Issued: Thursday, 14 October, 2021 |
Last Revision: Thursday, 14 October, 2021 |
Vendor: |
Product: |
Severity Level: |
Microsoft has released patches for 74 vulnerabilities (81 including Microsoft Edge), with three classified as Critical and seventy as Important, including four Zero-days with one actively exploited in the wild "CVE-2021-40449".
Some notable vulnerabilities resolved in this update are:
CVE-2021-41335- Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-41338- Windows App Container Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-40449- Win32k Elevation of Privilege Vulnerability
CVE-2021-40469- Windows DNS Server Remote Code Execution Vulnerability
In October 2021 Microsoft has fixed problems of Elevation of Privilege Vulnerabilities, Security Feature Bypass Vulnerabilities, Remote Code Execution Vulnerabilities, Information Disclosure Vulnerabilities, Denial of Service Vulnerabilities and Spoofing Vulnerabilities.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.0 |
CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | 5.5 |
CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | 7.8 |
CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.1 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2021-41334 | Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems |
CVE-2021-41335 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems |
CVE-2021-41338 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems |
CVE-2021-40449 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
CVE-2021-40487 | Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
CVE-2021-40469 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2022 (Server Core installation) |
Table 2: Vulnerable versions
Products patched in October security update include Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge browser.
Organizations are strongly encouraged to apply patches as soon as possible, particularly patches for exploited zero day, and critical vulnerabilities.