Microsoft Patch Tuesday – September 2021 - Hexafusion Blog | Hexafusion

Hexafusion Blog

Microsoft Patch Tuesday – September 2021

microsoft-patch-tuesday-september

The September 2021 edition of Patch Tuesday brings us 64 fixes, 3 of which are rated as critical with one actively exploited. We've listed the most important changes below.

PrintNightmare Fixed Again

CVE-2021-36958 finally gets a fix. After being disclosed on August 11, just after the previous patch Tuesday, the 6th part of the PrintNightmare sage comes to a close. While most people will have disabled the Print Spooler service on unnecessary devices by now. This isn't the only Print Spooler fix included this month. An additional 4 Print Spooler vulnerabilities were fixed bringing the total number of Print Spooler service vulnerabilities in the last few months to a nice round 10.

Microsoft MSHTML Remote Code Execution Vulnerability

Earlier this month, CVE-2021-40444 was disclosed. While this vulnerability does have a CVSS 3.0 base score of 8.8, it requires a non-default Microsoft Office configuration to disable protected mode. According to Microsoft: "An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.". Regardless of how severe this vulnerability is, it has been actively exploited and a fix is included in this month's patches.

Windows Scripting Engine Memory Corruption Vulnerability

Listed as CVE-2021-26435, this vulnerability is one of the three critical vulnerabilities of this month and has a CVSS 3.0 base score of 8.1. In order to exploit this vulnerability, an attacker would have to convince the user to open a specially crafted file. This can either be done via an email attachment or by convincing the user to click a link to a website their control.

Open Management Infrastructure Remote Code Execution Vulnerability

Part of 4 new vulnerabilities, CVE-2021-38647 is the second critical vulnerability. Along with CVE-2021-38649CVE-2021-38648, and CVE-2021-38645 they provide a risk to some Azure products, like Configuration Management. These products expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport) and it is this exposure of the port that is vulnerable to a specially crafted message via HTTPS to port 5986. Most Azure services however do not deploy OMI and expose the HTTP/S port.

 

Patch Tuesday June 2021 CVE Codes & Titles

CVE Number CVE Title
CVE-2021-30632 Chromium: CVE-2021-30632 Out of bounds write in V8
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability
CVE-2021-1678 Windows Print Spooler Spoofing Vulnerability
CVE-2021-34442 Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability
CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2021-36959 Windows Authenticode Spoofing Vulnerability
CVE-2021-36960 Windows SMB Information Disclosure Vulnerability
CVE-2021-36961 Windows Installer Denial of Service Vulnerability
CVE-2021-36962 Windows Installer Information Disclosure Vulnerability
CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability
CVE-2021-36969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-36972 Windows SMB Information Disclosure Vulnerability
CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability
CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability
CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability
CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability
CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2021-38635 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-38636 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-38637 Windows Storage Information Disclosure Vulnerability
CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-26437 Visual Studio Code Spoofing Vulnerability
CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability
CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability
CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-38650 Microsoft Office Spoofing Vulnerability
CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability
CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability
CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability
CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
CVE-2021-36958 Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability
CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability
CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability
Refrences : https://www.lansweeper.com/patch-tuesday/microsoft-patch-tuesday-september-2021/
Apple patches “FORCEDENTRY” zero-day exploited by ...
Microsoft Patch Tuesday – July 2021

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/