Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th.
Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via MysterySnail. This vulnerability appears to impact all systems from Windows 7 to the newly released Windows 11.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
This remote code execution vulnerability in the Microsoft DNS server impacts all operating systems from Server 2008 to Server 2022. Only servers with the DNS Server role configured are impacted by the vulnerability.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
A publicly disclosed vulnerability in the Windows Kernel could lead to privilege escalation. Unlike CVE-2021-40449, this vulnerability does not include Windows 11 and Windows Server 2022.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
This vulnerability was originally closed by Microsoft Security as a “Won’t Fix” issue. They have since reconsidered and issued an update. The vulnerability was discovered by Google Project Zero’s James Forshaw and is detailed here with the specific Project Zero issue tracked here.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/featured/vert-threat-alert-october-2021-patch-tuesday-analysis/
The Biden Administration is issuing new regulations designed to protect women and their health care providers from law enforcement investigations…
The health insurance giant also admitted that it paid a ransom to the threat group as its CEO prepares to…
In addition to supporting research centers, the $12.5 million project focuses on training the next generation of cybersecurity pros to…
The recent discovery of a critical vulnerability in the PuTTY SSH and Telnet client, identified as CVE-2024-31497, has raised significant…
PALO ALTO, Calif. – April 23, 2024 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced that…
Cybersecurity oversight is critical as companies must disclose risk management details. Today we hear from Chris Hetner on his industry…