![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-1-13.png\")
<\/p>\nMicrosoft patched 60 unique security vulnerabilities in September 2021, which includes two zero-day exploits. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n
<\/p>\n
This September, Microsoft patched 60 vulnerabilities discovered in 2021.<\/p>\n
15 CVEs are classified as Remote Code Execution bugs<\/p>\n<\/li>\n
25 CVEs with Privilege Escalation capabilities<\/p>\n<\/li>\n
10 CVEs are linked to Information Disclosure<\/p>\n<\/li>\n
1 CVEs have Denial of Service ability<\/p>\n<\/li>\n
5 CVEs has Spoofing possibilities<\/p>\n<\/li>\n
2 CVEs are Security Bypass bugs<\/p>\n<\/li>\n<\/ul>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-1-16.png\")
<\/p>\n
On September 14, Microsoft had published a new zero-day (CVE-2021-40444) with remote code execution vulnerability in Windows MSHTML that threat actors are actively exploiting using phishing attacks. These attacks spread malicious Word documents leveraging the CVE-2021-40444 vulnerability, that downloaded and executed a malicious DLL file on the victim\u2019s device.<\/p>\n
This critical zero-day vulnerability, also known as Trident, had received a security update as a part of the September patch release and was assigned a CVSS v3 score of 8.8 (high). According to Microsoft, the effect of this vulnerability would be greater if the attacker had administrator access.<\/p>\n
Meanwhile, several PoC have been released in GitHub repositories for this flaw and CISA has also issued<\/a> an alert to patch this vulnerability.<\/p>\n PrintNightmare Fixed Again:<\/strong> The sixth chapter of the PrintNightmare<\/a> (CVE-2021-36968) series has come to an end this month with a fix. This CVE has a CVSS v3 score of 7.8 (high) and allows attackers to gain\u00a0 elevation of privilege that impacts Windows 7 and Server 2008 \/ Server 2008 R2. The availability of functional exploit codes and public disclosures puts further urgency on this month\u2019s Windows OS updates.<\/p>\n In this month\u2019s round of patches, there are 15 CVEs classified as Remote Code Execution,\u00a0 and 25 CVEs have Privilege Escalation capabilities. These include three critical vulnerabilities (CVE-2021-26435<\/a>, CVE-2021-38647<\/a>, CVE-2021-36965<\/a>), which are classified as RCE bugs.<\/p>\n Four Microsoft zero-day vulnerabilities (CVE-2021-38647<\/a>, CVE-2021-38648<\/a>, CVE-2021-38645<\/a> and CVE-2021-38649)<\/a> in the Azure cloud platform\u2019s Open Management Infrastructure (OMI) – collectively dubbed as \u201cOMIGOD\u201d- affects thousands of Azure customers and millions of endpoints, according to Wiz<\/a>.\u00a0 These flaws carry a CVSS v3 score range of 7.1 to 9.8.<\/p>\n The products impacted in the September patch bundle include Azure Open Management Infrastructure, Azure Sphere, Office Excel, PowerPoint, Word, and Access; the kernel, Visual Studio, Microsoft Windows DNS, and BitLocker, among other software.\u00a0 Of these, Windows Server receives the highest number of fixes this month.<\/p>\n![](\"https:\/\/lh6.googleusercontent.com\/gxqLSx9_y6OwYeqabCFxQ_fL76jX_vlfV2Lo2fIbqSx2_tFSTpURUuWr4P8FuVKPrPoluEiSx-joflTb3T67cUVfO_kePxTKX9kXu6IOjpOFHSNIC5KVXVPf5F9a_UIhWw91jd7K=s0\")
RCE\/PE<\/strong><\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-2-16.png\")
<\/p>\nProduct Analysis<\/strong><\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watch-4-9.png\")