Microsoft’s October 2021 Patch Tuesday Addresses 74 CVEs
Microsoft patched 74 CVEs in the October 2021 Patch Tuesday release, including three rated as critical, 70 rated as important and one rated as low. This is the eighth month in 2021 that Microsoft patched fewer than 100 CVEs. Spoofing vulnerability (CVE-2021-36970) in the Windows Print Spooler received a CVSSv3 score of 8.8 and the designation of “Exploitation More Likely” according to Microsoft’s Exploitability Index. This vulnerability requires that an attacker have access to the same network as a target and user interaction. The advisory lists that a functional exploit does exist for this vulnerability so we may see a PoC circulating in the wild. Please find further comment on this month’s Patch Tuesday from Satnam Narang, Staff Research Engineer, Tenable.
“This month’s Patch Tuesday release includes fixes for 74 CVEs, three of which are rated critical, including one vulnerability that was exploited in the wild as a zero-day. This month’s release includes a fix for CVE-2021-36970, a spoofing vulnerability in Microsoft’s Windows Print Spooler. The vulnerability was discovered by researchers XueFeng Li and Zhiniang Peng of Sangfor. They were also credited with the discovery of CVE-2021-1675, one of two vulnerabilities known as PrintNightmare. While no details have been shared publicly about the flaw, this is definitely one to watch for, as we saw a constant stream of Print Spooler-related vulnerabilities patched over the summer while ransomware groups began incorporating PrintNightmare into their affiliate playbook.
“We strongly encourage organisations to apply these patches as soon as possible. Microsoft also patched CVE-2021-40449, an elevation of privilege vulnerability in Win32k. According to reports, this flaw was exploited in the wild as a zero-day. It is not uncommon to see zero-day elevation of privilege flaws patched during Patch Tuesday. These flaws are most valuable in post-compromise scenarios once an attacker has gained access to a target system through other means, in order to execute code with elevated privileges.” – Satnam Narang, Staff Research Engineer, Tenable