Skip to content

The October 2021 Patch Tuesday includes 4 zero-day bugs; one actively exploited

Posted by: GuidePoint Security

< 1 min read

Published 10/21/21, 9:00am

The Patch Tuesday for October 2021 included fixes for four zero-day vulnerabilities, including one–currently being exploited in the wild–which delivers the RAT dubbed MysterySnail.

The exploited vulnerability (CVE-2021-40449) leverages a Microsoft Win32K bug that enables privilege escalation. The exploit chain’s final payload is the MysterySnail RAT, an advanced persistent threat (APT) in the Chinese language designed to steal data. If left unpatched, MysterySnail could exfiltrate system information from compromised hosts and enable complete control of the affected system to launch additional attacks.

Industry researchers have discovered that the MysterySnail threat lurks in the Win32K kernel drive. Once connected to the command-and-control (C2) server, it gathers basic information about the victim’s machine, such as computer name, local IP address, and logged-in username. There are 20 supported encrypted commands that MysterySnail receives from the C2, including launch interactive cmd.exe shell, spawn new processes, get existing disk drives and types, get directory list, and read and delete files. 

Researchers believe the MysterySnail campaign is linked to the IronHusky APT group.

Other Patch Tuesday fixes

There were 74 total fixes in this Microsoft Patch Tuesday release, three of which were rated as ‘critical.’ The release includes additional fixes for the PrintNightmare issue (CVE-2021-36970), several fixes for remote code execution (RCE) bugs affecting various Microsoft products (CVE-2021-40486, CVE-2021-40487, CVE-2021-26427, CVE-2021-40461, CVE-2021-38672, and CVE-2021-40469), and a Windows AppContainer Firewall Rules Security Feature Bypass (CVE-2021-41338)

Next Steps

Unpatched bugs are a primary attack vector for threat actors. Organizations are urged to patch bugs the moment a fix is issued by the software or hardware vendor. Organizations should also consider vulnerability management as a service (VMAAS) to help quickly close vulnerability gaps.

Categories: Blog Cybersecurity

GuidePoint Security

Threat & Attack Simulation Practice Overview
GuidePoint’s Security’s Threat & Attack Simulation services mimic real-world attacks to help identify exploitable attack vectors in your organization’s IT […]
Download

Related Articles

View All

  • Vulnerability Management & Penetration Testing
Threat & Attack Simulation Practice Overview
Read More < 1 min read
  • Blog
Businesses Warned of a PrintNightmare
Posted by: GuidePoint Security
Read More < 1 min read
  • Blog
Nightmare Continues: PrintNightmare Vulnerability Patch Problems
Posted by: GuidePoint Security
Read More < 1 min read