HomeUpdatesPatch Tuesday September 2021: Microsoft fixes critical bugs

Patch Tuesday September 2021: Microsoft fixes critical bugs

Yesterday Microsoft released it Patch Tuesday of September 2021 which corrects overall 60 vulnerabilities, of which two are zero-day.

See also: Pegasus spyware strikes again: Update iPhone, Mac, Apple Watch!

Microsoft Patch Tuesday September
Patch Tuesday September 2021: Microsoft fixes critical bugs

The vulnerabilities that the new security updates fix affect many of the company's products, such as: Azure Open Management Infrastructure, Azure Sphere, Office Excel, PowerPoint, Word and Access, kernel, Visual Studio, Microsoft Windows DNS and BitLocker.

The Patch Tuesday September 2021 fixes one RCE error in MSHTML, which Microsoft announced a few days ago. The company said the vulnerability had been used in attacks on Windows systems. This is a zero-day error, known as CVE-2021-40444, corrected with the new security update. Microsoft recommends that users immediately apply Patch Tuesday to their systems to protect themselves from this vulnerability.

See also: Microsoft fixes other Windows PrintNightmare vulnerabilities

Other important vulnerabilities that can be fixed with Microsoft Patch Tuesday September are:

CVE-2021-38647: With a score of 9,8 on the CVSS scale, it is more serious error fixing the patch. This vulnerability affects the program Open Management Infrastructure (OMI) and allows attackers to carry out remote attacks.

CVE-2021-36968: It is about a Windows DNS privilege escalation zero-day vulnerability with a CVSS rating of 7,8. Microsoft has so far found no evidence that the vulnerability has been used in attacks.

CVE-2021-26435It is a critical vulnerability (CVSS 8.1) in Microsoft Windows scripting engine. This is a memory corruption error, which however requires user interaction to be used.

CVE-2021-36967: Another serious vulnerability with a score of 8,0 on the CVSS scale. Located in the service Windows WLAN AutoConfig and gives the attacker more privileges in the target system.

Earlier in September, the company also fixed some vulnerabilities for Microsoft Edge (Chromium).

See also: Chrome: Google fixes two other zero-day vulnerabilities

Microsoft patch Tuesday September 2021

The following table shows all the vulnerabilities that Microsoft has fixed this month (including Microsoft Edge):

TagCVE IDCVE TitleSeverity
Azure Open Management InfrastructureCVE-2021-38648Open Management Infrastructure Elevation of Privilege VulnerabilityImportant
Azure Open Management InfrastructureCVE-2021-38645Open Management Infrastructure Elevation of Privilege VulnerabilityImportant
Azure Open Management InfrastructureCVE-2021-38647Open Management Infrastructure Remote Code Execution VulnerabilityCritical
Azure Open Management InfrastructureCVE-2021-38649Open Management Infrastructure Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2021-36956Azure Sphere Information Disclosure VulnerabilityImportant
Dynamics Business Central ControlCVE-2021-40440Microsoft Dynamics Business Central Cross-site Scripting VulnerabilityImportant
Microsoft Accessibility Insights for AndroidCVE-2021-40448Microsoft Accessibility Insights for Android Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-30606Chromium: CVE-2021-30606 Use after free in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2021-30609Chromium: CVE-2021-30609 Use after free in Sign-InUnknown
Microsoft Edge (Chromium-based)CVE-2021-30608Chromium: CVE-2021-30608 Use after free in Web ShareUnknown
Microsoft Edge (Chromium-based)CVE-2021-30607Chromium: CVE-2021-30607 Use after free in PermissionsUnknown
Microsoft Edge (Chromium-based)CVE-2021-38641Microsoft Edge for Android Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-38642Microsoft Edge for iOS Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-38669Microsoft Edge (Chromium-based) Tampering VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-36930Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-30632Chromium: CVE-2021-30632 Out of bounds write in V8Unknown
Microsoft Edge (Chromium-based)CVE-2021-30610Chromium: CVE-2021-30610 Use after free in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2021-30620Chromium: CVE-2021-30620 Insufficient policy enforcement in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2021-30619Chromium: CVE-2021-30619 UI Spoofing in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2021-30618Chromium: CVE-2021-30618 Inappropriate implementation in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2021-30621Chromium: CVE-2021-30621 UI Spoofing in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2021-30624Chromium: CVE-2021-30624 Use after free in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2021-30623Chromium: CVE-2021-30623 Use after free in BookmarksUnknown
Microsoft Edge (Chromium-based)CVE-2021-30622Chromium: CVE-2021-30622 Use after free in WebApp InstallsUnknown
Microsoft Edge (Chromium-based)CVE-2021-30613Chromium: CVE-2021-30613 Use after free in Base internalsUnknown
Microsoft Edge (Chromium-based)CVE-2021-30612Chromium: CVE-2021-30612 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2021-30611Chromium: CVE-2021-30611 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2021-30614Chromium: CVE-2021-30614 Heap buffer overflow in TabStripUnknown
Microsoft Edge (Chromium-based)CVE-2021-30617Chromium: CVE-2021-30617 Bypass policy in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2021-30616Chromium: CVE-2021-30616 Use after free in MediaUnknown
Microsoft Edge (Chromium-based)CVE-2021-30615Chromium: CVE-2021-30615 Cross-origin data leak in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2021-26436Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge for AndroidCVE-2021-26439Microsoft Edge for Android Information Disclosure VulnerabilityModerate
Microsoft MPEG-2 Video ExtensionCVE-2021-38644Microsoft MPEG-2 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-38657Microsoft Office Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2021-38658Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-38650Microsoft Office Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-38659Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2021-38646Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-38655Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-38660Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-38651Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-38652Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office VisioCVE-2021-38654Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-38653Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2021-38656Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-38661HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2021-36968Windows DNS Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2021-36952Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2021-26434Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2021-26437Visual Studio Code Spoofing VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2021-38628Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2021-38638Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows AuthenticodeCVE-2021-36959Windows Authenticode Spoofing VulnerabilityImportant
Windows Bind Filter DriverCVE-2021-36954Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2021-38632BitLocker Security Feature Bypass VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-38633Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-36963Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-36955Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-36964Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-38630Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-36962Windows Installer Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2021-36961Windows Installer Denial of Service VulnerabilityImportant
Windows kernelCVE-2021-38626Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows kernelCVE-2021-38625Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Key Storage ProviderCVE-2021-38624Windows Key Storage Provider Security Feature Bypass VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-40444Microsoft MSHTML Remote Code Execution VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-38667Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-38671Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-40447Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Redirected Drive BufferingCVE-2021-36969Windows Redirected Drive Buffering SubSystem Driver Information Disclosure VulnerabilityImportant
Windows Redirected Drive BufferingCVE-2021-38635Windows Redirected Drive Buffering SubSystem Driver Information Disclosure VulnerabilityImportant
Windows Redirected Drive BufferingCVE-2021-36973Windows Redirected Drive Buffering System Elevation of Privilege VulnerabilityImportant
Windows Redirected Drive BufferingCVE-2021-38636Windows Redirected Drive Buffering SubSystem Driver Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2021-26435Windows Scripting Engine Memory Corruption VulnerabilityCritical
Windows SMBCVE-2021-36960Windows SMB Information Disclosure VulnerabilityImportant
Windows SMBCVE-2021-36972Windows SMB Information Disclosure VulnerabilityImportant
Windows SMBCVE-2021-36974Windows SMB Elevation of Privilege VulnerabilityImportant
Windows StorageCVE-2021-38637Windows Storage Information Disclosure VulnerabilityImportant
Windows Subsystem for LinuxCVE-2021-36966Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows TDX.sysCVE-2021-38629Windows Ancillary Function Driver for WinSock Information Disclosure VulnerabilityImportant
Windows UpdateCVE-2021-38634Microsoft Windows Update Client Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-38639Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-36975Win32k Elevation of Privilege VulnerabilityImportant
Windows WLAN Auto Config ServiceCVE-2021-36965Windows WLAN AutoConfig Service Remote Code Execution VulnerabilityCritical
Windows WLAN ServiceCVE-2021-36967Windows WLAN AutoConfig Service Elevation of Privilege VulnerabilityImportant

Digital fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS