Microsoft Patch Tuesday – September 2021

Patch Tuesday is once again upon us. The September 2021 edition of Patch Tuesday brings us 64 fixes, 3 of which are rated as critical with one actively exploited. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the September 2021 Patch Tuesday Audit Report

PrintNightmare Fixed Again

CVE-2021-36958 finally gets a fix. After being disclosed on August 11, just after the previous patch Tuesday, the 6th part of the PrintNightmare sage comes to a close. While most people will have disabled the Print Spooler service on unnecessary devices by now. This isn’t the only Print Spooler fix included this month. An additional 4 Print Spooler vulnerabilities were fixed bringing the total number of Print Spooler service vulnerabilities in the last few months to a nice round 10.

Microsoft MSHTML Remote Code Execution Vulnerability

Earlier this month, CVE-2021-40444 was disclosed. While this vulnerability does have a CVSS 3.0 base score of 8.8, it requires a non-default Microsoft Office configuration to disable protected mode. According to Microsoft: “An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”. Regardless of how severe this vulnerability is, it has been actively exploited and a fix is included in this month’s patches.

Windows Scripting Engine Memory Corruption Vulnerability

Listed as CVE-2021-26435, this vulnerability is one of the three critical vulnerabilities of this month and has a CVSS 3.0 base score of 8.1. In order to exploit this vulnerability, an attacker would have to convince the user to open a specially crafted file. This can either be done via an email attachment or by convincing the user to click a link to a website their control.

Open Management Infrastructure Remote Code Execution Vulnerability

Part of 4 new vulnerabilities, CVE-2021-38647 is the second critical vulnerability. Along with CVE-2021-38649, CVE-2021-38648, and CVE-2021-38645 they provide a risk to some Azure products, like Configuration Management. These products expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport) and it is this exposure of the port that is vulnerable to a specially crafted message via HTTPS to port 5986. Most Azure services however do not deploy OMI and expose the HTTP/S port.

Run the Patch Tuesday September 2021 Audit Report

To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

Patch Tuesday September 2021 CVE Codes & Titles

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" indicates required fields

Email*

Hidden

EmailType

Hidden

IM – Conv Page – Processing

Hidden

IM – UTM_Campaign FC – Processing

Hidden

IM – UTM_Campaign LC – Processing

Hidden

IM – UTM_Content FC – Processing

Hidden

IM – UTM_Content LC – Processing

Hidden

IM – UTM_Medium FC – Processing

Hidden

IM – UTM_Medium LC – Processing

Hidden

IM – UTM_Source FC – Processing

Hidden

IM – UTM_Source LC – Processing

Hidden

IM – UTM_Term FC – Processing

Hidden

IM – UTM_Term LC – Processing

Hidden

gclid

Hidden

msclkid

Name

This field is for validation purposes and should be left unchanged.

Count Me In Submit