Security News > 2021 > September

Growth rates remained strong in the enterprise segment of the wireless local area networking market in the second quarter of 2021 as the market increased 22.4% on a year-over-year basis to $1.7 billion, according to the IDC. In the consumer segment of the WLAN market, revenues declined 5.7% in the quarter to $2.3 billion, giving the combined enterprise and consumer WLAN markets year-over-year growth of 4.6% in 2Q21. The growth in the enterprise-class segment of the market builds on a strong first quarter of 2021 when revenues increased 24.6% year over year. Enterprise WLAN market growth in 2Q21 driven by Wi-Fi 6.

For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge. One of the already publicly disclosed CVEs resolves a critical zero-day vulnerability in MSHTML, also known as Microsoft's legacy Trident rendering engine.

For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge. Another CVE updates a publicly disclosed patch from August 11 which addressed last month's Print Spooler RCE. "The update has removed the previously defined mitigation as it no longer applies and addresses the additional concerns that were identified by researchers beyond the original fix," explained Chris Goettl, VP of product management at Ivanti, an IT asset management firm, in a statement emailed to The Register.

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity.

Adobe is urging its throngs of Acrobat Reader users to update their software to fix critical vulnerabilities that could allow adversaries to execute arbitrary code on unpatched versions. As for the Adobe Acrobat family of software, 26 bugs were patched, 13 of which were critical and given an Adobe priority rating of "2," meaning that the affected product is at "Elevated risk" of being attacked.

Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. In June, a zero-day Windows print spooler vulnerability dubbed PrintNightmare was accidentally disclosed.

In September's Patch Tuesday crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which - the Windows MSHTML zero-day - has been under active attack for nearly two weeks. Microsoft said last week that the flaw could let an attacker "Craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine," after which "The attacker would then have to convince the user to open the malicious document." Unfortunately, malicious macro attacks continue to be prevalent: In July, for example, legacy users of Microsoft Excel were being targeted in a malware campaign that used a novel malware-obfuscation technique to disable malicious macro warnings and deliver the ZLoader trojan.

Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. According to Microsoft, CVE-2021-40444 impacts Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10.

Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers. Without a way to look into memory, or create illegal commands, and interpret the results in terms of an attack, they are limited in their ability to identify security vulnerabilities.

Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware - but rather than being attacked directly, its name is being used to spread malware among users via emails offering advertising revenue. Those looking to take advantage of the "Offer" are asked to "Register as a Krita partner" and sent a link to download the Windows version of the app and a "Media pack" of assets - the link, naturally, pointing to a convincingly named domain outside the control of the Krita project and hosting a ransomware dropper which takes over the victim's system, encrypts their files, and demands payment to reverse the process.