71 Vulnerabilities, 4 Zero-days Fixed On Patch Tuesday

In the patch Tuesday for October, Microsoft released fixes for 71 vulnerabilities, one of which was actively exploited and found in Win32k.

While the fixed zero-day bugs CVE-2021-40449, CVE-2021-41338, CVE-2021-40469, and CVE-2021-41335 are being tracked, CVE-2021-40449 with a CVSS severity of 7.8 is actively exploited.

Three other zero-day bugs include CVE-2021-41338, a bug in the Windows AppContainer Firewall with a CVSS severity of 5.5 that allows attackers to bypass security features, CVE-2021-40469, an RCE in the Windows DNS Server with a CVSS severity of 7.2, and finally CVE-2021-41335, an elevated privilege bug with a CVSS severity of 7.8 found in the Windows Kernel.

Other bugs that have been fixed are three critical bugs, CVE-2021-40486, CVE-2021-38672, and CVE-2021-40461. While the first flaw impacts Microsoft Word, the other two flaws affect Hyper-V.

However, in cases where they are exploited, they can all lead to remote code execution.

For more information, read the original story in ZDNet.

71 Vulnerabilities, 4 Zero-days Fixed On Patch Tuesday

Top Stories

Key U.S. data center law faces expiration with no replacement in sight

Starlink introduces $10 monthly hardware rental fee

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

Meta faces backlash after facial recognition code found in smart glasses app

Apple reportedly taps Google Gemini and Nvidia Blackwell Chips for new Siri

Researchers warn AI coding agents can be manipulated through hidden skill files

Related Articles

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

TND News Desk

TND News Desk

Jim Love