Summary

Microsoft October 2021 Patch Tuesday (12th October 2021) released patches for four zero-day vulnerabilities and for more than 74 vulnerabilities. The vulnerabilities are classified as 13 Information Disclosure Vulnerabilities, 5 Denial of Service Vulnerabilities, 21 Elevation of Privilege Vulnerabilities, 6 Security Feature Bypass Vulnerabilities, 20 Remote Code Execution Vulnerabilities and 9 Spoofing Vulnerabilities. Out of these 1 is rated as low, 3 as critical and 70 rated as important.

The four Zero days vulnerability are,

• CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
• CVE-2021-40469 – Windows DNS Server Remote Code Execution Vulnerability
• CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability
• CVE-2021-41338 – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

Out of these four zero-day vulnerability Win32k Elevation of Privilege Vulnerability is publicly disclosed and actively exploited while the other three are publicly disclosed but no known exploit in attacks.

After the windows patch was released, Kaspersky disclosed that the critical privilege escalation flaw in the Win32k driver was discovered between late August and early September 2021 while investigating attacks on multiple windows severs. Kaspersky state that this flaw was used ” in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.” By threat actors.

“We are calling this cluster of activity MysterySnail. Code similarity and re-use of C2 infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012.” was further stated by Kaspersky.

Impact

• Allows threat actors to exploit the publicly disclosed vulnerabilities.

Remediate

• Update to the latest version

References

• https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/
• https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct