Head Nerds
Gestion des mises à jour
Sécurité

October 2021 Patch Tuesday: More Print Spooler and Exchange vulnerabilities lurk

The number of vulnerabilities addressed by Microsoft this month continues to trend down, a reprieve from earlier in the year. Security patches are available for 74 vulnerabilities with a smattering of Zero-Days, Critical, and Exploitation More Likely. This month also has a set of noteworthy updates for Apple and Apache.

Though we only have 74 vulnerabilities being addressed, there are 1,608 permutations of specific patches for specific builds of Windows OS. Some vulnerabilities might receive the same patch for four different builds, while another may need a different one for each.

This is why managing patches without a centralized solution can be untenable for MSPs. The ability to audit updates and patches is a must, and the tools commonly used by MSPs and system admins to accomplish this can make it seem fairly trivial. But don’t let a good tool detract from the complexity and importance of the underlying task when positioning patch management within a managed services contract.

Microsoft vulnerabilities

Including Microsoft Edge vulnerabilities (which are typically patched prior to Patch Tuesdays), we have a total of 81 for October. Four of them are zero-days—flaws that were publicly disclosed or are under active exploit prior to fixes being available. There are nine vulnerabilities listed as Exploitation More Likely that should also be on everyone’s prioritization.   

CVE-2021-40449 is of note since it is under active exploitation by APT groups and has been leveraged to deliver the MysterySnail RAT. Further attacks leveraging this elevation of privilege vulnerability would not be surprising.

CVE-2021-26427 (an Exchange vulnerability) and CVE-2021-36970 (a Windows Print Spooler vulnerability) also get called out because they may bring headaches similar to those experienced earlier this year with PrintNightmare and ProxyLogon. Make sure these are included in your earliest possible patch windows.

Related Product

N‑central

Manage large networks or scale IT operations with RMM made for growing service providers.

Vulnerability prioritization

The table below lists Critical, Exploitation More Likely, or Exploitation Detected vulnerabilities. This is to highlight how some might have their patching deferred due to a false sense of importance based on a severity rating. Vulnerabilities marked Exploitation More Likely are just as important to address, and quickly, due to their increased likelihood to cause impacts to an environment.

CVE

Description

Exploitability

Severity

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

Exploitation Less Likely

Critical

CVE-2021-40461

Windows Hyper-V Remote Code Execution Vulnerability

Exploitation Less Likely

Critical

CVE-2021-38672

Windows Hyper-V Remote Code Execution Vulnerability

Exploitation Less Likely

Critical

CVE-2021-40449

Win32k Elevation of Privilege Vulnerability

Exploitation Detected

Important

CVE-2021-41357

Win32k Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2021-41344

Microsoft SharePoint Server Remote Code Execution Vulnerability

Exploitation More Likely

Important

CVE-2021-40487

Microsoft SharePoint Server Remote Code Execution Vulnerability

Exploitation More Likely

Important

CVE-2021-40470

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2021-40467

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2021-40466

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2021-40450

Win32k Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2021-40443

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2021-36970

Windows Print Spooler Spoofing Vulnerability

Exploitation More Likely

Important

Cumulative updates

KB5006670 and KB5006667 cumulative updates were released with typical previous security fixes included for Windows 10 versions 21H1, 20H2, 2004, and 1909. There were also some notable bug fixes included, such as resolving intermittent Outlook freezing and an issue where some apps would not allow keyboard input if the taskbar was not positioned along the bottom of the screen.

Related Product

N‑sight RMM

RMM est parfait pour les petites entreprises MSP et les départements informatiques qui souhaitent être opérationnels rapidement.

End of Service for Windows 10 2004

Joining previous Windows builds that hit EoS this year, Windows 10 2004 will no longer receive security updates after December 14, 2021. That’s only three months to plan for transition to newer builds. If you don’t already have plans in motion, then today is the day to start.

Apple

Apple released security updates for iOS to fix zero-day vulnerability CVE-201-30883 that can be used to exfiltrate data or install malware. There is a freely available POC leveraging this vulnerability. If you manage iPads or iPhones, getting the new Apple update applied should be a priority item.

Apache

While not as prevalent as other solutions that fall under the purview of most MSPs, the sheer deployment base of Apache Web Servers means it is on everyone’s radar when vulnerabilities affect it. The Apache Software Foundation released Apache HTTP 2.4.51 to address an incomplete fix for CVE-2021-42013 that is under active exploit. Attackers are actively scanning the internet for Apache HTTP Servers vulnerable to CVE-2021-41773 and CVE-2021-42013 an is likely to increase. Ensure any HTTP Web Server 2.4.50 are updated ASAP.

Summary

As always, make sure you have established patching processes for evaluation, testing, and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity, then now is the time to start including prioritization of patches for Zero-Days, Exploitation Detected and Exploitation More Likely vulnerabilities in your patch management routines.

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on:

Twitter: @cybersec_nerd

LinkedIn: thesecuritypope

Twitch: cybersec_nerd

© N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.

This document is provided for informational purposes only and should not be relied upon as legal advice. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.

The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common law marks, are registered, or are pending registration with the U.S. Patent and Trademark Office and with other countries. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.