CVE-2021-40449 actively exploited zero-day patched in October 2021 Patch Tuesday

CVE-2021-40449 actively exploited zero-day patched in October 2021 Patch Tuesday

Hello everyone,


Microsoft Patch Tuesday October 2021 comes with fixes for 81 vulnerabilities (including Microsoft Edge for chromium updates), of which 4 are zero-day vulnerabilities.

Of the 4 zero-days, one is actively exploited and the other 3 are publicly disclosed vulnerabilities. The details of which are given below:

Publicly disclosed but not actively exploited:

  • CVE-2021-40469 - Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-41335 - Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2021-41338 - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

 

Actively exploited:

 

Vulnerability description of CVE-2021-40449

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k driver in Microsoft Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Patch details: CVE-2021-40449 

 Patch ID
 Bulletin ID
 Description
 32203
 MS21-OCT2
2021-10 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5006715) (CVE-2021-40449) (CVE-2021-40469) (ESU)
 32202
 MS21-OCT2
2021-10 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5006715) (CVE-2021-40449) (CVE-2021-40469) (ESU)
 32201
 MS21-OCT2
2021-10 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5006728) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338) (ESU)
 32199
 MS21-OCT2
2021-10 Security Only Quality Update for Windows 7 for x64-based Systems (KB5006728) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338) (ESU)
 32200
 MS21-OCT2
2021-10 Security Only Quality Update for Windows 7 for x86-based Systems (KB5006728) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338) (ESU)
 32164
 MS21-OCT2
2021-10 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5006732) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32162
 MS21-OCT2
2021-10 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5006729) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32163
 MS21-OCT2
2021-10 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB5006729) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32161
 MS21-OCT2
2021-10 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB5006729) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32181
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB5006667) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
 32182
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1909 for x86-based Systems (KB5006667) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
 32177
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5006669) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32179
 MS21-OCT3
2021-10 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5006669) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32178
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5006669) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32167
 MS21-OCT3
2021-10 Cumulative Update for Windows Server, version 2004 for x64-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32170
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32165
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32171
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32169
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 2004 for x86-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32168
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32172
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5006670) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32184
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5006672) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32183
 MS21-OCT3
2021-10 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5006672) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32185
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5006672) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32176
 MS21-OCT3
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674)
 32175
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5006675) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
 32174
 MS21-OCT3
2021-10 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5006675) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
 32180
 MS21-OCT3
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699) (CVE-2021-40449) (CVE-2021-40469)
 32205
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5006736) (CVE-2021-40449) (CVE-2021-40469) (ESU)
 32204
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5006736) (CVE-2021-40449) (CVE-2021-40469) (ESU)
 32207
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5006743) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338) (ESU)
 32208
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB5006743) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338) (ESU)
 32206
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB5006743) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338) (ESU)
 32198
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5006739) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32195
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5006714) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32196
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5006714) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
 32197
 MS21-OCT6
2021-10 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB5006714) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)

Cheers, 
The ManageEngine team



      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products