Microsoft's September Patch Tuesday Addresses 60 CVEs

On September 14, Microsoft published its monthly security update, known as Patch Tuesday. In this month’s Patch Tuesday release, Microsoft addressed 60 CVEs, including four rated critical.

This month’s release contains fixes for CVE-2021-40444, a critical remote code execution vulnerability in Microsoft’s MSHTML (Trident) engine that was initially disclosed as part of an out-of-band informational advisory one week ago. Microsoft said this vulnerability was exploited in-the-wild as a zero-day in limited, targeted attacks.

Since the initial out-of-band advisory was disclosed, there are now 21 proof-of-concept scripts available on GitHub for this vulnerability and there is growing concern that attackers will soon incorporate it into their malware campaigns and it may also be used to distribute ransomware. The Tenable Security Response Team strongly recommends applying this month’s patches as soon as possible.

This month's Patch Tuesday release includes fixes for:

• Azure Open Management Infrastructure
• Azure Sphere
• Dynamics Business Central Control
• Microsoft Accessibility Insights for Android
• Microsoft Edge (Chromium-based)
• Microsoft Edge for Android
• Microsoft MPEG-2 Video Extension
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows DNS
• Visual Studio
• Windows Ancillary Function Driver for WinSock
• Windows Authenticode
• Windows Bind Filter Driver
• Windows BitLocker
• Windows Common Log File System Driver
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Key Storage Provider
• Windows MSHTML Platform
• Windows Print Spooler Components
• Windows Redirected Drive Buffering
• Windows Scripting
• Windows SMB
• Windows Storage
• Windows Subsystem for Linux
• Windows TDX.sys
• Windows Update
• Windows Win32K
• Windows WLAN Auto Config Service
• Windows WLAN Service

For more information about the notable vulnerabilities in this month’s Patch Tuesday, including the availability of patches and Tenable product coverage, please visit our blog.