Patch Tuesday – September 2021

Post Syndicated from Adam Bunn original https://blog.rapid7.com/2021/09/15/patch-tuesday-september-2021/

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here’s three big things you can go patch right now.

MSHTML Remote Code Execution 0-day (CVE-2021-40444)

The hot topic this month is the most recent remote code execution 0-day vulnerability in MSHTML. When it was first discovered it was only being used in a limited number of attacks, however this quickly changed once instructions for exploiting the vulnerability were published online. This vulnerability was severe enough to warrant publishing patches for older operating systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008. Now that updates have been published for this vulnerability they should be applied as soon as possible.

Windows DNS Local Elevation of Privilege (CVE-2021-36968)

This is the second publicly disclosed vulnerability updated this month. While the details surrounding this CVE are sparse, we do know that Microsoft has not detected exploitation in the wild.

Updates to PrintNightmare (CVE-2021-1678)

Microsoft has made additional patches available for older operating systems. If you were previously unable to patch against this vulnerability you may want to review this new information.

Summary Graphs

Patch Tuesday - September 2021
Patch Tuesday - September 2021
Patch Tuesday - September 2021
Patch Tuesday - September 2021

Summary Tables

Azure Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability No No 7 Yes
CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability No No 6.3 Yes
CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability No No 4.4 Yes

Browser Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability No No 6.1 No
CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability No No 6.1 No
CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability No No 4.6 No
CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability No No 6.4 Yes
CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 6.1 No
CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 5.3 No
CVE-2021-30632 Chromium: CVE-2021-30632 Out of bounds write in V8 No No Yes
CVE-2021-30624 Chromium: CVE-2021-30624 Use after free in Autofill No No Yes
CVE-2021-30623 Chromium: CVE-2021-30623 Use after free in Bookmarks No No Yes
CVE-2021-30622 Chromium: CVE-2021-30622 Use after free in WebApp Installs No No Yes
CVE-2021-30621 Chromium: CVE-2021-30621 UI Spoofing in Autofill No No Yes
CVE-2021-30620 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink No No Yes
CVE-2021-30619 Chromium: CVE-2021-30619 UI Spoofing in Autofill No No Yes
CVE-2021-30618 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools No No Yes
CVE-2021-30617 Chromium: CVE-2021-30617 Policy bypass in Blink No No Yes
CVE-2021-30616 Chromium: CVE-2021-30616 Use after free in Media No No Yes
CVE-2021-30615 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation No No Yes
CVE-2021-30614 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip No No Yes
CVE-2021-30613 Chromium: CVE-2021-30613 Use after free in Base internals No No Yes
CVE-2021-30612 Chromium: CVE-2021-30612 Use after free in WebRTC No No Yes
CVE-2021-30611 Chromium: CVE-2021-30611 Use after free in WebRTC No No Yes
CVE-2021-30610 Chromium: CVE-2021-30610 Use after free in Extensions API No No Yes
CVE-2021-30609 Chromium: CVE-2021-30609 Use after free in Sign-In No No Yes
CVE-2021-30608 Chromium: CVE-2021-30608 Use after free in Web Share No No Yes
CVE-2021-30607 Chromium: CVE-2021-30607 Use after free in Permissions No No Yes
CVE-2021-30606 Chromium: CVE-2021-30606 Use after free in Blink No No Yes

Developer Tools Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26437 Visual Studio Code Spoofing Vulnerability No No 5.5 No

ESU Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability No Yes 7.8 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability No No 5.4 No

Microsoft Office Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability No No 7.6 No
CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38650 Microsoft Office Spoofing Vulnerability No No 7.6 Yes
CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability No No 6.1 Yes
CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

Windows Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability No No 8 No
CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38637 Windows Storage Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-36972 Windows SMB Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability No No 6.5 Yes
CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability No No 8.8 No
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability No No 7.1 No
CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability No No 5.7 Yes

Windows ESU Vulnerabilities

CVE Title Exploited Disclosed CVSS3 FAQ
CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability No No 8.1 Yes
CVE-2021-36960 Windows SMB Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-36969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38635 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38636 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36962 Windows Installer Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-36961 Windows Installer Denial of Service Vulnerability No No 5.5 No
CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-36959 Windows Authenticode Spoofing Vulnerability No No 5.5 No
CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability Yes Yes 8.8 Yes