Patch Tuesday September 2021 fixes 2 0day

Microsoft was released today το καθιερωμένο Patch Tuesday για τον Σεπτέμβριο του 2021. Η εταιρεία επιδιόρθωσε (ή τουλάχιστον έτσι ισχυρίζεται) δύο day and 60 other errors.

Patch Tuesday, Microsoft Patch Tuesday, iguru

In today's update, the three errors are classified as critical, there is one that is classified as moderate and 56 as significant.

Out of a total of 86 (including fixes to Microsoft Edge) we have:

27 Errors Leading to Elevation of Privilege
2 Feature bypass vulnerabilities
16 Remote execution vulnerabilities
11 Vulnerabilities for information disclosure
1 Denial of service vulnerabilities
8 Spoofing vulnerabilities

Η Microsoft κυκλοφόρησε μια ενημέρωση for εκτέλεσης απομακρυσμένου κώδικα (remote code execution) μέσω του Windows MSHTML, η οποία παρακολουθείται στο CVE-2021-40444.

Last Tuesday, Microsoft has revealed that this vulnerability in Windows MSHTML is already used on the internet in phishing attacks.

These attacks come with malicious Word documents that can download and run a malicious DLL file on the victim's computer.

This file allows an attacker to gain remote access to the of the victim to steal files and spread throughout the network.

Immediately after Microsoft revealed the vulnerability, too many security people started sharing vulnerability drivers, which now allows anyone to launch attacks, as shown below.

CVE-2021-36968 - Windows DNS Elevation of Privilege Vulnerability

CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Patch Tuesday, Microsoft Patch Tuesday, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).