Exploits & Vulnerabilities
October Patch Tuesday: 3 Critical Bulletins Among 71
The October Patch Tuesday maintains the relatively peaceful streak from previous months with only 3 bulletins rated as Critical among 71 new vulnerabilities.
The October 2021 Patch Tuesday continues the quiet streak observed for the months of August and September. Out of 71 bulletins, only three were rated Critical this month. The list also included a fix for four publicly known vulnerabilities. Of the fixed vulnerabilities, 11 were disclosed via the Zero Day Initiative.
Three Critical patches and other notable vulnerabilities
Only three patches were rated Critical this month. Two of them were remote code execution (RCE) vulnerabilities (CVE-2021-38672 and CVE-2021-40461) found in Hyper-V, a hardware virtualization tool. The other Critical fix was for an RCE found in Microsoft Word (CVE-2021-40486).
Meanwhile, CVE-2021-40449, a Win32k Elevation of Privilege Vulnerability, was discovered being actively exploited in what was likely a targeted campaign. Microsoft also fixed three other publicly known vulnerabilities, CVE-2021-40469, CVE-2021-41338, and CVE-2021-41335, with no reported exploits.
Other patches
Among the 71 bulletins addressed issues found in Microsoft Storage Spaces, Microsoft Excel, and SharePoint. Most of the RCE vulnerabilities were found within the Office family. Exploits to these vulnerabilities would require a specially crafted file that a user would have to open. An exception is CVE-2021-40469, a DNS vulnerability mentioned earlier, but this still requires high privilege to use in an attack.
Two bulletins were also included for print spooler and one for MSHTML. In July, Microsoft released an out-of-band (OOB) patch to quickly address print spooler flaws; the company also issued an early fix ahead of the patch Tuesday for an MSHTML vulnerability in August.
A few days after releasing the September Patch Tuesday, Microsoft also provided additional guidance and fixes for vulnerabilities in the Open Management Infrastructure (OMI) within Azure, which was found being actively exploited by attackers, including a Mirai botnet operator.
Trend Micro solutions
A proactive, multilayered approach to security is key against threats that exploit vulnerabilities — from the gateway, endpoints, networks, and servers.
The Trend Micro™ Deep Security™ solution provides network security, system security, and malware prevention. Combined with Vulnerability Protection, it can protect user systems from a wide range of upcoming threats that might target vulnerabilities. Individual services of Trend Micro Cloud One™, such as Workload Security and Network Security, also use virtual patching to protect their customers.
TippingPoint® Next-Generation Intrusion Prevention System (NGIPS) is a network traffic solution that uses comprehensive and contextual awareness analysis for advanced threats that exploit vulnerabilities.