September Patch Tuesday 2021 Fixes 66 Flaws and Weaponized Threat

September Patch Tuesday 2021 Fixes 66 Flaws and Weaponized Threat

Microsoft Releases September 2021 Patch Tuesday Fixes

There are 3 Critical, 62 Important and a single Moderate fix in this September Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft Edge, Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS, and the Windows Subsystem for Linux.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 2 Critical and 20 Important vulnerabilities fixed
  2. Windows 2008 R2 – 2 Critical and 20 Important vulnerabilities fixed

Top September 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

The best course of action is to ensure your staff know what to do when unsolicited emails arrive, and how to escalate to your security teams when such emails are received.

There are several workarounds you can implement here.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

 

 

2. CVE-2021-38647: Open Management Infrastructure Remote Code Execution Vulnerability

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. This vulnerability requires no user interaction or privileges, so an attacker can run their code on an affected system just by sending a specially crafted message to an affected system.

An attacker could send a specially crafted message via HTTPS to port 5986 on a vulnerable system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

 

 

3. CVE-2021-36954: Windows Bind Filter Driver Elevation of Privilege Vulnerability

The vulnerability allows a local user to escalate privileges on the system. After the privilege escalation, an attacker can then perform other acts of attacks or even affects resources outside of the original attack vector – Solar Winds spring to mind?

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponized Syxsense Recommended
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability Important 8.8 Yes Yes Yes Yes
CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability Critical 8.1 No No No Yes
CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38650 Microsoft Office Spoofing Vulnerability Important 7.6 No No No
CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-36960 Windows SMB Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability Important 6.5 No No No
CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability Important 6.4 No No No
CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability Important 6.3 No No No
CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.1 No No No
CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability Important 6.1 No No No
CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability Important 6.1 No No No
CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability Important 6.1 No No No
CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability Important 5.7 No No No
CVE-2021-26437 Visual Studio Code Spoofing Vulnerability Important 5.5 No No No
CVE-2021-36959 Windows Authenticode Spoofing Vulnerability Important 5.5 No No No
CVE-2021-36961 Windows Installer Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-36962 Windows Installer Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-36969 Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38635 Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38636 Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-36972 Windows SMB Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38637 Windows Storage Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important 5.4 No No No
CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 5.3 No No No
CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability Moderate 4.6 No No No
CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.