October is traditionally a time of strategy and behavior, and earlier this month, Microsoft distributed what might be considered a treat by some and a strategy by others. After announcing again in 2015 that Windows would be “the last version of Windows”, the company apparently changed its heart and released Windows 11 on 5 October. The new OS starts to launch on that date, but not everyone runs Windows 10. An upgrade has been suggested through Windows Update. The first machines to get the offer are new devices that meet the hardware requirements (including a trusted platform module version 2.0 with minimal processor, memory and storage specifications). It will then roll out to the rest in a phased schedule from now until mid-2022.
The upgrade is free, and if you’re impatient and don’t want to wait, you can use Microsoft’s PC Health Check tool to check your computer’s compatibility. If it passes, you can download Windows 11 Installation Assistant and upgrade now. I did this with my Surface Pro 7, and you can read my first impressions about that experience and the new operating system on my personal blog.
In the meantime, whether you’re running a brand new OS or an older version, it’s an endless effort to keep your operating system and applications up to date. To that end, Microsoft released the following slate of security fixes for the October 12 patch on Tuesday – including Windows 11 fixes. Let’s take a look at this month’s critical and important updates
As usual, you can download the Excel spreadsheet from the Microsoft Security Update Guide website for the full list of October releases. This month’s updates cover a wide range of Microsoft products, features and roles, including .NET Core & Visual Studio, Active Directory Federation Services, Console Window Host, HTTP.sys, Microsoft DWM Core Library, Microsoft Dynamics, Microsoft Dynamics 365 Sales. , Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Intune, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Office Word, Microsoft Windows Codecs Library, Rich Text Edit Control, Introduction: DNS Server , Introduction: Windows Active Directory Server, Role: Windows AD FS Server, Role: Windows Hyper-V, System Center, Visual Studio, Windows AppContainer, Windows AppX Deployment Service, Windows Bind Filter Driver, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Desktop Bridge, Windows DirectX, Windows Event Tracing, Windows XFAT File System, Windows Fastfat Driver, Windows Installer, Windows Kernel, Windows MSHT ML Platform, Windows Address Printing, Windows Address Printby, Spooler Components, Windows Remote Procedure Call Runtime, Windows Storage Spaces Controller, Windows TCP / IP, Windows Text Shaping, and Windows s Win32K.
Many of the CVEs that have been addressed include mitigation, solutions, or frequently asked questions that may be relevant to specific cases, so check them out if you are unable to install updates due to compatibility or other reasons.
This month’s updates include more than 70 vulnerabilities in the above products As such, in this article, we will focus on critical issues as they pose the greatest threat.
Critical and exploitative weakness
Zero-day exposure and attacks have increased this year, so we’ll first look at this month’s zero-day vulnerabilities that have been fixed. It has four weaknesses, the first of which has been widely exploited in attacks on IT companies, military and defense contractors, and diplomatic missions.
Weaknesses are being exploited in the wild
The following vulnerabilities have already been identified in the wild:
CVE-2021-40449 – Win32k height of privilege vulnerabilities. This is an EoP problem that can be exploited locally or remotely by accessing the target system, or relying on the interaction of the attacking user. Wild exploitation has been detected. It affects the current supported versions of Windows clients and server operating systems, including Windows 11 The complexity of the attack and the necessary facilities are minimal, and exploitation can result in complete loss of privacy, integrity and availability. The attack is being called “mysticism” and has been blamed on Iron Husky and Chinese Advanced Persistent Threat (APT) activity.
Other zero-day vulnerabilities have been patched
The following three vulnerabilities were made public before the release of a fix but were not identified as being exploited in the wild:
- CVE-2021-40469 – Windows DNS Server Remote Code Execution Weakness. This is an RCE problem that is remotely exploitable. The complexity of the attack is low. The attacker needs administrative benefits. No user interaction required. This affects currently supported versions of Windows servers, including server core installations (not Windows client operating systems). Exploitation can result in complete loss of privacy, integrity and availability.
- CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability. This is an EoP problem that can be exploited locally or remotely by accessing the target system, or relying on the interaction of the attacking user. It currently affects Windows Server and client-supported versions, but Windows 11 is not listed. The complexity of the attack and the necessary facilities are minimal, and exploitation can result in complete loss of privacy, integrity and availability.
- CVE-2021-41338 – Windows App Container Firewall Rules Security Features Bypass Weaknesses. This is an SFB problem that can be exploited locally or remotely by accessing the target system, or relying on the interaction of the attacking user. It affects currently supported versions of Windows servers and clients, including Windows 11 The complexity of the attack and the necessary facilities are less, and exploitation can lead to the loss of complete privacy. Honesty and availability are not affected.
Other complex vulnerabilities have been patched
The following vulnerabilities were also classified as critical this month but were not disclosed or exploited prior to patch release:
- CVE-2021-38672 – Windows Hyper-V Remote Code Execution Weakness. This is a critical RCE problem where the weaker components are bound to the network stack, but the attack is limited to a logically contiguous topology at the protocol level. The greater the complexity of the attack, the more a successful attack depends on the situation beyond the control of the attacker, but the attacker only needs fewer opportunities. No user interaction required. It affects Windows 11 and Windows Server 2022 Exploitation can result in complete loss of privacy, integrity and availability
- CVE-2021-40461 – Windows Hyper-V Remote Code Execution Weakness. This is another complex RCE problem similar to the one above, with the weaker components bound to the network stack, but the attack is limited to a logically contiguous topology at the protocol level. The greater the complexity of the attack, the more a successful attack depends on the situation beyond the control of the attacker, but the attacker only needs fewer opportunities. No user interaction required. It affects Windows 11 and Windows 10 versions 1809, 1909, 21H1, and 20H2, as well as Windows Server 2022, 2019 and version 2004. Exploitation can result in complete loss of privacy, integrity and availability
- CVE-2021-40486 – Microsoft Word remote code execution vulnerabilities. This is an RCE problem in Word where the attacker exploits vulnerabilities by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH). Or relying on user interactions by another person to perform the actions required to exploit vulnerability vulnerabilities. Attacks are less complicated, and no privileges are required. However, user interaction is required. It affects Word 2013/2013 RT, 2016, 2019, Office Web Apps Server 2013, SharePoint Enterprise Server 2013, and 2016. Exploitation can result in complete loss of privacy, integrity and availability
Important and moderate updates
In addition to the critical and zero-day updates listed above, this month’s patches address seventy vulnerabilities that are rated critical. These include privileges, disclosure, spoofing, and problems with enforcing remote code. You can find the full list in the Security Update Guide. The following are some notes:
- CVE-2021-26427 – Microsoft Exchange Server Remote Code Execution Weakness. This is an RCE vulnerability in Microsoft Exchange Server. The complexity of the attack and the facilities required are both minimal and require no user interaction. It affects Microsoft Exchange Server 2013, 2016 and 2019 Exploitation can result in complete loss of privacy, integrity and availability
- CVE-2021-36970 – Windows Print Spooler Spoofing Weakness. This is a spoofing weakness in the print spooler component of the operating system. The complexity of the attack is minimal and no facilities are required. However, user interaction is required. This affects supported versions of both Windows clients and server operating systems. Exploitation can result in complete loss of privacy, integrity and availability.
KB5006671 – Increasing security updates for Internet Explorer.
KB5006743 – Monthly rollup for Windows 7 and Windows Server 2008 R2
KB5006714 – Monthly rollup for Windows 8.1 and Windows Server 2012 R2
KB5006667 – Updated to Windows 10 version 1909.
KB5006670 – Updates for Windows 10, version 2004, 20H2 and 21H1.
KB5006674 – Updates for Windows 11.
KB5006736 – Monthly rollup for Windows Server 2008.
KB5006739 – Monthly rollup for Windows Server 2012.
KB5006699 – Update for Windows Server 2022.
Most companies will automatically install Microsoft and third party software updates on their server and managed client systems using their preferred patch management system such as GFI’s LanGuard. Automatic patch management saves time and reduces the risk of booted installation.
Most home users will receive updates through the Windows Update service built into the operating system.
Microsoft provides direct downloads for those who need to manually install updates. You can download them from the Microsoft Update Catalog.
Before installing an update, you should always research whether there are known issues that could affect your specific machines and configurations before an update roll out on your production system. There are a number of known issues affecting this month’s updates A complete list of links to KB articles and details of these issues can be found in the release notes here.
Malicious Software Removal Tool (MSRT) Update
MSRT is used to detect and remove malicious software from Windows systems, and its definition is regularly updated. Updates are usually installed via Windows Update, but if you need to download and install them manually, you’ll find links to 32- and 64-bit versions of Windows Malicious Software Removal Tool (KB890830) to remove certain common malware. microsoft.com)
Third party release
In addition to Microsoft’s security update, October Patch on Tuesday brought six security tips and updates from Adobe, which will be discussed in more detail in the third-party patch roundup later this month.