Microsoft has released important “Patch Tuesday” monthly security updates. These should applied promptly as some of these vulnerabilities have potential to be actively exploited in-the-wild later:

https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/

https://www.zerodayinitiative.com/blog/2021/10/12/the-october-2021-security-update-review

https://blog.talosintelligence.com/2021/10/microsoft-patch-tuesday-for-oct-2021.html

https://us-cert.cisa.gov/ncas/current-activity/2021/10/12/microsoft-releases-october-2021-security-updates

https://redmondmag.com/articles/2021/10/12/microsoft-october-patches-address-more-than-70-vulnerabilities.aspx

https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

https://patchtuesdaydashboard.com/

This month we got patches for 81 vulnerabilities. Of these, 3 are critical, 3 were previously disclosed and 1 is being exploited according to Microsoft. The exploited vulnerability (CVE-2021-40449) is an elevation of privilege affecting Win32k on virtually all supported Windows versions. Among critical vulnerabilities, there are two Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-40461 and CVE-2021-38672) affecting multiple versions of Windows 10, 11 and Server. The highest CVSS v3 this month (9.0) was associated to the Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26427).