Microsoft’s October Patch Tuesday Fixes 71 Vulnerabilities

Close up of Microsoft Logo on a Building and a Blue Sky

Microsoft has released a series of patches to fix 71 vulnerabilities in various services, including four zero-day exploits.

One of the zero-day bugs is being actively exploited. Cybersecurity company Kaspersky has traced the malware to several espionage campaigns against IT businesses, military contractors, and diplomatic entities.

Microsoft released the patches on Tuesday, October 12, as part of the company’s “Patch Tuesday.” This is a monthly occurrence where the company releases a series of security patches for its various services, and it typically happens on the second Tuesday of the month.

Patch Fixes a Widely Exploited Zero-Day Bug

The patch addresses the zero-day in the wild exploit CVE-2021-40449. Earlier, researchers at Kaspersky warned Microsoft of the exploit. They found that it affects the Win32k kernel driver, and linked its accompanying malware payload to “widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.”

Kaspersky named the cluster of activity MysterySnail. It said the attacks were connected to “IronHusky and Chinese-speaking APT activity dating back to 2012.” Experts stressed the need to immediately address the MysterySnail RAT (Remote Access Trojan).

Bharat Jogi of IT security provider Qualsys told Threatpost that “MysterySnail has the potential to collect and exfiltrate system information from compromised hosts, in addition to other malicious users having the ability to gain complete control of the affected system and launch further attacks.”

List of Additional Critical Vulnerabilities Addressed

The patch fixed three other zero-day exploits. These are:

  • CVE-2021-41338 (CVSS 5.5): a Windows AppContainer Firewall bug that allowed malicious actors to work around established security features.
  • CVE-2021-40469 (CVSS 7.2): a Remote Code Execution (RCE) vulnerability in Windows DNS Server.
  • CVE-2021-41335 (CVSS 7.8): an elevation of privilege vulnerability, which grants higher access to users to are not granted the requisite privilege by their organization, in Windows Kernel.

Microsoft also released patches for three other critical exploits, which could lead to remote code execution. One of these bugs affects Microsoft Word, while the others target Hyper-V.

Microsoft’s Recent History with High Profile Cyber Attacks

In recent months, Microsoft’s enviable arsenal of widely popular products has faced an onslaught of cyberattacks. Some of the recent high profile incidents are listed below:

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.