Microsoft was released today the standard Patch Tuesday for September 2021. The company fixed (or so it claims) two zero day and 60 other errors.
In today's update, the three errors are classified as critical, there is one that is classified as moderate and 56 as significant.
Out of a total of 86 vulnerabilities (συμπεριλαμβανομένου του των επιδιορθώσεων στον Microsoft Edge) we have:
27 Errors Leading to Elevation of Privilege
2 Vulnerabilities to bypass security features
16 Remote code execution vulnerabilities
11 Vulnerabilities for information disclosure
1 Denial of service vulnerabilities
8 Spoofing vulnerabilities
Η Microsoft κυκλοφόρησε μια ενημέρωση ασφαλείας για την ευπάθεια εκτέλεσης απομακρυσμένου κώδικα (remote code execution) μέσω του Windows MSHTML, which is tracked in CVE-2021-40444.
Last Tuesday, Microsoft has revealed that this vulnerability στο Windows MSHTML usesται ήδη στο διαδίκτυο σε επιθέσεις ηλεκτρονικού ψαρέματος.
These attacks come with malicious Word documents that can download and run a malicious DLL file on the victim's computer.
This file allows the attacker to gain remote access to the victim's device to steal files and spread across the network.
Immediately after Microsoft revealed the vulnerability, too many security people started sharing vulnerability drivers, which now allows anyone to launch attacks, as shown below.
CVE-2021-36968 - Windows DNS Elevation of Privilege Vulnerability
CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability
