Microsoft's October Patch Tuesday Addresses 74 CVEs

On October 12, Microsoft published its monthly security update, known as Patch Tuesday. In this month’s Patch Tuesday release, Microsoft addressed 74 CVEs, including three rated critical.

This month’s release contains fixes for CVE-2021-40449, a use-after-free elevation of privilege vulnerability in Microsoft’s Win32k. The flaw was discovered by researchers at Kaspersky, who say the vulnerability was exploited in the wild between August and September as a zero-day and used to deploy a remote access trojan called MysterySnail.

This month's Patch Tuesday release includes fixes for:

• .NET Core & Visual Studio
• Active Directory Federation Services
• Console Window Host
• HTTP.sys
• Microsoft DWM Core Library
• Microsoft Dynamics
• Microsoft Dynamics 365 Sales
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Intune
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Rich Text Edit Control
• Role: DNS Server
• Role: Windows Active Directory Server
• Role: Windows AD FS Server
• Role: Windows Hyper-V
• System Center
• Visual Studio
• Windows AppContainer
• Windows AppX Deployment Service
• Windows Bind Filter Driver
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows Desktop Bridge
• Windows DirectX
• Windows Event Tracing
• Windows exFAT File System
• Windows Fastfat Driver
• Windows Installer
• Windows Kernel
• Windows MSHTML Platform
• Windows Nearby Sharing
• Windows Network Address Translation (NAT)
• Windows Print Spooler Components
• Windows Remote Procedure Call Runtime
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Text Shaping
• Windows Win32K

For more information about the notable vulnerabilities in this month’s Patch Tuesday, including the availability of patches and Tenable product coverage, please visit our blog.