In September’s Patch Tuesday crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which – the Windows MSHTML zero-day – has been under active attack for nearly two weeks. One other bug is listed as publicly known but isn’t (yet) being exploited. Immersive Labs’ Kevin Breen, director of cyber threat research, observed that with only one CVE under active attack in the wild, it’s “quite a light Patch Tuesday” – at least on the surface, that is. The flaws were found in Microsoft Windows and Windows components, Microsoft Edge (Chromium, iOS, and Android), Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS and the Windows Subsystem for Linux. Of the 66 new CVEs patched today, three are rated critical, 62 are rated important, and one is rated moderate in severity. Over the past nine months of 2021, this is the seventh month in which Microsoft patched fewer than 100 CVEs, in stark contrast to 2020, when Redmond spent eight months gushing out more than 100 CVE patches per month. But while the overall number of vulnerabilities is lighter, the severity ratings have ticked up, as the Zero Day Initiative noted. Some observers pegged the top patching priority in this month’s batch as being a fix for CVE-2021-40444: An important-rated vulnerability in Microsoft’s MSHTML (Trident) engine that rates 8.8 out of 10 on the CVSS scale. Disclosed on Sept. 7, it’s a painfully throbbing sore thumb, given that…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-09-14 16:29:002021-09-14 16:29:00Microsoft Patches Actively Exploited Windows Zero-Day
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org