This week is that time of the month when Microsoft turns its attentions to cumulative updates. For the October 2021 Patch Tuesday, Microsoft has sent 71 security fixes covering four zero-day flaws. The company says three of those vulnerabilities are already public.
Among those fixes is a patch for one Win32K zero-day that has already been exploited in the wild.
October 2021 Patch Tuesday covers fixes for a wide range of Microsoft products, such as Exchange Server, Visual Studio, Edge browser, Microsoft Office, and MSHTML.
Microsoft is tracking the zero-day vulnerabilities as CVE-2021-41335, CVE-2021-41338, CVE-2021-40469, and CVE-2021-40449.
The latter of those is the vulnerability that already has an active exploit. Microsoft says CVE-2021-40449 has a CVSS severity rating of 7.8 and is found in the Win32K kernel driver. It was discovered by a Kaspersky researcher. The company published a blog today after already informing Microsoft of the issue and allowing a fix to be created.
Kaspersky calls the exploit MysterySnail and says it is tapping into the Win32K flaw:
“Besides finding the zero-day in the wild, we analyzed the malware payload used along with the zero-day exploit, and found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities,” Kaspersky says.
Looking at the other zero-days, CVE-2021-41338 (CVSS 5.5), is a Windows AppContainer Firewall issue. It would allow threat actors to bypass security on the Windows platform. Next is CVE-2021-40469 (CVSS 7.2), which is a RCE in Windows DNS Server. Finally, CVE-2021-41335 (CVSS 7.8) is an elevation of privilege problem found in the Windows Kernel.
You can check out all Microsoft's fixes in October 2021 Patch Tuesday at the official update page here.
Tip of the day: Windows Aero Shake is a handy feature that lets you quickly reduce screen clutter with a shake of an app's title bar. Doing so minimizes all windows other than the one in focus, allowing you to focus solely on what's at hand. Another wiggle lets you undo Aero Shake, maximizing the other Windows again so you can continue working.
Unfortunately, the feature can also have unintended consequences. Those who move their windows about or have dual monitors may notice that they're accidentally activating Windows shaking. Luckily, enabling or disabling Aero shake isn't too hard.