October saw the release of patches to 81 vulnerabilities in Microsoft products. So, it’s safe to say it was a pretty standard patch tuesday. The release includes one zero-day vulnerability and some publicly disclosed vulnerabilities.

Products, components, and roles with vulnerabilities

  • .NET Core & Visual Studio
  • Active Directory Federation Services
  • Console Window Host
  • HTTP.sys
  • Microsoft DWM Core Library
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Intune
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Office Word
  • Microsoft Windows Codecs Library
  • Rich Text Edit Control
  • Role: DNS Server
  • Role: Windows Active Directory Server
  • Role: Windows AD FS Server
  • Role: Windows Hyper-V
  • System Center
  • Visual Studio
  • Windows AppContainer
  • Windows AppX Deployment Service
  • Windows Bind Filter Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Desktop Bridge
  • Windows DirectX
  • Windows Event Tracing
  • Windows exFAT File System
  • Windows Fastfat Driver
  • Windows Installer
  • Windows Kernel
  • Windows MSHTML Platform
  • Windows Nearby Sharing
  • Windows Network Address Translation (NAT)
  • Windows Print Spooler Components
  • Windows Remote Procedure Call Runtime
  • Windows Storage Spaces Controller
  • Windows TCP/IP
  • Windows Text Shaping
  • Windows Win32K

The one zero-day vulnerability was CVE-2021-40449 (CVSS scoring of 5,5). Following three were the publicly disclosed vulnerabilities: CVE-2021-41335 (7,8 CVSS), CVE-2021-40469 (7,2 CVSS), and CVE-2021-41338 (5,5 CVSS). There are no released alternative mitigations or workarounds for any of the vulnerabilities above.

Key points

The first security patch for Windows 11 is now out (KB5006674). Organizations will be transferring to the latest Microsoft operating system at their own pace, but before that day comes, it’s once again important to plan your own update process for the feature updates and security patches. Unlike Windows 10, there will be feature updates just once a year for the new Windows, and at the moment we are hearing these updates will be released sometime during the second half of each calendar year. Organization users need to be aware that the support for Pro lasts for 24 months, and for Enterprise for 36 months. This slowing down of the update rhythm will give the organizations more time to test and implement new releases.

Security patches will be released as before, on a Tuesday once a month.

Prioritize patching these vulnerabilities if possible:

Active and known issues in Windows operating systems

Operating System Active known issues (previous month)
Windows 11, version 21H2 1
Windows 10, version 21H1 and Windows Server, version 21H1 2 (2)
Windows 10, version 20H2 and Windows Server, version 20H2 2 (2)
Windows 10, version 2004 and Windows Server, version 2004 2 (2)
Windows 10, versions 1909* and 1903*, and Windows Server, version 1903** 0 (0) Support has ended for Windows 10 version 1903.
Windows 10, version 1809**, and Windows Server 2019 2 (2) Support has ended for Windows 10 version 1803.
Windows 10, version 1803** Support has ended.
Windows 10, version 1709***, and Windows Server, version 1709 Support has ended.
Windows 10, version 1703*** Support has ended.
Windows 10, version 1607 LTSC*** and Windows Server 20162 0
Windows 8.1**** and Windows Server 2012 R2 1 (1)
Windows Server 2012 1 (1)
Windows 7**** and Windows Server 2008 R2 SP1 2 (1)
  • * 1909 has the same operating system core and identical system files as its predecessor, 1903.
  • ** The support for Windows 10’s build in question has ended for versions Home, Pro, and Enterprise.
  • *** The support for Windows 10’s build in question has ended for all versions.
  • **** The Mainstream support period for the Windows version has ended. Extended support periods end: For Windows 8.1, on Jan 10th 2023, and for Windows 7, on Jan 14th 2020.

Recommended actions

The critical, zero-day, and publicly disclosed vulnerabilities mentioned in the beginning should be patched as soon as possible.

Organizations should make sure their devices have one of the three most recent Windows 10 property versions (21H1, 20H2, or 2004), making sure the devices are still getting their monthly security patches. In the future, it’s important to make sure the Windows 11 feature updates are among the supported updates.

However, Centero recommends testing the updates carefully before migrating them into production. In addition, you should go through any known issues before deploying the updates.

Microsoft’s documentation on the subject

Microsoft maintains a list of Windows updates and their known issues on the following pages. You can find additional information on Windows-versions’ lifecycle behind the last link.

 

With Centero Software Manager Cloud and  CSM Cloud for Servers, your devices get these and other updates in a managed way, according to the configuration you have selected. Read more on Centero Software Manager here.

Read more on this topic:

Sign up for webinar series for IT service providers

Centero’s webinar series this fall covers Centero Software Manager, its benefits for IT service providers, and implementation and management of the CSM product.

Our Best Practices in Application Distribution

Aapo Kettunen on Centero Software Manager and our best practices in functional and safe application distribution processes.