Security News > 2021 > October > Microsoft Patch Tuesday bug harvest festival comes to town

Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws.

Microsoft says one of the bugs, a Win32K privilege elevation issue is currently being exploited.

Childs also highlighted two other vulnerabilities, a Microsoft Word remote code execution bug and a rich text edit control flaw in Power Apps that can be used to expose sensitive information.

"The Critical-rated bugs could allow remote code execution while the Moderate-rated bugs could allow a privilege escalation," he said, adding that the Reader for Android fix closes a single path traversal bug that provides an opportunity for code execution.

On Monday, Apple released iOS 15.0.2, and iPadOS 15.0.2 to address a CVE-2021-30883, an actively exploited zero-day bug in the IOMobileFrameBuffer kernel extension.

Onapsis security researcher Thomas Fritsch in blog post noted that another of the HotNews designees, SAP Security Note #3101406, carries a CVSS score of 9.8 and is the most critical of the bugs in the October harvest.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/12/microsoft_patch_tuesday/