Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in October's Patch Tuesday Index below.
While October brings us Halloween and all types of spooky scares, fortunately, our worst nightmares did not come true with this month’s Patch Tuesday. With a relatively light number of critical and total vulnerabilities, enterprises should not be turned into a house of horrors. There were 74 vulnerabilities reported by Microsoft, three of which are rated as critical. There was one exploited vulnerability, and while this was only rated as high, it is nonetheless important as it involved the Microsoft Windows Operating System. In addition, there were 3 vulnerabilities rated as high that were publicly disclosed.
Adobe has posted a security update for Adobe Acrobat and Reader addressing 2 critical and 2 moderate vulnerabilities. Earlier in the month, Mozilla released five security advisories, all marked as high impact, for Thunderbird, Firefox ESR, and Firefox. Also earlier in the month, Google released a new Chrome version to fix four vulnerabilities, including two zero-days being actively exploited in the wild.
Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads. While Apple has not provided any details on how this vulnerability was used in attacks, they state that there are reports of it being actively used in attacks.
Last Updated 01:18 PM ET October 12, 2021.
 Mozilla Firefox |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Firefox | 7 security vulnerabilities fixed in Firefox 93 | MFSA 2021-43 | High |
| Firefox ESR | 2 security vulnerabilities fixed in Firefox ESR 78.15 | MFSA 2021-44 | High |
| Firefox ESR | 6 security vulnerabilities fixed in Firefox ESR 91.2 | MFSA 2021-45 | High |
| Thunderbird | 2 security vulnerabilities fixed in Thunderbird 78.15 | MFSA 2021-46 | High |
| Thunderbird | 7 security vulnerabilities fixed in Thunderbird 91.2 | MFSA 2021-47 | High |
 Google Chrome |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Google Chrome | 4 security vulnerabilities fixed in Chrome | 94.0.4606.71 | High |
 Apple |
|||
| Product |
Title
|
Identifier
|
Severity
|
| iOS 15.0.2 and iPadOS 15.0.2 | 1 security vulnerability fixed in iOS 15.0.2 and iPadOS 15.0.2 | CVE-2021-30883 | High |
 Adobe |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Adobe Acrobat and Reader | 4 security vulnerabilities fixed in Adobe Acrobat and Reader | APSB21-104 | Adobe Priority 2 |
 Microsoft |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Role: Windows Hyper-V | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2021-38672 | Critical |
| Role: Windows Hyper-V | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2021-40461 | Critical |
| Microsoft Office Word | Microsoft Word Remote Code Execution Vulnerability | CVE-2021-40486 | Critical |
| Windows Win32K | Win32k Elevation of Privilege Vulnerability | CVE-2021-40449 | High |
| Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2021-40469 | High |
| Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2021-41335 | High |
| Windows AppContainer | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | CVE-2021-41338 | High |
| Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-26427 | High |
| Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-26441 | High |
| HTTP.sys | Windows HTTP.sys Elevation of Privilege Vulnerability | CVE-2021-26442 | High |
| Microsoft Exchange Server | Microsoft Exchange Server Denial of Service Vulnerability | CVE-2021-34453 | High |
| Windows TCP/IP | Windows TCP/IP Denial of Service Vulnerability | CVE-2021-36953 | High |
| Windows Print Spooler Components | Windows Print Spooler Spoofing Vulnerability | CVE-2021-36970 | High |
| Windows Fastfat Driver | Windows Fast FAT File System Driver Information Disclosure Vulnerability | CVE-2021-38662 | High |
| Microsoft Windows | Windows exFAT File System Information Disclosure Vulnerability | CVE-2021-38663 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2021-40443 | High |
| Windows Win32K | Win32k Elevation of Privilege Vulnerability | CVE-2021-40450 | High |
| Rich Text Edit Control | Rich Text Edit Control Information Disclosure Vulnerability | CVE-2021-40454 | High |
| Windows Installer | Windows Installer Spoofing Vulnerability | CVE-2021-40455 | High |
| Role: Windows AD FS Server | Windows AD FS Security Feature Bypass Vulnerability | CVE-2021-40456 | High |
| Microsoft Dynamics | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | CVE-2021-40457 | High |
| Windows Remote Procedure Call Runtime | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | CVE-2021-40460 | High |
| Microsoft Windows Codecs Library | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | CVE-2021-40462 | High |
| Windows Network Address Translation (NAT) | Windows NAT Denial of Service Vulnerability | CVE-2021-40463 | High |
| Windows Nearby Sharing | Windows Nearby Sharing Elevation of Privilege Vulnerability | CVE-2021-40464 | High |
| Windows Text Shaping | Windows Text Shaping Remote Code Execution Vulnerability | CVE-2021-40465 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2021-40466 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2021-40467 | High |
| Windows Bind Filter Driver | Windows Bind Filter Driver Information Disclosure Vulnerability | CVE-2021-40468 | High |
| Windows DirectX | DirectX Graphics Kernel Elevation of Privilege Vulnerability | CVE-2021-40470 | High |
| Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-40471 | High |
| Microsoft Office Excel | Microsoft Excel Information Disclosure Vulnerability | CVE-2021-40472 | High |
| Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-40473 | High |
| Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-40474 | High |
| Windows Cloud Files Mini Filter Driver | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | CVE-2021-40475 | High |
| Windows AppContainer | Windows AppContainer Elevation Of Privilege Vulnerability | CVE-2021-40476 | High |
| Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-40477 | High |
| Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-40478 | High |
| Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-40479 | High |
| Microsoft Office Visio | Microsoft Office Visio Remote Code Execution Vulnerability | CVE-2021-40480 | High |
| Microsoft Office Visio | Microsoft Office Visio Remote Code Execution Vulnerability | CVE-2021-40481 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Information Disclosure Vulnerability | CVE-2021-40482 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Spoofing Vulnerability | CVE-2021-40484 | High |
| Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-40485 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2021-40487 | High |
| Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-40488 | High |
| Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-40489 | High |
| Microsoft Windows Codecs Library | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | CVE-2021-41330 | High |
| Microsoft Windows Codecs Library | Windows Media Audio Decoder Remote Code Execution Vulnerability | CVE-2021-41331 | High |
| Windows Print Spooler Components | Windows Print Spooler Information Disclosure Vulnerability | CVE-2021-41332 | High |
| Windows Desktop Bridge | Windows Desktop Bridge Elevation of Privilege Vulnerability | CVE-2021-41334 | High |
| Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2021-41336 | High |
| Role: Windows Active Directory Server | Active Directory Security Feature Bypass Vulnerability | CVE-2021-41337 | High |
| Microsoft DWM Core Library | Microsoft DWM Core Library Elevation of Privilege Vulnerability | CVE-2021-41339 | High |
| Microsoft Graphics Component | Windows Graphics Component Remote Code Execution Vulnerability | CVE-2021-41340 | High |
| Windows MSHTML Platform | Windows MSHTML Platform Remote Code Execution Vulnerability | CVE-2021-41342 | High |
| Windows Fastfat Driver | Windows Fast FAT File System Driver Information Disclosure Vulnerability | CVE-2021-41343 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2021-41344 | High |
| Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-41345 | High |
| Console Window Host | Console Window Host Security Feature Bypass Vulnerability | CVE-2021-41346 | High |
| Windows AppX Deployment Service | Windows AppX Deployment Service Elevation of Privilege Vulnerability | CVE-2021-41347 | High |
| Microsoft Exchange Server | Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2021-41348 | High |
| Microsoft Exchange Server | Microsoft Exchange Server Spoofing Vulnerability | CVE-2021-41350 | High |
| System Center | SCOM Information Disclosure Vulnerability | CVE-2021-41352 | High |
| Microsoft Dynamics 365 Sales | Microsoft Dynamics 365 Sales Spoofing Vulnerability | CVE-2021-41353 | High |
| Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVE-2021-41354 | High |
| .NET Core & Visual Studio | .NET Core and Visual Studio Information Disclosure Vulnerability | CVE-2021-41355 | High |
| Windows Win32K | Win32k Elevation of Privilege Vulnerability | CVE-2021-41357 | High |
| Active Directory Federation Services | Active Directory Federation Server Spoofing Vulnerability | CVE-2021-41361 | High |
| Microsoft Intune | Intune Management Extension Security Feature Bypass Vulnerability | CVE-2021-41363 | High |
| Visual Studio | OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference | CVE-2020-1971 | High |
| Visual Studio | OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing | CVE-2021-3449 | High |
| Visual Studio | OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT | CVE-2021-3450 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Spoofing Vulnerability | CVE-2021-40483 | Low |
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
