSv3 score of 7.2 because an attacker needs a privileged user account in order to exploit this across the network.
rapid7: Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
rapid7: Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
rapid7: Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
zdi: CVE-2021-40486 - Microsoft Word Remote Code Execution Vulnerability. This patch corrects a bug that would allow code execution when a specially crafted Word document is viewed on an affected system. Although Microsoft lists user interaction required, the Preview Pane is also listed as an attack vector. This creates a much larger attack surface. When combined with a privilege escalation – like the one currently under active attack – this could be used to take over a target system. This bug came through the ZDI program and results from the lack of validating the existence of an object before performing operations on the object.
qualys: CVE-2021-40461, CVE-2021-38672– Windows Hyper-V Remote Code Execution Vulnerabilities. These vulnerabilities are due to a set of flaws in the Network Virtualization Service Provider. They could allow an attacker to execute remote code on the target machine. These CVEs are assigned a CVSSv3 base score of 8.0 by the vendor.
rapid7: Finally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a VM to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.
Security Feature Bypass (7)qualys: CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability. Adobe Patch Tuesday – October 2021
rapid7: Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
Denial of Service (4)rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
Elevation of Privilege (20)qualys: CVE-2021-41338: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. CVE-2021-40469: Windows DNS Server Remote Code Execution Vulnerability. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability. Adobe Patch Tuesday – October 2021
tenable: CVE-2021-41335 is an EoP vulnerability in the Windows Kernel which could be used by a low privileged, local attacker to elevate their privileges on an affected system. Microsoft assigned it a CVSSv3 score of 7.8 and rates this as “Exploitation Less Likely,” despite the vulnerability being publicly disclosed. EoP vulnerabilities like this are popular with malicious actors, helping them pivot from a low level user account to a privileged account with access to potentially sensitive data and the ability to execute arbitrary code.
rapid7: Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
Information Disclosure (12)zdi: CVE-2021-40454 - Rich Text Edit Control Information Disclosure Vulnerability. We don’t often highlight information disclosure bugs, but this vulnerability goes beyond just dumping random memory locations. This bug could allow an attacker to recover cleartext passwords from memory, even on Windows 11. It’s not clear how an attacker would abuse this bug, but if you are using the rich text edit control in Power Apps, definitely test and deploy this bug quickly.
Spoofing (7)tenable: CVE-2021-36970 is a spoofing vulnerability in the Windows Print Spooler that received a CVSSv3 score of 8.8 and the designation of “Exploitation More Likely” according to Microsoft’s Exploitability Index. This vulnerability requires that an attacker have access to the same network as a target and user interaction. The advisory lists that a functional exploit does exist for this vulnerability so we may see a PoC circulating in the wild.
rapid7: Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
rapid7: Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
Cross Site Scripting (2)