Overview
According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server.
This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including 4 zero-day vulnerabilities.
Windows Win32k Privilege Escalation Vulnerability (CVE-2021-40449)
Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-40469)
Windows Kernel Privilege Escalation Vulnerability (CVE-2021-41335)
Windows AppContainer Firewall Rule Security Function Bypass Vulnerability (CVE-2021-41338)
Affected users are advised to apply patches. For details, please refer to the Appendix: Vulnerability List.
NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-38672, CVE-2021-40461, CVE-2021-40486, CVE-2021-40469, and CVE-2021-40449) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2501, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.
Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Oct
Description of Major Vulnerabilities
Based on the product popularity and vulnerability criticality, we have selected the vulnerabilities with a big impact that users should keep their eyes open for:
Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-38672/ CVE-2021-40461)
Windows Hyper-V is Microsoft’s local virtual machine manager. Guest VM can read the kernel memory in the host and memory allocation errors on its VM, which allows attackers with low privileges to send specially-crafted requests to execute arbitrary code on the target system.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38672
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40461
Windows Win32k Privilege Escalation Vulnerability (CVE-2021-40449)
Win32k contains the NtGdiResetDC function. After this function is freed, an attacker can set the user mode callback. The attacker with low privileges can escalate their privileges by executing unexpected API functions. Now the vulnerability has been found exploited in the wild.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449
Windows Print Spooler Spoofing Vulnerability (CVE-2021-36970):
A vulnerability in the Windows printer spooler service allows an unauthenticated attacker to execute remote code on the target host via user interaction.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36970
Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26427)
An authenticated attacker could compromise the affected Exchange server via an adjacent network, causing remote code execution on the target server.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427
Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)
An attacker could execute arbitrary code with user permissions on the target system by enticing a user to open a specially-crafted malicious word document on the affected system. The preview pane is also the target medium.
For vulnerability details, visit the following link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40486
Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-40469)
When the server is configured as a DNS server, the attacker can exploit the vulnerability to execute remote code with SYSTEM privileges on the target system without user interaction. Currently, vulnerability details have been made publicly available.
For vulnerability details, visit the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40469
Scope of Impact
The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.
| CVE ID | Affected Products and Versions |
| CVE-2021-38672 | Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 11 for x64-based Systems |
| CVE-2021-40461 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 11 for x64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1809 for x64-based Systems |
| CVE-2021-40449 CVE-2021-36970 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 11 for x64-based Systems Windows 11 for ARM64-based Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
| CVE-2021-26427 | Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2013 Cumulative Update 23 |
| CVE-2021-40486 | Microsoft Word 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Office Online Server Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions |
| CVE-2021-40469 | Windows Server, version 2004 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server, version 20H2 (Server Core Installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 |
Mitigation
Patch Update
Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Oct
Note: Windows Update may fail due to network and computer environment problems. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.
Click the Start button and choose Settings (N) > Security & Security > Windows Update to view the prompt message on the page. Alternatively, please view historical updates by clicking the View update history button.
If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.
Appendix: Vulnerability List
| Affected Product | CVE ID | Vulnerability Title | Severity |
| Windows | CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Exchange Server | CVE-2021-34453 | Microsoft Exchange Server Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-36953 | Windows TCP/IP Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | Important |
| Windows | CVE-2021-40443 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40449 | Win32k Privilege Escalation Vulnerability | Important |
| Microsoft Office,Windows | CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-40455 | Windows Installer Spoofing Vulnerability | Important |
| Windows | CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important |
| Windows | CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-40476 | Windows AppContainer Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2021-40477 | Windows Event Tracing Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40478 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Exchange Server | CVE-2021-41348 | Microsoft Exchange Server Privilege Escalation Vulnerability | Important |
| Exchange Server | CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| .NET,Microsoft Visual Studio | CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability | Important |
| Microsoft Visual Studio | CVE-2021-3450 | OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT | Important |
| Microsoft Visual Studio | CVE-2021-3449 | OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing | Important |
| Microsoft Visual Studio | CVE-2020-1971 | OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference | Important |
| Exchange Server | CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-40450 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-40463 | Windows NAT Denial-of-Service Vulnerability | Important |
| Windows | CVE-2021-40464 | Windows Nearby Sharing Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-40466 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40467 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-40470 | DirectX Graphics Kernel Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-40488 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-40489 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-26441 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-26442 | Windows HTTP.sys Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-41334 | Windows Desktop Bridge Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-41335 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-41339 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
| Windows | CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2021-41345 | Storage Spaces Controller Privilege Escalation Vulnerability | Important |
| Windows | CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability | Important |
| Windows | CVE-2021-41347 | Windows AppX Deployment Service Privilege Escalation Vulnerability | Important |
| System Center | CVE-2021-41352 | SCOM Information Disclosure Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-41354 | Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability | Important |
| Windows | CVE-2021-41357 | Win32k Privilege Escalation Vulnerability | Important |
| Apps | CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2021-37974 | Chromium: CVE-2021-37974 Use-After-Free in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37975 | Chromium: CVE-2021-37975 Use-After-Free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37976 | Chromium: CVE-2021-37976 Information Leak in Core | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37977 | Chromium: CVE-2021-37977 Use-After-Free in Garbage Collection | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37978 | Chromium: CVE-2021-37978 Heap Buffer Overflow in Blink | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37979 | Chromium: CVE-2021-37979 Heap Buffer Overflow in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37980 | Chromium: CVE-2021-37980 Inappropriate Implementation in Sandbox | Unknown |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
