September Patch Tuesday 2021 Fixes 66 Flaws and Weaponized Threat
September Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.
Microsoft Releases September 2021 Patch Tuesday Fixes
There are 3 Critical, 62 Important and a single Moderate fix in this September Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft Edge, Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS, and the Windows Subsystem for Linux.
Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.
- Windows 7 – 2 Critical and 20 Important vulnerabilities fixed
- Windows 2008 R2 – 2 Critical and 20 Important vulnerabilities fixed
Top September 2021 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.Â
1. CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability
The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.
The best course of action is to ensure your staff know what to do when unsolicited emails arrive, and how to escalate to your security teams when such emails are received.
There are several workarounds you can implement here.
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponized: Yes
- Public Aware: Yes
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): No
[dt_divider style=”thin” /]
2. CVE-2021-38647: Open Management Infrastructure Remote Code Execution Vulnerability
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. This vulnerability requires no user interaction or privileges, so an attacker can run their code on an affected system just by sending a specially crafted message to an affected system.
An attacker could send a specially crafted message via HTTPS to port 5986 on a vulnerable system.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponized: No
- Public Aware: No
- Countermeasure: NoÂ
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
[dt_divider style=”thin” /]
3. CVE-2021-36954: Windows Bind Filter Driver Elevation of Privilege Vulnerability
The vulnerability allows a local user to escalate privileges on the system. After the privilege escalation, an attacker can then perform other acts of attacks or even affects resources outside of the original attack vector – Solar Winds spring to mind?
Syxscore
- Vendor Severity: Important
- CVSS: 9.8
- Weaponized: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Yes
Syxsense Recommendations
Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.
| CVE Reference | Description | Vendor Severity | CVSS Score | Countermeasure | Publicly Aware | Weaponized | Syxsense Recommended |
| CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability | Important | 8.8 | Yes | Yes | Yes | Yes |
| CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability | Critical | 9.8 | No | No | No | Yes |
| CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-26435 | Windows Scripting Engine Memory Corruption Vulnerability | Critical | 8.1 | No | No | No | Yes |
| CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | Important | 8 | No | No | No | Yes |
| CVE-2021-36968 | Windows DNS Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-38671 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2021-38661 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38644 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38658 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38660 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38659 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38653 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38654 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38656 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26434 | Visual Studio Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-36952 | Visual Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38625 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38626 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38667 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-40447 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-36974 | Windows SMB Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-38650 | Microsoft Office Spoofing Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2021-38651 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2021-38652 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-38669 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Important | 6.4 | No | No | No | |
| CVE-2021-40448 | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | Important | 6.3 | No | No | No | |
| CVE-2021-26436 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2021-38641 | Microsoft Edge for Android Spoofing Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2021-38642 | Microsoft Edge for iOS Spoofing Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2021-38657 | Microsoft Office Graphics Component Information Disclosure Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability | Important | 5.7 | No | No | No | |
| CVE-2021-26437 | Visual Studio Code Spoofing Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-36961 | Windows Installer Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-36969 | Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-38635 | Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-38636 | Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-40440 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | Important | 5.4 | No | No | No | |
| CVE-2021-36930 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2021-26439 | Microsoft Edge for Android Information Disclosure Vulnerability | Moderate | 4.6 | No | No | No | |
| CVE-2021-36956 | Azure Sphere Information Disclosure Vulnerability | Important | 4.4 | No | No | No |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
