Microsoft Released October 2021 Security Updates - Hexafusion Blog | Hexafusion

Hexafusion Blog

Microsoft Released October 2021 Security Updates


Patch Tuesday Updates More Than 40 ‎Microsoft Products and Technologies
Microsoft has patched a host of vulnerabilities, including three rated ‎‎"critical" and one actively being exploited by nation state threat actors.‎

‎ ‎
Microsoft came out swinging this month with a loaded Patch Tuesday, patching 74 vulnerabilities ‎across 43 products and technologies.‎
This includes three critical vulnerabilities, a slew of Remote Code Execution (RCE) vulnerabilities, ‎and some under active exploit.‎
‎ ‎
Vulnerability details
‎- CVE-2021-40449 – A use-after-free zero-day in the Win32 kernel driver. Kaspersky researchers ‎identified nation-state threat actors utilizing this vulnerability as a privilege escalation method in ‎their Remote Access Trojan (RAT).‎
‎- A critical Remote Code Execution vulnerability impacting Exchange servers.‎
‎- Two HyperV Remote Code Execution Vulnerabilities (CVE-2021-40461 and CVE-2021-38672), ‎which ThreatPost reports can also allow for the VM guest to escape restrictions preventing it from ‎tampering with the host.‎
‎- A fix for PrintNightmare (CVE-2021-36970), whose previous patch did not resolve the issue.‎
‎- Other notable Remote Code Execution Vulnerabilities: ‎
• Word/Office/Sharepoint (CVE-2021-40486),‎
• SharePoint Server (CVE-2021-40487) and‎
• DNS Servers (CVE-2021-40469).‎
An extensive writeup has been provided by ThreatPost.‎
‎ ‎
The extensive list of impacted products is listed on the Microsoft Patch Tuesday Notes.‎
It is urgent that affected systems be updated as soon as possible. ‎
‎ ‎
‎ ‎
Microsoft’s Patch Tuesday Notes

CISA Patch Tuesday Advisory

ThreatPost Patch Tuesday Writeup

Kaspersky Documenting MysterySnail RAT

Apple Releases Updates to Actively Exploited ‎iOS ...

By accepting you will be accessing a service provided by a third-party external to