Security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software has been released. This patch would also fix an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take over vulnerable systems.
The security flaws have been rated with two being Critical, 68 rated Important and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows-
CVE-2021-40449 (CVSS score: 7.8) – Win32k Elevation of Privilege Vulnerability
CVE-2021-41335 (CVSS score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-40469 (CVSS score: 7.2) – Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-41338 (CVSS score: 5.5) – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
The CVE-2021-40449 tops the list as it is a use-after-free vulnerability in the Win32k kernel driver discovered by Kaspersky as being exploited in the wild in late August and early September 2021 as part of a widespread espionage campaign targeting IT companies, defense contractors and diplomatic entities. This threat cluster has been dubbed “MysterySnail”
Researchers have stated that a similarity in code and a re-use of C2 [command-and-control] infrastructure has enabled researchers trace the attacks to a known actor called IronHusky. The infection chains lead to the deployment of a remote access trojan with the capability of collecting and exfiltrating system information from compromised hosts before reaching out to its C2 server for further instructions.
A host of other bugs have been identified such as;
CVE-2021-26427 – Microsoft Exchange Server Vulnerability
CVE-2021-38672 and CVE-2021-40461 – Windows Hyper-V Vulnerability
CVE-2021-40487 and CVE-2021-41344 – SharePoint Server Vulnerability
CVE-2021-40486 – Microsoft Word Vulnerability
CVE-2021-40454 – Rich Text Edit Control Vulnerability
CVE-2021-26427 with a CVSS score of 9.0 was identified by the U.S. National Security Agency. Bharat Jogi senior manager of vulnerability and threat research at Qualys stated that Exchange servers are high-value targets for hackers looking to penetrate business networks.