Microsoft Monthly Security Update (September 2021)
RISK: High Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
Note:
Microsoft has released the patch to fix the vulnerability (CVE-2021-40444) in MSHTML component affecting Microsoft Windows in this update. The risk level of that vulnerability is previously rated as extremely high risk, which could allow an attacker to trigger remote code execution on the targeted system and is being exploited in the wild. HKCERT recommends users to install these updates immediately to ensure that vulnerability is addressed. Please refer to "More Articles" section for more information about the CVE-2021-40444.
[Updated on 2021-09-16] This security update fixes the remote code execution vulnerability of windows print spooler service.
[Updated on 2021-09-20] More information about the Azure vulnerabilities ( CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647). Microsoft further published Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions. In summary:
- The vulnerable OMI agents (versions below v1.6.8-1) are installed in all Microsoft’s Azure Linux virtual machines by default.
- A scanning script and detection guidance are provided by Microsoft for users to check for the affected VMs.
- Patch is generally available. Please refer to the "Solution" section.
| Vulnerable Product | Risk Level | Impacts | Notes |
| Developer Tools |  Medium Risk | Remote Code Execution Spoofing Elevation of Privilege | |
| Windows |  High Risk | Elevation of Privilege Spoofing Information Disclosure Denial of Service Remote Code Execution Security Restriction Bypass | Exploit in the wild |
| Extended Security Updates (ESU) | Medium Risk | Elevation of Privilege Spoofing Information Disclosure Denial of Service Remote Code Execution | |
| Browser | Medium Risk | Elevation of Privilege Spoofing Data Manipulation Information Disclosure | |
| Azure | Medium Risk | Elevation of Privilege Remote Code Execution Information Disclosure | |
| Microsoft Dynamics |  Low Risk | Spoofing | |
| Microsoft Office | Medium Risk | Remote Code Execution Spoofing |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 1
Number of 'Medium Risk' product(s): 5
Number of 'Low Risk' product(s): 1
Evaluation of overall 'Risk Level': High Risk
Impact
- Denial of Service
- Data Manipulation
- Security Restriction Bypass
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
- Spoofing
System / Technologies affected
- Developer Tools
- Windows
- Extended Security Updates (ESU)
- Browser
- Azure
- Microsoft Dynamics
- Microsoft Office
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
[Updated on 2021-09-20] More information about the Azure vulnerabilities ( CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647)
- For cloud subscription, automatic update is available if enabled.
- For on-premise deployment, manual update is required. Details refer to https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/.
- If the patch cannot be installed, user can protect against the CVE-2021-38647 by ensuring VMs are deployed within a Network Security Group (NSG) or behind a firewall and restrict access to Linux systems that expose the OMI ports (TCP 5985, 5986, and 1270).
Vulnerability Identifier
Source
Related Link
https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep
Related Tags
Share with
