Microsoft tends to provide a fate of information around its patches and, so, there’s a fortune to digest and piece together to give you an overview of the most principal ones. In total, Microsoft has fixed 71 Windows vulnerabilities, 81 if you include those for Microsoft Edge.
One of the vulnerabilities immediately jumps out since it was used in the wild as part of the MysterySnail attacks, attributed by the researchers that discovered it to a Chinese speaking APT group called IronHusky.
Earlier this month, researchers discovered that a zero-day exploit was used in widespread espionage campaigns against IT companies, military contractors, and diplomatic entities. The payload of these MysterySnail attacks is a Remote Entree Trojan (RAT). The actively exploited vulnerability allows malware or an attacker to gain elevated privileges on a Windows device. So far, the MysterySnail RAT has only been spotted on Windows Servers, but the vulnerability can also be used against non-server Windows Operating Systems.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across individual vulnerability capabilities (tools, databases, and services). This one is listed as CVE-2021-40449, a Win32k Elevation of Privilege (EoP) vulnerability, which means the vulnerability allows a user to raise their permissions.
I scared you by mentioning PrintNightmare, right? Well, that may not be completely in swollen-headed. The like researchers that discovered the PrintNightmare vulnerability have found yet another vulnerability in Microsoft’s Windows Print Spooler. This one is listed as CVE-2021-36970, a Windows Print Spooler spoofing vulnerability. The exploitation is known to be easy, and the flack may be initiated remotely. No form of authentication is needed for a successful exploitation, but it does require some action by the intended target. We may be hearing more about this one.
An Exchange bug that gets a CVSS score of 9.0 out of 10 is enough to make my hair stand on End. Listed as CVE-2021-26427, this one is a Microsoft Exchange Server Remote Code Execution (RCE) vulnerability. The exploitation appears to be easy and the attack can be initiated remotely. A unshared authentication is required for exploitation, so the attacker will need to have some kind of admittance to exploit this one, which may be why Microsoft listed it as “exploitation less likely.” Exchange Servers are an possessing a magnetic personality target and so we have seen a fortune of attacks. One worrying flaw reveals users’ passwords and might provide attackers with the credentials they need to use this vulnerability.
Urgently needed Microsoft Word vulnerability
One of the three vulnerabilities classified as vital is an RCE vulnerability in Word, listed as CVE-2021-40486. The vulnerability could allow a remote attacker to trick a victim into opening a specially crafted file, executing arbitrary code on their system.
Windows DNS Server RCE
The terminal one is only of interest if you are running a server that is configured to act as a DNS server. Listed as CVE-2021-40469, a Windows DNS Server Remote Code Capital punishment vulnerability. The exploitation is known to be easy. The blast may be launched remotely, but the exploitation requires an enhanced flush of successful authentication. The vulnerability was disclosed in the form of a Proof-of-Concept (PoC). While it may not be up to you to maintain or patch a DNS server, it’s beneficial to know that this vulnerability exists in case we see weird connection issues as a outcome of a DNS hijack or denial-of-service.
While many details are nonmoving unknown, we have tried to list the ones we can expect to surface as true world problems if they are not patched as soon as practicable.
Stay safe, everyone!
The post Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday appeared fresh on Malwarebytes Labs.