Security News > 2021 > September > Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers.
According to Microsoft, CVE-2021-40444 impacts Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10.
"Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately."
Today's security updates address the vulnerability for all affected versions of Windows and include a Monthly Rollup, a Security Only update, and an Internet Explorer cumulative update.
"Customers running Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both the Security Only and the IE Cumulative updates," according to Microsoft.
"The Monthly Rollup for Windows 7, Windows Server 2008 R2, and Windows Server 2008 includes the update for this vulnerability. Customers who apply the Monthly Rollup do not need to apply the IE Cumulative update."
- Microsoft confirms another Windows print spooler zero-day bug (source)
- Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows (source)
- Microsoft Patches Actively Exploited Windows Zero-Day Bug (source)
- Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability (source)
- Microsoft's Windows 365 Cloud PC service is live - Costs from $24 to $162 (source)
- Microsoft halts Windows 365 trials after running out of servers (source)
- Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say (source)
- New Windows PrintNightmare zero-days get free unofficial patch (source)
- Microsoft fixes Windows Print Spooler PrintNightmare vulnerability (source)
- Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws (source)