Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th.

In-The-Wild & Disclosed CVEs

CVE-2021-40449

Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via MysterySnail. This vulnerability appears to impact all systems from Windows 7 to the newly released Windows 11.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2021-40469

This remote code execution vulnerability in the Microsoft DNS server impacts all operating systems from Server 2008 to Server 2022. Only servers with the DNS Server role configured are impacted by the vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-41335

A publicly disclosed vulnerability in the Windows Kernel could lead to privilege escalation. Unlike CVE-2021-40449, this vulnerability does not include Windows 11 and Windows Server 2022.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2021-41338

This vulnerability was originally closed by Microsoft Security as a “Won’t Fix” issue. They have since reconsidered and issued an update. The vulnerability was discovered by Google Project Zero’s James Forshaw and is detailed here with the specific Project Zero issue tracked here.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold
TagCVE CountCVEs
.NET Core & Visual Studio1CVE-2021-41355
Windows Fastfat Driver2CVE-2021-38662, CVE-2021-41343
Console Window Host1CVE-2021-41346
Microsoft Office Word1CVE-2021-40486
HTTP.sys1CVE-2021-26442
Windows Installer1CVE-2021-40455
Visual Studio3CVE-2021-3450, CVE-2021-3449, CVE-2020-1971
Microsoft Dynamics3CVE-2021-40457, CVE-2021-41353, CVE-2021-41354
Windows Storage Spaces Controller5CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-26441, CVE-2021-41345
Windows DirectX1CVE-2021-40470
Windows AppX Deployment Service1CVE-2021-41347
Microsoft Office SharePoint5CVE-2021-41344, CVE-2021-40482, CVE-2021-40483, CVE-2021-40484, CVE-2021-40487
Microsoft Windows Codecs Library3CVE-2021-40462, CVE-2021-41330, CVE-2021-41331
Windows Cloud Files Mini Filter Driver1CVE-2021-40475
Microsoft Office Excel6CVE-2021-40471, CVE-2021-40472, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485
Microsoft Graphics Component1CVE-2021-41340
Windows Event Tracing1CVE-2021-40477
Windows Kernel2CVE-2021-41335, CVE-2021-41336
Microsoft Exchange Server4CVE-2021-34453, CVE-2021-41348, CVE-2021-41350, CVE-2021-26427
Windows Nearby Sharing1CVE-2021-40464
Rich Text Edit Control1CVE-2021-40454
Windows Remote Procedure Call Runtime1CVE-2021-40460
Active Directory Federation Services1CVE-2021-41361
Windows AppContainer2CVE-2021-40476, CVE-2021-41338
Windows Bind Filter Driver1CVE-2021-40468
Windows Desktop Bridge1CVE-2021-41334
Windows Network Address Translation (NAT)1CVE-2021-40463
Windows MSHTML Platform1CVE-2021-41342
Role: DNS Server1CVE-2021-40469
Windows Win32K3CVE-2021-40449, CVE-2021-40450, CVE-2021-41357
Windows TCP/IP1CVE-2021-36953
Microsoft DWM Core Library1CVE-2021-41339
Windows Print Spooler Components2CVE-2021-36970, CVE-2021-41332
Role: Windows Hyper-V2CVE-2021-38672, CVE-2021-40461
Windows exFAT File System1CVE-2021-38663
Microsoft Edge (Chromium-based)7CVE-2021-37974, CVE-2021-37975, CVE-2021-37976, CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980
Role: Windows AD FS Server1CVE-2021-40456
Microsoft Office Visio2CVE-2021-40480, CVE-2021-40481
Windows Text Shaping1CVE-2021-40465
Microsoft Intune1CVE-2021-41363
Windows Common Log File System Driver3CVE-2021-40443, CVE-2021-40466, CVE-2021-40467
Role: Windows Active Directory Server1CVE-2021-41337
System Center1CVE-2021-41352

Other Information

There were no new advisories included with the October Security Guidance, but there was one update.

ADV200011 – Microsoft Guidance for Addressing Security Feature Bypass in GRUB

Microsoft has updated their advisory on GRUB related to a number of vulnerabilities released in July 2020 and March 2021. The update indicates that newer versions of Windows, including Windows 11, are affected and that an update will be released to address this in Spring 2022.