Wednesday, 15 September 2021 11:44

Microsoft issues patches for two zero-day flaws, 84 others Featured

By
Microsoft issues patches for two zero-day flaws, 84 others Pixabay

Microsoft has released patches for two zero-day vulnerabilities, along with patches for 84 other flaws in its products, including Microsoft Edge.

The company released details of one zero-day earlier this month.

The company said at the time that it was investigating reports of a remote code execution vulnerability in MSHTML.

The 86 flaws detailed on Tuesday, in its regular Patch Tuesday release, were in the following categories:

  • elevation of privilege (27);
  • remote code execution (16);
  • information disclosure (11);
  • spoofing (8);
  • security feature bypass (2); and
  • denial of service (1).

Web Analytics
Commenting on the avalanche of patches, Satnam Narang, staff researcher engineer at security firm Tenable, said: "This month's Patch Tuesday release includes fixes for 60 CVEs, four of which are rated critical. So far in 2021, Microsoft patched less than 100 CVEs in seven out of the last nine months, which is in stark contrast to 2020, which featured eight months when more than 100 CVEs were patched.

"This month's release includes a fix for CVE-2021-40444, a critical vulnerability in Microsoft's MSHTML (Trident) engine. This vulnerability was disclosed on September 7 and researchers developed a number of proof-of-concept exploits showing the ease and reliability of exploitation. An attacker would need to convince a user to open a specially crafted Microsoft Office document containing the exploit code.

"There have been warnings that this vulnerability will be incorporated into malware payloads and used to distribute ransomware. There are no indications that this has happened yet, but with the patch now available, organisations should prioritise updating their systems as soon as possible."

Narang pointed out that Microsoft had also patched three elevation of privilege vulnerabilities in Windows Print Spooler (CVE-2021-38667, CVE-2021-38671 and CVE-2021-40447).

"For the last few months, we have seen a steady stream of patches for flaws in Windows Print Spooler following the disclosure of PrintNightmare in July," he said.

"Researchers continue to discover ways to exploit Print Spooler, and we expect continued research in this area. Only one (CVE-2021-38671) of the three vulnerabilities is rated as more likely to be exploited. Organisations should also prioritise patching these flaws as they are extremely valuable to attackers in post-exploitation scenarios."


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments