Microsoft released security patches for all supported versions of its Windows operating system today on the October 2021 Patch Tuesday disclosing 78 vulnerabilities in the company’s various software, hardware and firmware offerings

The company released the first patch for Windows 11, the new version of Windows, which it released last week, as well as for other client and server versions of the operating system.

This month’s release is particularly notable because there are only two critical vulnerabilities included, with the rest being important. This is the fewest number of critical vulnerabilities disclosed as part of a Patch Tuesday in at least a year.

Executive Summary

All Windows 10 and 11 systems have patches for critical vulnerabilities.

Windows 11 has received its first update, KB5006674. It resolves a known issue with Intel networking software and the operating system.

Windows versions with known issues: Windows 7, Windows 8.1, Windows 10 version 1809, Windows 10 version 20H2, Windows Server 2019, Windows Server 2008 R2, Windows Server 2012

Taking a closer look at some of the more interesting updates for this month;

 CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
This patch corrected a kernel bug that could be used to escalate privileges on an affected system. Attackers typically use these types of bugs in conjunction with code execution bugs to take over a system. Considering the source of this report, this bug is likely being used in a targeted malware attack. We will also likely see more information about this bug and the associated attack within the next few days.

 CVE-2021-26427 – Microsoft Exchange Server Remote Code Execution Vulnerability
The bug will certainly receive its fair share of attention, if nothing else, due to it being reported by the National Security Agency (NSA). Due to the similar CVE numbers, this bug was likely reported when they reported the more severe Exchange issues back in April. This bug is not as severe since this exploit is limited at the protocol level to a logically adjacent topology and not reachable from the Internet. This flaw, combined with the other Exchange bugs patched this month, should keep Exchange admins busy for a while.

 CVE-2021-40486 – Microsoft Word Remote Code Execution Vulnerability
This patch corrects a bug that would allow code execution when a specially crafted Word document is viewed on an affected system. Although Microsoft lists user interaction required, the Preview Pane is also listed as an attack vector. This creates a much larger attack surface. When combined with a privilege escalation – like the one currently under active attack – this could be used to take over a target system. This bug came through the ZDI program and results from the lack of validating the existence of an object before performing operations on the object.

 CVE-2021-40454 – Rich Text Edit Control Information Disclosure Vulnerability
This vulnerability goes beyond just dumping random memory locations. This bug could allow an attacker to recover cleartext passwords from memory, even on Windows 11. It’s not clear how an attacker would abuse this bug, but if you are using the rich text edit control in Power Apps, definitely test and deploy this bug quickly.

Operating System Distribution


Windows Clients

Windows 7 (extended support only): 19 vulnerabilities: 0 critical and 19 important

Windows 8.1: 27 vulnerabilities: 0 critical and 27 important

Windows 10 version 1909: 37 vulnerabilities: 1 critical and 36 important

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-40461

Windows 10 version 2004, 20H2 and 21H1 : 39 vulnerabilities, 1 critical and 38 important

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-40461

Windows 11:  39 vulnerabilities, 2 critical and 38 important

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-40461

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-38672


Windows Servers

Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 0 critical and 20 important

Windows Server 2012 R2: 28 vulnerabilities: 0 critical and 28 important

Windows Server 2016: 33 vulnerabilities: 0 critical and 33 important

Windows Server 2019: 40 vulnerabilities: 1 critical and 39 important

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-40461

Windows Server 2022: 43 vulnerabilities: 2 critical and 41 important

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-40461

Windows Hyper-V Remote Code Execution Vulnerability — CVE-2021-38672

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2 (Extended support only)

Monthly Rollup: KB5006743 

Security-Only: KB5006728 

Updates and improvements:

Addresses an issue in which an Internet print server cannot package the driver to send to the client.

Addresses an issue in which Security Account Manager (SAM) events are not displayed properly in the Event Viewer.

Adds a new Policy setting to ensure that only admins can install printer drivers on a print server. More information is available on this support page.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

RestrictDriverInstallationToAdministratorsValue: 1Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:Package Point and Print – Approved Servers

Point and Print Restrictions

It is unclear which of these are also included in the Security-Only update. Microsoft simply states:

This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.

Windows 8.1 and Windows Server 2012 R2

Monthly Rollup: KB5006714 

Security-only: KB5006729 

Updates and improvements:

Addresses an issue in which a user does not have a way to track DCOM activation failures on a server that is running Windows Server 2012 R2.

Addresses an issue in which an Internet print server cannot package the driver to send to the client.

Addresses an issue in which Security Account Manager (SAM) events are not displayed properly in the Event Viewer.

In Internet Explorer 11 for Windows 8.1 and Windows Server 2012 R2, certain circumstances might cause Enterprise Mode Site List redirection from Internet Explorer 11 to Microsoft Edge to open the site in multiple tabs in Microsoft Edge.

Adds a new Policy setting to ensure that only admins can install printer drivers on a print server. More information is available on this support page.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

RestrictDriverInstallationToAdministrators

Value: 1

Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:

Package Point and Print – Approved Servers

Point and Print Restrictions

It is unclear which of these are also included in the Security-Only update. Microsoft simply states:

This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.

Windows 10 version 1909

Support Page: KB5006667 

Updates and improvements:

Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protection for Export Address Filtering (EAF).

Windows 10 version 2004, 20H2 and 21H1

Support Page: KB5006670 

Updates and improvements:

Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devices that are subject to Microsoft Exploit Protectionfor Export Address Filtering (EAF).

Windows 11

Support Page: KB5006674 

Updates and improvements:

Addresses known compatibility issues between some Intel “Killer” and “SmartByte” networking software and Windows 11 (original release). Devices with the affected software might drop User Datagram Protocol (UDP) packets under certain conditions. This creates performance and other issues for protocols based on UDP. For example, some websites might load slower than others on the affected devices, which might cause videos to stream slower in certain resolutions. VPN solutions based on UDP might also be slower.

Other security updates

2021-10 Cumulative Update for Windows 10 Version 1607 (KB5006669)

2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699)

2021-10 Cumulative Security Update for Internet Explorer (KB5006671)

2021-10 Security Only Quality Update for Windows Server 2008 (KB5006715)

2021-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5006736)

2021-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5006732)

2021-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5006739)

Servicing Stack Updates

2021-10 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006749)

2021-10 Servicing Stack Update for Windows Server 2008 (KB5006750)

 

Known Issues

Windows 7 and Server 2008 R2

Updates may fail to install if the system is not an ESU system. Expected behaviour.

Certain file operations may fail on cluster shared volumes.

Perform the operation from a process with elevated rights.

Perform the operation from a node that does not have CSV ownership.

Windows 8.1 and Server 2012 R2

Certain file operations may fail on cluster shared volumes.

Perform the operation from a process with elevated rights.

Perform the operation from a node that does not have CSV ownership.

Windows 10 version 2004, 20H2 and 21H1

Some devices may be unable to install updates, throwing the error “PSFX_E_MATCHING_BINARY_MISSING”.

Check out our guide on fixing the error.Custom offline media or custom ISO image installations on devices may remove Microsoft Edge Legacy but may not replace it with the Chromium-based Microsoft Edge.Workaround described on the support page.

 

Security advisories and updates

ADV 990001  Latest Servicing Stack Updates

Other updates (Non Security)

2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 (KB5006064)

2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006066)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for (KB5005537)

2021-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006761)

2021-10 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006762)

2021-10 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5006763)

2021-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5006764)

2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5006067)

2021-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5006060)

2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5006061)

2021-10 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5006063)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 (KB5005538)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5005539)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5005540)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5005541)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5005543)

2021-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5006065)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5006765)

With thanks to the patchmanagement.org team!

WordPress Appliance - Powered by TurnKey Linux