Patch Tuesday is once again upon us. The September 2021 edition of Patch Tuesday brings us 64 fixes, 3 of which are rated as critical with one actively exploited. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the September 2021 Patch Tuesday Audit Report
PrintNightmare Fixed Again
CVE-2021-36958 finally gets a fix. After being disclosed on August 11, just after the previous patch Tuesday, the 6th part of the PrintNightmare sage comes to a close. While most people will have disabled the Print Spooler service on unnecessary devices by now. This isn’t the only Print Spooler fix included this month. An additional 4 Print Spooler vulnerabilities were fixed bringing the total number of Print Spooler service vulnerabilities in the last few months to a nice round 10.
Microsoft MSHTML Remote Code Execution Vulnerability
Earlier this month, CVE-2021-40444 was disclosed. While this vulnerability does have a CVSS 3.0 base score of 8.8, it requires a non-default Microsoft Office configuration to disable protected mode. According to Microsoft: „An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.“. Regardless of how severe this vulnerability is, it has been actively exploited and a fix is included in this month’s patches.
Windows Scripting Engine Memory Corruption Vulnerability
Listed as CVE-2021-26435, this vulnerability is one of the three critical vulnerabilities of this month and has a CVSS 3.0 base score of 8.1. In order to exploit this vulnerability, an attacker would have to convince the user to open a specially crafted file. This can either be done via an email attachment or by convincing the user to click a link to a website their control.
Open Management Infrastructure Remote Code Execution Vulnerability
Part of 4 new vulnerabilities, CVE-2021-38647 is the second critical vulnerability. Along with CVE-2021-38649, CVE-2021-38648, and CVE-2021-38645 they provide a risk to some Azure products, like Configuration Management. These products expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport) and it is this exposure of the port that is vulnerable to a specially crafted message via HTTPS to port 5986. Most Azure services however do not deploy OMI and expose the HTTP/S port.
Run the Patch Tuesday September 2021 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
Patch Tuesday September 2021 CVE Codes & Titles
CVE Number | CVE Title |
CVE-2021-30632 | Chromium: CVE-2021-30632 Out of bounds write in V8 |
CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability |
CVE-2021-1678 | Windows Print Spooler Spoofing Vulnerability |
CVE-2021-34442 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2021-36952 | Visual Studio Remote Code Execution Vulnerability |
CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability |
CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability |
CVE-2021-36961 | Windows Installer Denial of Service Vulnerability |
CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability |
CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability |
CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability |
CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability |
CVE-2021-36968 | Windows DNS Elevation of Privilege Vulnerability |
CVE-2021-36969 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability |
CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability |
CVE-2021-36974 | Windows SMB Elevation of Privilege Vulnerability |
CVE-2021-26435 | Windows Scripting Engine Memory Corruption Vulnerability |
CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability |
CVE-2021-38625 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2021-38626 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability |
CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability |
CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability |
CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability |
CVE-2021-38635 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
CVE-2021-38636 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability |
CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability |
CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability |
CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability |
CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability |
CVE-2021-26437 | Visual Studio Code Spoofing Vulnerability |
CVE-2021-40440 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
CVE-2021-36956 | Azure Sphere Information Disclosure Vulnerability |
CVE-2021-26434 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2021-38644 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability |
CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
CVE-2021-38650 | Microsoft Office Spoofing Vulnerability |
CVE-2021-38651 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2021-38652 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2021-38653 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2021-38654 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2021-38656 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2021-38657 | Microsoft Office Graphics Component Information Disclosure Vulnerability |
CVE-2021-38658 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2021-38659 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2021-38660 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2021-38661 | HEVC Video Extensions Remote Code Execution Vulnerability |
CVE-2021-38667 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2021-40447 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2021-40448 | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability |
CVE-2021-36958 | Windows Print Spooler Remote Code Execution Vulnerability |
CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability |
CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability |
CVE-2021-38671 | Windows Print Spooler Elevation of Privilege Vulnerability |
Receive the Latest Patch Tuesday Report for FREE Every Month
„*“ zeigt erforderliche Felder an