Description:

Microsoft has released security updates to address several vulnerabilities in the following products:

• .NET Core & Visual Studio
• Active Directory Federation Services
• Console Window Host
• HTTP.sys
• Microsoft DWM Core Library
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Intune
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Rich Text Edit Control
• Role: DNS Server
• Role: Windows Active Directory Server
• Role: Windows AD FS Server
• Role: Windows Hyper-V
• System Center
• Visual Studio
• Windows AppContainer
• Windows AppX Deployment Service
• Windows Bind Filter Driver
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows Desktop Bridge
• Windows DirectX
• Windows Event Tracing
• Windows exFAT File System
• Windows Fastfat Driver
• Windows Installer
• Windows Kernel
• Windows MSHTML Platform
• Windows Nearby Sharing
• Windows Network Address Translation (NAT)
• Windows Print Spooler Components
• Windows Remote Procedure Call Runtime
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Text Shaping
• Windows Win32K

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Denial of service attack (DoS)
• Unauthorized disclosure of information
• Privilege escalation
• Security feature bypass
• Remote code execution

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct