Skip to main content

Microsoft Monthly Security Update (September 2021)

Last Update Date: 20 Sep 2021 Release Date: 15 Sep 2021 2527 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Note:

Microsoft has released the patch to fix the vulnerability (CVE-2021-40444) in MSHTML component affecting Microsoft Windows in this update. The risk level of that vulnerability is previously rated as extremely high risk, which could allow an attacker to trigger remote code execution on the targeted system and is being exploited in the wild. HKCERT recommends users to install these updates immediately to ensure that vulnerability is addressed. Please refer to "More Articles" section for more information about the CVE-2021-40444.

 

[Updated on 2021-09-16] This security update fixes the remote code execution vulnerability of windows print spooler service.

 

[Updated on 2021-09-20] More information about the Azure vulnerabilities ( CVE-2021-38645CVE-2021-38649CVE-2021-38648, and CVE-2021-38647). Microsoft further published Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions. In summary:
 

  • The vulnerable OMI agents (versions below v1.6.8-1) are installed in all Microsoft’s Azure Linux virtual machines by default.
  • A scanning script and detection guidance are provided by Microsoft for users to check for the affected VMs.
  • Patch is generally available. Please refer to the "Solution" section.

 

Vulnerable ProductRisk LevelImpactsNotes
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Spoofing
Elevation of Privilege
 
WindowsHigh Risk High RiskElevation of Privilege
Spoofing
Information Disclosure
Denial of Service
Remote Code Execution
Security Restriction Bypass

Exploit in the wild

CVE-2021-40444

Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Spoofing
Information Disclosure
Denial of Service
Remote Code Execution
 
BrowserMedium Risk Medium RiskElevation of Privilege
Spoofing
Data Manipulation
Information Disclosure
 
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Information Disclosure
 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Spoofing
 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 5

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': High Risk


Impact

  • Denial of Service
  • Data Manipulation
  • Security Restriction Bypass
  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Developer Tools
  • Windows
  • Extended Security Updates (ESU)
  • Browser
  • Azure
  • Microsoft Dynamics
  • Microsoft Office

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

[Updated on 2021-09-20] More information about the Azure vulnerabilities ( CVE-2021-38645CVE-2021-38649CVE-2021-38648, and CVE-2021-38647)
 


Vulnerability Identifier


Source


Related Link

https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep