October 2021 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in October's Patch Tuesday Index below.

While October brings us Halloween and all types of spooky scares, fortunately, our worst nightmares did not come true with this month’s Patch Tuesday. With a relatively light number of critical and total vulnerabilities, enterprises should not be turned into a house of horrors. There were 74 vulnerabilities reported by Microsoft, three of which are rated as critical. There was one exploited vulnerability, and while this was only rated as high, it is nonetheless important as it involved the Microsoft Windows Operating System. In addition, there were 3 vulnerabilities rated as high that were publicly disclosed.

Adobe has posted a security update for Adobe Acrobat and Reader addressing 2 critical and 2 moderate vulnerabilities. Earlier in the month, Mozilla released five security advisories, all marked as high impact, for Thunderbird, Firefox ESR, and Firefox. Also earlier in the month, Google released a new Chrome version to fix four vulnerabilities, including two zero-days being actively exploited in the wild.

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads. While Apple has not provided any details on how this vulnerability was used in attacks, they state that there are reports of it being actively used in attacks.

Last Updated 01:18 PM ET October 12, 2021.

firefox Mozilla Firefox
Product
Title
Identifier
Severity
Firefox 7 security vulnerabilities fixed in Firefox 93 MFSA 2021-43 High
Firefox ESR 2 security vulnerabilities fixed in Firefox ESR 78.15 MFSA 2021-44 High
Firefox ESR 6 security vulnerabilities fixed in Firefox ESR 91.2 MFSA 2021-45 High
Thunderbird 2 security vulnerabilities fixed in Thunderbird 78.15 MFSA 2021-46 High
Thunderbird 7 security vulnerabilities fixed in Thunderbird 91.2 MFSA 2021-47 High
chrome Google Chrome
Product
Title
Identifier
Severity
Google Chrome 4 security vulnerabilities fixed in Chrome 94.0.4606.71 High
apple Apple
Product
Title
Identifier
Severity
iOS 15.0.2 and iPadOS 15.0.2 1 security vulnerability fixed in iOS 15.0.2 and iPadOS 15.0.2 CVE-2021-30883 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Acrobat and Reader 4 security vulnerabilities fixed in Adobe Acrobat and Reader APSB21-104 Adobe Priority 2
microsoft Microsoft
Product
Title
Identifier
Severity
Role: Windows Hyper-V Windows Hyper-V Remote Code Execution Vulnerability CVE-2021-38672 Critical
Role: Windows Hyper-V Windows Hyper-V Remote Code Execution Vulnerability CVE-2021-40461 Critical
Microsoft Office Word Microsoft Word Remote Code Execution Vulnerability CVE-2021-40486 Critical
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-40449 High
Role: DNS Server Windows DNS Server Remote Code Execution Vulnerability CVE-2021-40469 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-41335 High
Windows AppContainer Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability CVE-2021-41338 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-26427 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-26441 High
HTTP.sys Windows HTTP.sys Elevation of Privilege Vulnerability CVE-2021-26442 High
Microsoft Exchange Server Microsoft Exchange Server Denial of Service Vulnerability CVE-2021-34453 High
Windows TCP/IP Windows TCP/IP Denial of Service Vulnerability CVE-2021-36953 High
Windows Print Spooler Components Windows Print Spooler Spoofing Vulnerability CVE-2021-36970 High
Windows Fastfat Driver Windows Fast FAT File System Driver Information Disclosure Vulnerability CVE-2021-38662 High
Microsoft Windows Windows exFAT File System Information Disclosure Vulnerability CVE-2021-38663 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-40443 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-40450 High
Rich Text Edit Control Rich Text Edit Control Information Disclosure Vulnerability CVE-2021-40454 High
Windows Installer Windows Installer Spoofing Vulnerability CVE-2021-40455 High
Role: Windows AD FS Server Windows AD FS Security Feature Bypass Vulnerability CVE-2021-40456 High
Microsoft Dynamics Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability CVE-2021-40457 High
Windows Remote Procedure Call Runtime Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability CVE-2021-40460 High
Microsoft Windows Codecs Library Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability CVE-2021-40462 High
Windows Network Address Translation (NAT) Windows NAT Denial of Service Vulnerability CVE-2021-40463 High
Windows Nearby Sharing Windows Nearby Sharing Elevation of Privilege Vulnerability CVE-2021-40464 High
Windows Text Shaping Windows Text Shaping Remote Code Execution Vulnerability CVE-2021-40465 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-40466 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-40467 High
Windows Bind Filter Driver Windows Bind Filter Driver Information Disclosure Vulnerability CVE-2021-40468 High
Windows DirectX DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2021-40470 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-40471 High
Microsoft Office Excel Microsoft Excel Information Disclosure Vulnerability CVE-2021-40472 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-40473 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-40474 High
Windows Cloud Files Mini Filter Driver Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability CVE-2021-40475 High
Windows AppContainer Windows AppContainer Elevation Of Privilege Vulnerability CVE-2021-40476 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-40477 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-40478 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-40479 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2021-40480 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2021-40481 High
Microsoft Office SharePoint Microsoft SharePoint Server Information Disclosure Vulnerability CVE-2021-40482 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-40484 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-40485 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-40487 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-40488 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-40489 High
Microsoft Windows Codecs Library Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-41330 High
Microsoft Windows Codecs Library Windows Media Audio Decoder Remote Code Execution Vulnerability CVE-2021-41331 High
Windows Print Spooler Components Windows Print Spooler Information Disclosure Vulnerability CVE-2021-41332 High
Windows Desktop Bridge Windows Desktop Bridge Elevation of Privilege Vulnerability CVE-2021-41334 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2021-41336 High
Role: Windows Active Directory Server Active Directory Security Feature Bypass Vulnerability CVE-2021-41337 High
Microsoft DWM Core Library Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-41339 High
Microsoft Graphics Component Windows Graphics Component Remote Code Execution Vulnerability CVE-2021-41340 High
Windows MSHTML Platform Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-41342 High
Windows Fastfat Driver Windows Fast FAT File System Driver Information Disclosure Vulnerability CVE-2021-41343 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2021-41344 High
Windows Storage Spaces Controller Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-41345 High
Console Window Host Console Window Host Security Feature Bypass Vulnerability CVE-2021-41346 High
Windows AppX Deployment Service Windows AppX Deployment Service Elevation of Privilege Vulnerability CVE-2021-41347 High
Microsoft Exchange Server Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2021-41348 High
Microsoft Exchange Server Microsoft Exchange Server Spoofing Vulnerability CVE-2021-41350 High
System Center SCOM Information Disclosure Vulnerability CVE-2021-41352 High
Microsoft Dynamics 365 Sales Microsoft Dynamics 365 Sales Spoofing Vulnerability CVE-2021-41353 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2021-41354 High
.NET Core & Visual Studio .NET Core and Visual Studio Information Disclosure Vulnerability CVE-2021-41355 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-41357 High
Active Directory Federation Services Active Directory Federation Server Spoofing Vulnerability CVE-2021-41361 High
Microsoft Intune Intune Management Extension Security Feature Bypass Vulnerability CVE-2021-41363 High
Visual Studio OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference CVE-2020-1971 High
Visual Studio OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing CVE-2021-3449 High
Visual Studio OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT CVE-2021-3450 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-40483 Low



About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.