fb
Homepage 5 Blog 5 66 Vulnerabilities Fixed in Microsoft’s September 2021 Patch Tuesday

66 Vulnerabilities Fixed in Microsoft’s September 2021 Patch Tuesday

Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.



Table of Contents

Zero-day: Microsoft MSHTML RCE

Zero-day: Windows DNS Elevation of Privilege Vulnerability

Other Notable Fixes

It’s the second Tuesday of the month again — time to check out the latest patch batch. Today, Microsoft released fixes for a total of 66 vulnerabilities, three of which were deemed Critical, one rated Moderate, and the rest classified as Important. Earlier this month, Microsoft released 20 security updates for Microsoft Edge (Chromium-based), bringing the total number of CVEs fixed in September to 86.

This month Microsoft has addressed fewer than 100 flaws. But this number is still much higher than that of the last Patch Tuesday and slightly above the year’s average so far.

Let’s unpack some of the intriguing highlights of the Microsoft security updates released this Patch Tuesday, starting with the two zero-day vulnerabilities:

Two Zero-Days Fixed, Including the MSHTML Bug

The patches released this Tuesday included fixes for two zero-day vulnerabilities, one of which was actively exploited in the wild.

CVE-2021-40444 – Microsoft MSHTML RCE

Last week, Microsoft issued an advisory warning users that CVE-2021-40444, a vulnerability affecting the MSHTML component in Windows Internet Explorer on Windows 10 and many Windows Server versions, could be exploited in malicious attacks. Microsoft Office applications also use the same MSHTML to render web-based content.

To exploit this flaw, an attacker would embed a crafted ActiveX control in an Office document and send it to the target system. Once opened, the document would run the malicious code at the active user’s privilege level.

After Microsoft disclosed the flaw, researchers discovered numerous ways it could be exploited. A threat actor could rig the infected document to download a malicious DLL file that launched a Cobalt Strike attack beacon in one scenario. This beacon would allow remote access to the victim’s computer and lateral movement across the host network.

Microsoft advised working around the bug by disabling ActiveX on vulnerable systems. But now that the patch is available, that’s no longer necessary.

CVE-2021-36968 – Windows DNS Elevation of Privilege Vulnerability

Before the patch release, this zero-day vulnerability was publicly known, but no reports or evidence of any active exploits have surfaced yet. It scores a 7.8 CVSSv3 and is marked Important. Although according to Microsoft, an attack based on this CVE is unlikely.

A Few More Notable Fixes

    • CVE-2021-36965 – Windows WLAN AutoConfig Service RCE Vulnerability: This is a Critical vulnerability with an 8.8 CVSSv3 score that could allow an attacker in an adjacent network to gain access to an affected system.
    • CVE-2021-38639 and CVE-2021-36975 – Win32k EPV: Both have a 7.8 CVSSv3 score and an exploitability rating of “Exploitation More Likely.” Threat actors could exploit these flaws to elevate the status of low-privilege Windows user accounts to widen their attack surface.
    • CVE-2021-38647 – Open Management Infrastructure (OMI) RCE Bug: With a severity score of 9.8, it’s one of the three Critical vulnerabilities addressed today. The flaw could allow an attacker to run malicious code on an affected system by sending a tainted message via OMI.
    • CVE-2021-26435 – Scripting Engine Memory Corruption Bug: Microsoft rated this Critical but “Exploitation Less Likely.” Attackers could potentially fabricate email or web-based scams convincing users to open malicious files designed to exploit this CVE.
    • Windows Print Spooler RCE trio: This component is making headlines once again, this time with CVE-2021-40447, CVE-2021-38667, and CVE-2021-38671. It seems this space might still have numerous yet undiscovered vulnerabilities.

Read this month’s Patch Tuesday release notes to get the full picture of Microsoft’s Patch Tuesday list. In addition to the CVEs, this guide also includes details about other Microsoft Windows updates released this Patch Tuesday.

Stay tuned for more Microsoft Patch Tuesday news and reviews. In the meantime, ensure that all your Windows systems get the latest updates and fixes.

If you’re having any Patch Tuesday issues, maybe trouble installing and tracking patches, Action1 RMM is here to help. Action1 Automated Patch Management tool can seamlessly source, install, and monitor Windows patches and updates on multiple endpoints and servers simultaneously. Try it out today and discover unparalleled patching simplicity and freedom.

September 15, 2021

Related Articles

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...

Sure Strategies and Ways to Prevent Cyber Attacks

Sure Strategies and Ways to Prevent Cyber Attacks

Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.