I. Overview

Microsoft has released its September 2021 Security Updates. A total of 60 security vulnerabilities have been disclosed, among which three are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The affected applications include the Microsoft Windows, Microsoft Office, Microsoft Edge, and MSHTML.

For details, visit Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep

The updates have fixed two 0-day vulnerabilities:

1. Microsoft MS-HTML remote code execution vulnerability (CVE-2021-40444). Its PoC and Exp have been disclosed. The vulnerability is being actively exploited.

2. Windows DNS privilege escalation vulnerability (CVE-2021-36968). The vulnerability details have been disclosed.

Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Edge, MSHTML, and more.

IV. Vulnerability Details

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Suggestions

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.