Microsoft Patch Tuesday – September 2021

Patch Tuesday is once again upon us. The September 2021 edition of Patch Tuesday brings us 64 fixes, 3 of which are rated as critical with one actively exploited. We've listed the most important changes below.

⚡ TL;DR | Go Straight to the September 2021 Patch Tuesday Audit Report

PrintNightmare Fixed Again

CVE-2021-36958 finally gets a fix. After being disclosed on August 11, just after the previous patch Tuesday, the 6th part of the PrintNightmare sage comes to a close. While most people will have disabled the Print Spooler service on unnecessary devices by now. This isn't the only Print Spooler fix included this month. An additional 4 Print Spooler vulnerabilities were fixed bringing the total number of Print Spooler service vulnerabilities in the last few months to a nice round 10.

Microsoft MSHTML Remote Code Execution Vulnerability

Earlier this month, CVE-2021-40444 was disclosed. While this vulnerability does have a CVSS 3.0 base score of 8.8, it requires a non-default Microsoft Office configuration to disable protected mode. According to Microsoft: "An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.". Regardless of how severe this vulnerability is, it has been actively exploited and a fix is included in this month's patches.

Windows Scripting Engine Memory Corruption Vulnerability

Listed as CVE-2021-26435, this vulnerability is one of the three critical vulnerabilities of this month and has a CVSS 3.0 base score of 8.1. In order to exploit this vulnerability, an attacker would have to convince the user to open a specially crafted file. This can either be done via an email attachment or by convincing the user to click a link to a website their control.

Open Management Infrastructure Remote Code Execution Vulnerability

Part of 4 new vulnerabilities, CVE-2021-38647 is the second critical vulnerability. Along with CVE-2021-38649, CVE-2021-38648, and CVE-2021-38645 they provide a risk to some Azure products, like Configuration Management. These products expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport) and it is this exposure of the port that is vulnerable to a specially crafted message via HTTPS to port 5986. Most Azure services however do not deploy OMI and expose the HTTP/S port.

Run the Patch Tuesday September 2021 Audit Report

To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

Patch Tuesday June 2021 CVE Codes & Titles

CVE NumberCVE Title
CVE-2021-30632Chromium: CVE-2021-30632 Out of bounds write in V8
CVE-2021-40444Microsoft MSHTML Remote Code Execution Vulnerability
CVE-2021-1678Windows Print Spooler Spoofing Vulnerability
CVE-2021-34442Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-36952Visual Studio Remote Code Execution Vulnerability
CVE-2021-36954Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2021-36959Windows Authenticode Spoofing Vulnerability
CVE-2021-36960Windows SMB Information Disclosure Vulnerability
CVE-2021-36961Windows Installer Denial of Service Vulnerability
CVE-2021-36962Windows Installer Information Disclosure Vulnerability
CVE-2021-36964Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-36965Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVE-2021-36966Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2021-36967Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2021-36968Windows DNS Elevation of Privilege Vulnerability
CVE-2021-36969Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-36972Windows SMB Information Disclosure Vulnerability
CVE-2021-36973Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2021-36974Windows SMB Elevation of Privilege Vulnerability
CVE-2021-26435Windows Scripting Engine Memory Corruption Vulnerability
CVE-2021-38624Windows Key Storage Provider Security Feature Bypass Vulnerability
CVE-2021-38625Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38626Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38628Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38629Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVE-2021-38630Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-38632BitLocker Security Feature Bypass Vulnerability
CVE-2021-38634Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2021-38635Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-38636Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-38637Windows Storage Information Disclosure Vulnerability
CVE-2021-38638Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38645Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38647Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38648Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38649Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-26437Visual Studio Code Spoofing Vulnerability
CVE-2021-40440Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36956Azure Sphere Information Disclosure Vulnerability
CVE-2021-26434Visual Studio Elevation of Privilege Vulnerability
CVE-2021-38644Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2021-38646Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-38650Microsoft Office Spoofing Vulnerability
CVE-2021-38651Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-38652Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-38653Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-38654Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2021-38655Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38656Microsoft Word Remote Code Execution Vulnerability
CVE-2021-38657Microsoft Office Graphics Component Information Disclosure Vulnerability
CVE-2021-38658Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38659Microsoft Office Remote Code Execution Vulnerability
CVE-2021-38660Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38661HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-38667Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-40447Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-40448Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
CVE-2021-36958Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36955Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36963Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36975Win32k Elevation of Privilege Vulnerability
CVE-2021-38633Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-38639Win32k Elevation of Privilege Vulnerability
CVE-2021-38671Windows Print Spooler Elevation of Privilege Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​