HomeUpdatesMicrosoft updates: Windows 10 KB5006670 & KB5006667 and new Patch Tuesday released

Microsoft updates: Windows 10 KB5006670 & KB5006667 and new Patch Tuesday released

These days, Microsoft brings a lot of upadtes after its release Microsoft Patch Tuesday as well as the cumulative updates KB5006670 and KB5006667 for the latest versions of Windows 10.

Microsoft updates Windows 10 KB5006670 & KB5006667
Microsoft updates: Windows 10 KB5006670 & KB5006667 and new Patch Tuesday released

Microsoft released it yesterday Patch Tuesday of October 2021, which corrects more than 70 security vulnerabilities. Four of these vulnerabilities are zero-days.

Along with corrections to Microsoft Edge, Microsoft has fixed a total of 81 vulnerabilities.

Most of the vulnerabilities fixed in the Microsoft Patch Tuesday October have been identified as important, while three are considered critical.

See also: Microsoft converts Windows Subsystem (Linux) to Windows 11 app

Specifically, the following are corrected:

  • 21 Elevation of Privilege vulnerabilities
  • 20 Remote Code Execution vulnerabilities
  • 13 information vulnerabilities
  • 9 Spoofing vulnerabilities
  • 6 Security Feature Bypass vulnerabilities
  • 5 Denial of Service vulnerabilities
Microsoft Patch Tuesday
Microsoft updates: Windows 10 KB5006670 & KB5006667 and new Patch Tuesday released

Microsoft Patch Tuesday October 2021: Four zero-day vulnerabilities are fixed

October Patch Tuesday includes fixes for four zero-day vulnerabilities. One of them, the Win32k Elevation of Privilege vulnerability (CVE-2021-40449), had already been used by Chinese hackers.

This vulnerability was discovered by its researchers Kaspersky and allows an attacker to gain increased privileges on a Windows device.

Kaspersky has revealed that the vulnerability has been exploited by threat agents in "Extensive spy campaigns against IT companies, military / defense contractors, and diplomatic entities".

As part of the attacks, the attackers installed one RAT trojan.

Microsoft also fixed three other zero-day vulnerabilities with Patch Tuesday October:

CVE-2021-40469- Windows DNS Server Remote Code Execution vulnerability

CVE-2021-41335- Windows Kernel Elevation of Privilege vulnerability

CVE-2021-41338- Windows AppContainer Firewall Rules Security Feature Bypass vulnerability

See also: Microsoft: Half of all cyber-attacks in the United States come from Russia

Microsoft updates: Microsoft Patch Tuesday October 2021

In the table below you can see all the vulnerabilities that this month's patch fixes:

TagCVE IDCVE TitleSeverity
.NET Core & Visual StudioCVE-2021-41355.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
Active Directory Federation ServicesCVE-2021-41361Active Directory Federation Server Spoofing VulnerabilityImportant
Console Window HostCVE-2021-41346Console Window Host Security Feature Bypass VulnerabilityImportant
HTTP.sysCVE-2021-26442Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Microsoft DWM Core LibraryCVE-2021-41339Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2021-40457Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2021-41353Microsoft Dynamics 365 (on-premises) Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2021-41354Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-37978Chromium: CVE-2021-37978 Heap buffer overflow in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2021-37979Chromium: CVE-2021-37979 Heap buffer overflow in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2021-37980Chromium: CVE-2021-37980 Inappropriate implementation in SandboxUnknown
Microsoft Edge (Chromium-based)CVE-2021-37977Chromium: CVE-2021-37977 Use after free in Garbage CollectionUnknown
Microsoft Edge (Chromium-based)CVE-2021-37974Chromium: CVE-2021-37974 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2021-37975Chromium: CVE-2021-37975 Use after free in V8Unknown
Microsoft Edge (Chromium-based)CVE-2021-37976Chromium: CVE-2021-37976 Information leak in coreUnknown
Microsoft Exchange ServerCVE-2021-26427Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34453Microsoft Exchange Server Denial of Service VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41348Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41350Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-41340Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft IntuneCVE-2021-41363Intune Management Extension Security Feature Bypass VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40473Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40472Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40471Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40474Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40485Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40479Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-40487Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-40483Microsoft SharePoint Server Spoofing Vulnerabilitylow
Microsoft Office SharePointCVE-2021-40484Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-40482Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-41344Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-40480Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-40481Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2021-40486Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-40462Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-41330Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-41331Windows Media Audio Decoder Remote Code Execution VulnerabilityImportant
Rich Text Edit ControlCVE-2021-40454Rich Text Edit Control Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2021-40469Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Active Directory ServerCVE-2021-41337Active Directory Security Feature Bypass VulnerabilityImportant
Role: Windows AD FS ServerCVE-2021-40456Windows AD FS Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-40461Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2021-38672Windows Hyper-V Remote Code Execution VulnerabilityCritical
System CenterCVE-2021-41352SCOM Information Disclosure VulnerabilityImportant
Visual StudioCVE-2020-1971OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-referenceImportant
Visual StudioCVE-2021-3450OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICTImportant
Visual StudioCVE-2021-3449OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processingImportant
Windows AppContainerCVE-2021-41338Windows AppContainer Firewall Rules Security Feature Bypass VulnerabilityImportant
Windows AppContainerCVE-2021-40476Windows AppContainer Elevation Of Privilege VulnerabilityImportant
Windows AppX Deployment ServiceCVE-2021-41347Windows AppX Deployment Service Elevation of Privilege VulnerabilityImportant
Windows Bind Filter DriverCVE-2021-40468Windows Bind Filter Driver Information Disclosure VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2021-40475Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-40443Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-40467Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-40466Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Desktop BridgeCVE-2021-41334Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-40470DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-40477Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows exFAT File SystemCVE-2021-38663Windows exFAT File System Information Disclosure VulnerabilityImportant
Windows Fastfat DriverCVE-2021-41343Windows Fast FAT File System Driver Information Disclosure VulnerabilityImportant
Windows Fastfat DriverCVE-2021-38662Windows Fast FAT File System Driver Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2021-40455Windows Installer Spoofing VulnerabilityImportant
Windows kernelCVE-2021-41336Windows Kernel Information Disclosure VulnerabilityImportant
Windows kernelCVE-2021-41335Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-41342Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows Nearby SharingCVE-2021-40464Windows Nearby Sharing Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2021-40463Windows NAT Denial of Service VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-41332Windows Print Spooler Information Disclosure VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-36970Windows Print Spooler Spoofing VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-40460Windows Remote Procedure Call Runtime Security Feature Bypass VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-40489Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-41345Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-26441Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-40478Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-40488Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows TCP / IPCVE-2021-36953Windows TCP / IP Denial of Service VulnerabilityImportant
Windows Text ShapingCVE-2021-40465Windows Text Shaping Remote Code Execution VulnerabilityImportant
Windows Win32KCVE-2021-40449Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-41357Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-40450Win32k Elevation of Privilege VulnerabilityImportant

In addition, Microsoft published the cumulative updates KB5006670 and KB5006667 for the latest versions of Windows 10.

This month's cumulative updates include security fixes for computers with May 2021 Update (version 21H1), October 2020 Update (version 20H2) and May 2020 Update (version 2004).

See also: Apache Web Server vulnerability affects servers in Greece! [Technical analysis]

Microsoft updates: Windows 10 KB5006670 & KB5006667 and new Patch Tuesday released

Microsoft updates: What's new in the cumulative update for Windows 10

Microsoft is experiencing several bugs with the new cumuilative update KB5006670 for Windows 10 version 2004 or later. This update upgrades computers to Build 19041.1288 (from Windows 10 version 2004), 19042.1288 (from Windows 10 version 20H2) and 19043.1288 (from Windows 10 version 21H1).

Corrections:

Troubleshoots an issue that causes applications such as Outlook, while also correcting an issue that blurs some icons.

Troubleshoots a problem that prevents some applications, such as Microsoft Office and Adobe Reader, open them up or make them unresponsive.

Fixes an issue it may cause distortion in sound recorded by Cortana and other vocal assistants.

Fixes a problem that causes shut down the device after restarting.

Windows 10 version 1909 has received the same set of fixes as KB5006667.

Source: Bleeping Computer

Digital fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS