Table of Contents
Zero-day: Microsoft MSHTML RCE
Zero-day: Windows DNS Elevation of Privilege Vulnerability
Other Notable Fixes
It’s the second Tuesday of the month again — time to check out the latest patch batch. Today, Microsoft released fixes for a total of 66 vulnerabilities, three of which were deemed Critical, one rated Moderate, and the rest classified as Important. Earlier this month, Microsoft released 20 security updates for Microsoft Edge (Chromium-based), bringing the total number of CVEs fixed in September to 86.
This month Microsoft has addressed fewer than 100 flaws. But this number is still much higher than that of the last Patch Tuesday and slightly above the year’s average so far.
Let’s unpack some intriguing highlights of the Microsoft security updates released this Patch Tuesday, starting with the two zero-day vulnerabilities:
Two Zero-Days Fixed, Including the MSHTML Bug
The patches released this Tuesday included fixes for two zero-day vulnerabilities, one of which was actively exploited in the wild.
CVE-2021-40444 — Microsoft MSHTML RCE
Last week, Microsoft issued an advisory warning users that CVE-2021-40444, a vulnerability affecting the MSHTML component in Windows Internet Explorer on Windows 10 and many Windows Server versions, could be exploited in malicious attacks. Microsoft Office applications also use the same MSHTML to render web-based content.
To exploit this flaw, an attacker would embed a crafted ActiveX control in an Office document and send it to the target system. Once opened, the document would run the malicious code at the active user’s privilege level.
After Microsoft disclosed the flaw, researchers discovered numerous ways it could be exploited. A threat actor could rig the infected document to download a malicious DLL file that launched a Cobalt Strike attack beacon in one scenario. This beacon would allow remote access to the victim’s computer and lateral movement across the host network.
Microsoft advised working around the bug by disabling ActiveX on vulnerable systems. But now that the patch is available, that’s no longer necessary.
CVE-2021-36968 — Windows DNS Elevation of Privilege Vulnerability
Before the patch release, this zero-day vulnerability was publicly known, but no reports or evidence of any active exploits have surfaced yet. It scores a 7.8 CVSSv3 and is marked Important. Although according to Microsoft, an attack based on this CVE is unlikely.
A Few More Notable Fixes
- CVE-2021-36965 — Windows WLAN AutoConfig Service RCE Vulnerability: This is a Critical vulnerability with an 8.8 CVSSv3 score that could allow an attacker in an adjacent network to gain access to an affected system.
- CVE-2021-38639 and CVE-2021-36975 — Win32k EPV: Both have a 7.8 CVSSv3 score and an exploitability rating of “Exploitation More Likely.” Threat actors could exploit these flaws to elevate the status of low-privilege Windows user accounts to widen their attack surface.
- CVE-2021-38647 — Open Management Infrastructure (OMI) RCE Bug: With a severity score of 9.8, it’s one of the three Critical vulnerabilities addressed today. The flaw could allow an attacker to run malicious code on an affected system by sending a tainted message via OMI.
- CVE-2021-26435 — Scripting Engine Memory Corruption Bug: Microsoft rated this Critical but “Exploitation Less Likely.” Attackers could potentially fabricate email or web-based scams convincing users to open malicious files designed to exploit this CVE.
- Windows Print Spooler RCE trio: This component is making headlines once again, this time with CVE-2021-40447, CVE-2021-38667, and CVE-2021-38671. It seems this space might still have numerous yet undiscovered vulnerabilities.
Read this month’s Patch Tuesday release notes to get the full picture of Microsoft’s Patch Tuesday list. In addition to the CVEs, this guide also includes details about other Microsoft Windows updates released this Patch Tuesday.
Stay tuned for more Microsoft Patch Tuesday news and reviews. In the meantime, ensure that all your Windows systems get the latest updates and fixes.
If you’re having any Patch Tuesday issues, maybe trouble installing and tracking patches, Action1 RMM is here to help. Action1 Automated Patch Management tool can seamlessly source, install, and monitor Windows patches and updates on multiple endpoints and servers simultaneously. Try it out today and discover unparalleled patching simplicity and freedom.