71 Vulnerabilities, 4 Zero-days Fixed On Patch Tuesday

In the patch Tuesday for October, Microsoft released fixes for 71 vulnerabilities, one of which was actively exploited and found in Win32k.

While the fixed zero-day bugs CVE-2021-40449, CVE-2021-41338, CVE-2021-40469, and CVE-2021-41335 are being tracked, CVE-2021-40449 with a CVSS severity of 7.8 is actively exploited.

Three other zero-day bugs include CVE-2021-41338, a bug in the Windows AppContainer Firewall with a CVSS severity of 5.5 that allows attackers to bypass security features, CVE-2021-40469, an RCE in the Windows DNS Server with a CVSS severity of 7.2, and finally CVE-2021-41335, an elevated privilege bug with a CVSS severity of 7.8 found in the Windows Kernel.

Other bugs that have been fixed are three critical bugs, CVE-2021-40486, CVE-2021-38672, and CVE-2021-40461. While the first flaw impacts Microsoft Word, the other two flaws affect Hyper-V.

However, in cases where they are exploited, they can all lead to remote code execution.

For more information, read the original story in ZDNet.

71 Vulnerabilities, 4 Zero-days Fixed On Patch Tuesday

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered