15 September 2021

Microsoft’ September 2021 Patch Tuesday fixes over 60 security bugs, including MSHTML zero-day


Microsoft’ September 2021 Patch Tuesday fixes over 60 security bugs, including MSHTML zero-day

Microsoft has released software updates to resolve dozens of security vulnerabilities in Windows, Azure Open Management Infrastructure, Azure Sphere, Office Excel, PowerPoint, Word, and Access; the kernel, Visual Studio, Microsoft Windows DNS, BitLocker, and other related software.

The software updates include fixes for several critical bugs, including a remote code execution flaw in MSHTML (CVE-2021-40444), which Microsoft said was observed being exploited in a limited number of attacks. MSHTML is the main HTML component of the Windows Internet Explorer browser, it is also used in other applications.

The vulnerability is caused by improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

Some other notable vulnerabilities addressed with the release of this month’s Patch Tuesday include bugs affecting Windows WLAN AutoConfig Service, Microsoft Open Management Infrastructure, Microsoft Edge, Microsoft Excel, Word, Office, and Microsoft Office Access Connectivity Engine.


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021