Security News > 2021 > October > Microsoft Patch Tuesday bug harvest festival comes to town
Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws.
Microsoft says one of the bugs, a Win32K privilege elevation issue is currently being exploited.
Childs also highlighted two other vulnerabilities, a Microsoft Word remote code execution bug and a rich text edit control flaw in Power Apps that can be used to expose sensitive information.
"The Critical-rated bugs could allow remote code execution while the Moderate-rated bugs could allow a privilege escalation," he said, adding that the Reader for Android fix closes a single path traversal bug that provides an opportunity for code execution.
On Monday, Apple released iOS 15.0.2, and iPadOS 15.0.2 to address a CVE-2021-30883, an actively exploited zero-day bug in the IOMobileFrameBuffer kernel extension.
Onapsis security researcher Thomas Fritsch in blog post noted that another of the HotNews designees, SAP Security Note #3101406, carries a CVSS score of 9.8 and is the most critical of the bugs in the October harvest.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/10/12/microsoft_patch_tuesday/
Related news
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- March 2024 Patch Tuesday forecast: A popular framework updated (source)
- Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- March Patch Tuesday sees Hyper-V join the guest-host escape club (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30883 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |