Security News > 2021 > September > Microsoft's end-of-summer software security cleanse crushes more than 80 bugs

Microsoft's end-of-summer software security cleanse crushes more than 80 bugs
2021-09-15 00:00

For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge.

One of the already publicly disclosed CVEs resolves a critical zero-day vulnerability in MSHTML, also known as Microsoft's legacy Trident rendering engine.

Goettl said the third previously disclosed vulnerability addresses a privilege elevation flaw in Windows DNS. "This CVE applies to the legacy Windows OSs. Public disclosure gives threat actors a bit of a jump start on developing a working exploit."

Kevin Breen, director of cyber threat research, Immersive Labs, told The Register in an email that three local-privilege-escalation vulnerabilities in the Windows Common Log File System Driver also deserve attention because they're listed as more likely to be exploited.

"The most severe of these bugs could allow remote code execution through either a type confusion, heap-based buffer overflow, or a use after free vulnerability," said Childs.

"Facing the integral role of the JMS Connector Service and the CVSS top score of the vulnerability, there should be no doubt that providing the corresponding patch is absolutely recommended," said Thomas Fritsch, a researcher at security firm Onapsis, in a blog post.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/15/microsoft_patch_tuesday/