Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities

Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities

October 27, 2021 | Jie Ji

Overview

According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server.

This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including 4 zero-day vulnerabilities.

Windows Win32k Privilege Escalation Vulnerability (CVE-2021-40449)

Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-40469)

Windows Kernel Privilege Escalation Vulnerability (CVE-2021-41335)

Windows AppContainer Firewall Rule Security Function Bypass Vulnerability (CVE-2021-41338)

Affected users are advised to apply patches. For details, please refer to the Appendix: Vulnerability List.

NSFOCUS Remote Security Assessment System (RSAS) can detect most of the vulnerabilities (including high-risk ones such as CVE-2021-38672, CVE-2021-40461, CVE-2021-40486, CVE-2021-40469, and CVE-2021-40449) fixed by these security updates. Customers are advised to immediately update the plug-in package of their RSAS to V6.0R02F01.2501, which is available at http://update.nsfocus.com/update/listRsasDetail/v/vulsys.

Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Oct

Description of Major Vulnerabilities

Based on the product popularity and vulnerability criticality, we have selected the vulnerabilities with a big impact that users should keep their eyes open for:

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-38672/ CVE-2021-40461)

Windows Hyper-V is Microsoft’s local virtual machine manager. Guest VM can read the kernel memory in the host and memory allocation errors on its VM, which allows attackers with low privileges to send specially-crafted requests to execute arbitrary code on the target system.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38672

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40461

Windows Win32k Privilege Escalation Vulnerability (CVE-2021-40449)

Win32k contains the NtGdiResetDC function. After this function is freed, an attacker can set the user mode callback. The attacker with low privileges can escalate their privileges by executing unexpected API functions. Now the vulnerability has been found exploited in the wild.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449

Windows Print Spooler Spoofing Vulnerability (CVE-2021-36970):

A vulnerability in the Windows printer spooler service allows an unauthenticated attacker to execute remote code on the target host via user interaction.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36970

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26427)

An authenticated attacker could compromise the affected Exchange server via an adjacent network, causing remote code execution on the target server.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427

Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)

An attacker could execute arbitrary code with user permissions on the target system by enticing a user to open a specially-crafted malicious word document on the affected system. The preview pane is also the target medium.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40486

Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-40469)

When the server is configured as a DNS server, the attacker can exploit the vulnerability to execute remote code with SYSTEM privileges on the target system without user interaction. Currently, vulnerability details have been made publicly available.

For vulnerability details, visit the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40469

Scope of Impact

The following table lists affected products and versions that require special attention. Please view Microsoft’s security updates for other products affected by these vulnerabilities.

CVE IDAffected Products and Versions
CVE-2021-38672  Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 11 for x64-based Systems
CVE-2021-40461Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 11 for x64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
CVE-2021-40449 CVE-2021-36970Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 11 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
CVE-2021-26427Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2013 Cumulative Update 23
CVE-2021-40486Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Online Server
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
CVE-2021-40469Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016

Mitigation

Patch Update

Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Oct

Note: Windows Update may fail due to network and computer environment problems. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.

Click the Start button and choose Settings (N) > Security & Security > Windows Update to view the prompt message on the page. Alternatively, please view historical updates by clicking the View update history button.

If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.

Appendix: Vulnerability List

Affected ProductCVE IDVulnerability TitleSeverity
WindowsCVE-2021-38672Windows Hyper-V Remote Code Execution VulnerabilityCritical
WindowsCVE-2021-40461Windows Hyper-V Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2021-40486Microsoft Word Remote Code Execution VulnerabilityCritical
Exchange ServerCVE-2021-34453Microsoft Exchange Server Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-36953Windows TCP/IP Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-36970Windows Print Spooler Spoofing VulnerabilityImportant
WindowsCVE-2021-40443Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40449Win32k Privilege Escalation VulnerabilityImportant
Microsoft Office,WindowsCVE-2021-40454Rich Text Edit Control Information Disclosure VulnerabilityImportant
WindowsCVE-2021-40455Windows Installer Spoofing VulnerabilityImportant
WindowsCVE-2021-40456Windows AD FS Security Feature Bypass VulnerabilityImportant
Microsoft DynamicsCVE-2021-40457Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
WindowsCVE-2021-40475Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-40476Windows AppContainer Elevation of Privilege VulnerabilityImportant
WindowsCVE-2021-40477Windows Event Tracing Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40478Storage Spaces Controller Privilege Escalation VulnerabilityImportant
Microsoft OfficeCVE-2021-41344Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Exchange ServerCVE-2021-41348Microsoft Exchange Server Privilege Escalation VulnerabilityImportant
Exchange ServerCVE-2021-41350Microsoft Exchange Server Spoofing VulnerabilityImportant
.NET,Microsoft Visual StudioCVE-2021-41355.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
WindowsCVE-2021-41361Active Directory Federation Server Spoofing VulnerabilityImportant
Microsoft Visual StudioCVE-2021-3450OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICTImportant
Microsoft Visual StudioCVE-2021-3449OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processingImportant
Microsoft Visual StudioCVE-2020-1971OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-referenceImportant
Exchange ServerCVE-2021-26427Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-38662Windows Fast FAT File System Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-38663Windows exFAT File System Information Disclosure VulnerabilityImportant
WindowsCVE-2021-40450Win32k Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40460Windows Remote Procedure Call Runtime Security Feature Bypass VulnerabilityImportant
WindowsCVE-2021-40462Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-40463Windows NAT Denial-of-Service VulnerabilityImportant
WindowsCVE-2021-40464Windows Nearby Sharing Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40465Windows Text Shaping Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-40466Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40467Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40468Windows Bind Filter Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-40469Windows DNS Server Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-40470DirectX Graphics Kernel Privilege Escalation VulnerabilityImportant
Microsoft OfficeCVE-2021-40471Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40472Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2021-40473Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40474Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40479Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40480Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40481Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40482Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2021-40484Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-40485Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-40487Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-40488Storage Spaces Controller Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-40489Storage Spaces Controller Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-26441Storage Spaces Controller Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-26442Windows HTTP.sys Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-41330Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-41331Windows Media Audio Decoder Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-41332Windows Print Spooler Information Disclosure VulnerabilityImportant
WindowsCVE-2021-41334Windows Desktop Bridge Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-41335Windows Kernel Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-41336Windows Kernel Information Disclosure VulnerabilityImportant
WindowsCVE-2021-41337Active Directory Security Feature Bypass VulnerabilityImportant
WindowsCVE-2021-41338Windows AppContainer Firewall Rules Security Feature Bypass VulnerabilityImportant
WindowsCVE-2021-41339Microsoft DWM Core Library Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-41340Windows Graphics Component Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-41342Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
WindowsCVE-2021-41343Windows Fast FAT File System Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2021-41345Storage Spaces Controller Privilege Escalation VulnerabilityImportant
WindowsCVE-2021-41346Console Window Host Security Feature Bypass VulnerabilityImportant
WindowsCVE-2021-41347Windows AppX Deployment Service Privilege Escalation VulnerabilityImportant
System CenterCVE-2021-41352SCOM Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2021-41353Microsoft Dynamics 365 (on-premises) Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2021-41354Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting VulnerabilityImportant
WindowsCVE-2021-41357Win32k Privilege Escalation VulnerabilityImportant
AppsCVE-2021-41363Intune Management Extension Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2021-40483Microsoft SharePoint Server Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2021-37974Chromium: CVE-2021-37974 Use-After-Free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2021-37975Chromium: CVE-2021-37975 Use-After-Free in V8Unknown
Microsoft Edge (Chromium-based)CVE-2021-37976Chromium: CVE-2021-37976 Information Leak in CoreUnknown
Microsoft Edge (Chromium-based)CVE-2021-37977Chromium: CVE-2021-37977 Use-After-Free in Garbage CollectionUnknown
Microsoft Edge (Chromium-based)CVE-2021-37978Chromium: CVE-2021-37978 Heap Buffer Overflow in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2021-37979Chromium: CVE-2021-37979 Heap Buffer Overflow in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2021-37980Chromium: CVE-2021-37980 Inappropriate Implementation in SandboxUnknown

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.