CSW Discovers its 50th Zero Day!

October 2021: Patch Watch Digest

Posted on Nov 17, 2021 | By Pavithra Shankar

Highlights of October Digest

Weaponized Vulnerabilities

We have 107 vulnerabilities that have known exploits. Here is our analysis –

  • 5 CVEs are associated with ransomware strains that include Maze.

  • 5 CVEs are linked to APT 1.

  • 9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,  KURTON, and HELAUTO) are correlated to 5 CVEs.

  • 17 CVEs are classified as Remote Code Execution.

  • 2 CVEs have local Privilege Escalation capabilities.

  • 5 CVEs with Cross-Site Scripting (XSS) flaws.

  • 28 CVEs are linked to Denial of Service (DoS).

  • 56 CVEs fall into other categories.

  • 20 CVEs are rated critical and 52 are of high severity.

  • Of these 107 weaponized CVEs, 3 are alerted by CISA.

Click here for our analysis and download patches.

Old Vulnerabilities

231 old vulnerabilities have been fixed by vendors, ranging from the year 2015 to 2020. 

  • 5 CVEs are associated with ransomware strains that include Maze and Cring.

  • 5 CVEs are linked to APT 1.

  • 9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,  KURTON, and  HELAUTO) are correlated to 3 CVEs.

  • 14 CVEs are featured by CISA.

  • Of these, 43 CVEs have known exploits.

  • 1 CVE has Privilege Escalation capabilities.

  • 3 CVEs are Remote Code Execution bugs.

  • 29 CVEs are rated critical and 97 are of high severity. 

Click here for our analysis and download patches.

Microsoft October Patches 2021

Microsoft had released patches for four zero-day vulnerabilities (CVE-2021-40449, CVE-2021-40469, CVE-2021-41335, and CVE-2021-41338) this October. Three CVEs, CVE-2021-40469, CVE-2021-41335, and CVE-2021-41338, have been publicly disclosed, however no active exploitation has been discovered. 

CVE-2021-40449 is a Win32k Kernel driver elevation of privilege vulnerability that has been actively exploited in attacks. To exploit this Windows vulnerability, the threat actors use a remote access trojan (RAT) that is elevated with legal permissions as part of the intrusions. Kaspersky has termed this cluster of malicious activity as MysterSnail and has linked it to the Chinese-speaking APT group IronHusky.

Check out our Microsoft patch watch edition here.

CISA Alerts

CISA has issued alerts for 20 vulnerabilities, including 3 publicly-known exploits.

  • 1 CVE is associated with Maze and APT 1.

  • 1 CVE is classified as a Local Privilege Escalation.

  • 2 CVEs are rated critical and 8 are of high severity.

Click here for our analysis and download patches.

Table: October Security Patches 2021

Security patching should be a part of an Organization's basic system maintenance procedure as there are numerous vulnerabilities that get discovered every week. Patching helps to guard against known vulnerabilities in areas where you are entirely exposed. As a result, patching should be given significant emphasis, and it should be done on a regular basis as part of a system/normal platform's maintenance.


 

Concerned about a cyber-attack?

Want to know more about Vulnerability Management as a Service. 

Talk to us.

Test your defense to know how secure you are…