Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th.
In-The-Wild & Disclosed CVEs
Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via MysterySnail. This vulnerability appears to impact all systems from Windows 7 to the newly released Windows 11.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
This remote code execution vulnerability in the Microsoft DNS server impacts all operating systems from Server 2008 to Server 2022. Only servers with the DNS Server role configured are impacted by the vulnerability.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
A publicly disclosed vulnerability in the Windows Kernel could lead to privilege escalation. Unlike CVE-2021-40449, this vulnerability does not include Windows 11 and Windows Server 2022.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
This vulnerability was originally closed by Microsoft Security as a “Won’t Fix” issue. They have since reconsidered and issued an update. The vulnerability was discovered by Google Project Zero’s James Forshaw and is detailed here with the specific Project Zero issue tracked here.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be bold
| Tag | CVE Count | CVEs |
| .NET Core & Visual Studio | 1 | CVE-2021-41355 |
| Windows Fastfat Driver | 2 | CVE-2021-38662, CVE-2021-41343 |
| Console Window Host | 1 | CVE-2021-41346 |
| Microsoft Office Word | 1 | CVE-2021-40486 |
| HTTP.sys | 1 | CVE-2021-26442 |
| Windows Installer | 1 | CVE-2021-40455 |
| Visual Studio | 3 | CVE-2021-3450, CVE-2021-3449, CVE-2020-1971 |
| Microsoft Dynamics | 3 | CVE-2021-40457, CVE-2021-41353, CVE-2021-41354 |
| Windows Storage Spaces Controller | 5 | CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-26441, CVE-2021-41345 |
| Windows DirectX | 1 | CVE-2021-40470 |
| Windows AppX Deployment Service | 1 | CVE-2021-41347 |
| Microsoft Office SharePoint | 5 | CVE-2021-41344, CVE-2021-40482, CVE-2021-40483, CVE-2021-40484, CVE-2021-40487 |
| Microsoft Windows Codecs Library | 3 | CVE-2021-40462, CVE-2021-41330, CVE-2021-41331 |
| Windows Cloud Files Mini Filter Driver | 1 | CVE-2021-40475 |
| Microsoft Office Excel | 6 | CVE-2021-40471, CVE-2021-40472, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485 |
| Microsoft Graphics Component | 1 | CVE-2021-41340 |
| Windows Event Tracing | 1 | CVE-2021-40477 |
| Windows Kernel | 2 | CVE-2021-41335, CVE-2021-41336 |
| Microsoft Exchange Server | 4 | CVE-2021-34453, CVE-2021-41348, CVE-2021-41350, CVE-2021-26427 |
| Windows Nearby Sharing | 1 | CVE-2021-40464 |
| Rich Text Edit Control | 1 | CVE-2021-40454 |
| Windows Remote Procedure Call Runtime | 1 | CVE-2021-40460 |
| Active Directory Federation Services | 1 | CVE-2021-41361 |
| Windows AppContainer | 2 | CVE-2021-40476, CVE-2021-41338 |
| Windows Bind Filter Driver | 1 | CVE-2021-40468 |
| Windows Desktop Bridge | 1 | CVE-2021-41334 |
| Windows Network Address Translation (NAT) | 1 | CVE-2021-40463 |
| Windows MSHTML Platform | 1 | CVE-2021-41342 |
| Role: DNS Server | 1 | CVE-2021-40469 |
| Windows Win32K | 3 | CVE-2021-40449, CVE-2021-40450, CVE-2021-41357 |
| Windows TCP/IP | 1 | CVE-2021-36953 |
| Microsoft DWM Core Library | 1 | CVE-2021-41339 |
| Windows Print Spooler Components | 2 | CVE-2021-36970, CVE-2021-41332 |
| Role: Windows Hyper-V | 2 | CVE-2021-38672, CVE-2021-40461 |
| Windows exFAT File System | 1 | CVE-2021-38663 |
| Microsoft Edge (Chromium-based) | 7 | CVE-2021-37974, CVE-2021-37975, CVE-2021-37976, CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980 |
| Role: Windows AD FS Server | 1 | CVE-2021-40456 |
| Microsoft Office Visio | 2 | CVE-2021-40480, CVE-2021-40481 |
| Windows Text Shaping | 1 | CVE-2021-40465 |
| Microsoft Intune | 1 | CVE-2021-41363 |
| Windows Common Log File System Driver | 3 | CVE-2021-40443, CVE-2021-40466, CVE-2021-40467 |
| Role: Windows Active Directory Server | 1 | CVE-2021-41337 |
| System Center | 1 | CVE-2021-41352 |
Other Information
There were no new advisories included with the October Security Guidance, but there was one update.
ADV200011 – Microsoft Guidance for Addressing Security Feature Bypass in GRUB
Microsoft has updated their advisory on GRUB related to a number of vulnerabilities released in July 2020 and March 2021. The update indicates that newer versions of Windows, including Windows 11, are affected and that an update will be released to address this in Spring 2022.
