Microsoft Security Bulletin Coverage for October 2021

October 12, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2021. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2021-40443 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 230:Malformed-File exe.MP_205

CVE-2021-40449 Win32k Elevation of Privilege Vulnerability
ASPY 235:Malformed-File exe.MP_210

CVE-2021-40450 Win32k Elevation of Privilege Vulnerability
ASPY 236:Malformed-File exe.MP_211

CVE-2021-40466 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 237:Malformed-File exe.MP_212

CVE-2021-40467 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 231:Malformed-File exe.MP_206

CVE-2021-40470 DirectX Graphics Kernel Elevation of Privilege Vulnerability
ASPY 232:Malformed-File exe.MP_207

CVE-2021-40487 Microsoft SharePoint Server Remote Code Execution Vulnerability
ASPY 233:Malformed-File exe.MP_208

CVE-2021-41357 Win32k Elevation of Privilege Vulnerability
ASPY 234:Malformed-File exe.MP_209

Adobe Coverage:
CVE-2021-40728 Use After free Vulnerability
ASPY 239:Malformed-File pdf.MP_510

The following vulnerabilities do not have exploits in the wild :
CVE-2020-1971 OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference
There are no known exploits in the wild.
CVE-2021-26427 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26441 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26442 Windows HTTP.sys Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34453 Microsoft Exchange Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-3449 OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing
There are no known exploits in the wild.
CVE-2021-3450 OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
There are no known exploits in the wild.
CVE-2021-36953 Windows TCP/IP Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-36970 Windows Print Spooler Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-38662 Windows Fast FAT File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-38663 Windows exFAT File System Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-38672 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40454 Rich Text Edit Control Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-40455 Windows Installer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-40457 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2021-40460 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-40461 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40462 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40463 Windows NAT Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-40464 Windows Nearby Sharing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-40465 Windows Text Shaping Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40468 Windows Bind Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-40469 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40471 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40472 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-40473 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40474 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40475 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-40476 Windows AppContainer Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-40477 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-40479 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40480 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40481 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40482 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-40484 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-40485 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40486 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-40488 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-40489 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41332 Windows Print Spooler Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-41334 Windows Desktop Bridge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-41339 Microsoft DWM Core Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41340 Windows Graphics Component Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41342 Windows MSHTML Platform Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41343 Windows Fast FAT File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41346 Console Window Host Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41348 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-41352 SCOM Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-41353 Microsoft Dynamics 365 Sales Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-41354 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-41361 Active Directory Federation Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-41363 Intune Management Extension Security Feature Bypass Vulnerability
There are no known exploits in the wild.