Security News > 2021 > September > Microsoft's end-of-summer software security cleanse crushes more than 80 bugs
For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.
Another CVE updates a publicly disclosed patch from August 11 which addressed last month's Print Spooler RCE. "The update has removed the previously defined mitigation as it no longer applies and addresses the additional concerns that were identified by researchers beyond the original fix," explained Chris Goettl, VP of product management at Ivanti, an IT asset management firm, in a statement emailed to The Register.
Kevin Breen, director of cyber threat research, Immersive Labs, told The Register in an email that three Local Privilege Escalation vulnerabilities in the Windows Common Log File System Driver also deserve attention because they're listed as more likely to be exploited.
"The most severe of these bugs could allow remote code execution through either a type confusion, heap-based buffer overflow, or a use after free vulnerability," said Childs.
SAP released 19 security notes, two of which update previous patches, covering 23 CVEs.
"Facing the integral role of the JMS Connector Service and the CVSS top score of the vulnerability, there should be no doubt that providing the corresponding patch is absolutely recommended," said Thomas Fritsch, a researcher at security firm Onapsis, in a blog post.
News URL
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)