Patch Tuesday: Zero-Day Vulnerabilities

Microsoft released its Patch Tuesday, October 13, 2021. With this, we saw 76 fixes, 3 of which are rated as critical. One critical fix to note was a zero-day vulnerability dubbed “MysterySnail.”

First, what is a zero-day vulnerability?

A zero-day vulernability or zero-day hack affects your computer software. This vulnerability is either:

• unknown to those who should be interested in its removal (in this case, Microsoft) or
• known and a patch has not been developed.

Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers, or a network. Not great.

What was so different about this zero-day?

The vulnerability contains of strings of a former zero-day. Typically, this would trigger malware to attack it, but that wasn’t the case here. The information disclosure portion of the exploit chain was identified as not bypassing a security boundary and was therefore not fixed.

This zero-day was found “in the wild.” Kinda crazy!

Those who discovered this vulnerability also found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.

What should we do?

We suggest all Thomas Guard and Thomas Group customers reboot all technology tonight to apply all fixes.

And if you’re not a TG customer, now’s the time to switch! Contact us today to get started.