Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on iOS products, and Google's got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software. Four of the flaws fixed in this patch batch earned Microsoft's most-dire "critical" rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user. Top of the critical heap is CVE-2021-40444, which affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. In a security advisory last week, Microsoft warned attackers already are exploiting the flaw through Microsoft Office applications as well as IE. The critical bug CVE-2021-36965 is interesting, as it involves a remote code execution flaw in "WLAN AutoConfig," the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected. Allan Liska, senior security architect at Recorded…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-09-14 17:00:002021-09-14 17:00:00Microsoft Patch Tuesday, September 2021 Edition
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com