Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Four zero-days vulnerabilities and 71 flaws fixed via this month’s Patch Tuesday
7 min. read
Updated onOctober 4, 2023
updated onOctober 4, 2023
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
Today is Microsoft’sOctober 2021 Patch Tuesday, and with it comes fixes for four zero-day vulnerabilities and a total of 74 flaws.
Microsoft has fixed 74 vulnerabilities (81 including Microsoft Edge) with today’s update, with three classified as Critical, and 70 as Important, and one as Low.
4 zero-days vulnerabilities fixed, with one actively exploited
These 81 vulnerabilities that are being patched during this month’s rollout are split into categories, as follows:
October’s Patch Tuesday includes fixes for four zero-day vulnerabilities, with a Win32k Elevation of Privilege Vulnerability vulnerability known to have been actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited vulnerability was discovered by Kaspersky’s Boris Larin (oct0xor) and allows malware or a threat actor to gain elevated privileges on a Windows device.
IronHusky APT uses zero-day on Windows servers#MysterySnail#PatchTuesday#itw0dayshttps://t.co/QnhtJyNfdD
Kasperskydisclosedthat the vulnerability was used by threat actors in “widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.”
As part of the attacks, the threat actors installed a remote access trojan (RAT) that was elevated with higher permissions using the zero-day Windows vulnerability.
Thus, Kaspersky calls this cluster of malicious activity MysterSnail and is attributed to the IronHusky and Chinese-speaking APT activity.
Microsoft also fixed three other publicly disclosed vulnerabilities that are not known to be exploited in attacks.
Other companies also released important updates
This month’s security updates
Below is the complete list of resolved vulnerabilities and released advisories in the October 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view thefull report here.
Have you been struggling with any of the errors and bugs listed in this article? Let us know in the comments section below.
More about the topics:patch tuesday
Alexandru Poloboc
Tech Journalist
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.
A certified gadget freak, he always feels the need to surround himself with next-generation electronics.
When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Alexandru Poloboc
Tech Journalist
With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.
