September 2021 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in September's Patch Tuesday Index below.

Microsoft reported 86 vulnerabilities, three of which are rated as critical. In addition, there were two vulnerabilities that while only rated as “High Severity,” nonetheless are classified as zero-days. Microsoft classifies a vulnerability as a zero-day if publicly disclosed or actively exploited. CVE-2021-40444 is the only actively exploited vulnerability while CVE-2021-36968 is publicly disclosed with no active exploitation known.

Microsoft also posted 25 vulnerabilities affecting the Chromium-based Microsoft Edge. Similarly, Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix 11 security vulnerabilities, two of them being zero-days exploited in the wild.

Adobe has released a large number of security updates, spanning across 15 products. The security update addresses many different vulnerability types ranging from “important” to “critical” in severity. Additionally, Mozilla released five separate security advisories spanning across multiple versions of Firefox, Firefox ESR, and Thunderbird.

Finally, Apple released security updates in multiple products to address a duo of vulnerabilities that “may have been actively exploited in the wild.” CISA has also posted a notification relating to these Apple updates.

We encourage you to register for the Automox Patch Tuesday Webinar: September 2021 taking place on September 15th at 12pm ET. Join the live webinar and you could win a $50 Grubhub gift card during the trivia quiz!

Updated Live. Last Update 12:40 PM EST September 14, 2021.

firefox Mozilla Firefox
Product
Title
Identifier
Severity
Firefox 5 security vulnerabilities fixed in Firefox 92 MFSA 2021-38 High
Firefox ESR 2 security vulnerabilities fixed in Firefox ESR 78.14 MFSA 2021-39 Medium
Firefox ESR 2 security vulnerabilities fixed in Firefox ESR 91.1 MFSA 2021-40 Low
Thunderbird 2 security vulnerabilities fixed in Thunderbird 91.1 MFSA 2021-41 Low
Thunderbird 2 security vulnerabilities fixed in Thunderbird 78.14 MFSA 2021-42 Medium
chrome Google Chrome
Product
Title
Identifier
Severity
Stable Channel Update for Desktop 11 security vulnerabilities fixed in Chrome 93.0.4577.82 High
apple Apple
Product
Title
Identifier
Severity
Multiple Products 1 security vulnerability fixed in multiple products CVE-2021-30858 High
Multiple Products 1 security vulnerability fixed in multiple products CVE-2021-30860 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Acrobat and Reader 25 security vulnerabilities fixed in Acrobat and Reader APSB21-55 Adobe Priority 2
Adobe Premiere Pro 2 security vulnerabilities fixed in Premiere Pro APSB21-67 Adobe Priority 3
Adobe InCopy 2 security vulnerabilities fixed in InCopy APSB21-71 Adobe Priority 3
Adobe SVG-Native-Viewer 1 security vulnerability fixed in SVG-Native-Viewer APSB21-72 Adobe Priority 3
Adobe InDesign 3 security vulnerabilities fixed in InDesign APSB21-73 Adobe Priority 3
Adobe Framemaker 8 security vulnerabilities fixed in Framemaker APSB21-74 Adobe Priority 3
Adobe ColdFusion 2 security vulnerabilities fixed in ColdFusion APSB21-75 Adobe Priority 2
Adobe Creative Cloud Desktop Application 1 security vulnerability fixed in Creative Cloud Desktop Application APSB21-76 Adobe Priority 3
Adobe Photoshop Elements 1 security vulnerability fixed in Photoshop Elements APSB21-77 Adobe Priority 3
Adobe Premiere Elements 5 security vulnerabilities fixed in Premiere Elements APSB21-78 Adobe Priority 3
Adobe Digital Editions 3 security vulnerabilities fixed in Digital Editions APSB21-80 Adobe Priority 3
Adobe Genuine Service 1 security vulnerability fixed in Genuine Service APSB21-81 Adobe Priority 3
Adobe Experience Manager 4 security vulnerabilities fixed in Experience Manager APSB21-82 Adobe Priority 2
Adobe Photoshop 1 security vulnerability fixed in Photoshop APSB21-84 Adobe Priority 3
Adobe XMP Toolkit SDK 1 security vulnerability fixed in XMP Toolkit SDK APSB21-85 Adobe Priority 3
microsoft Microsoft
Product
Title
Identifier
Severity
Windows Scripting Windows Scripting Engine Memory Corruption Vulnerability CVE-2021-26435 Critical
Windows WLAN Auto Config Service Windows WLAN AutoConfig Service Remote Code Execution Vulnerability CVE-2021-36965 Critical
Azure Open Management Infrastructure Open Management Infrastructure Remote Code Execution Vulnerability CVE-2021-38647 Critical
Windows MSHTML Platform Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-36955 High
Microsoft Windows DNS Windows DNS Elevation of Privilege Vulnerability CVE-2021-36968 High
Visual Studio Visual Studio Elevation of Privilege Vulnerability CVE-2021-26434 High
Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability CVE-2021-26436 High
Visual Studio Visual Studio Code Spoofing Vulnerability CVE-2021-26437 High
Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability CVE-2021-36930 High
Visual Studio Visual Studio Remote Code Execution Vulnerability CVE-2021-36952 High
Windows Bind Filter Driver Windows Bind Filter Driver Elevation of Privilege Vulnerability CVE-2021-36954 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2021-36956 High
Windows Authenticode Windows Authenticode Spoofing Vulnerability CVE-2021-36959 High
Windows SMB Windows SMB Information Disclosure Vulnerability CVE-2021-36960 High
Windows Installer Windows Installer Denial of Service Vulnerability CVE-2021-36961 High
Windows Installer Windows Installer Information Disclosure Vulnerability CVE-2021-36962 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-36963 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-36964 High
Windows Subsystem for Linux Windows Subsystem for Linux Elevation of Privilege Vulnerability CVE-2021-36966 High
Windows WLAN Service Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability CVE-2021-36967 High
Windows Redirected Drive Buffering Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability CVE-2021-36969 High
Windows SMB Windows SMB Information Disclosure Vulnerability CVE-2021-36972 High
Windows Redirected Drive Buffering Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability CVE-2021-36973 High
Windows SMB Windows SMB Elevation of Privilege Vulnerability CVE-2021-36974 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-36975 High
Windows Key Storage Provider Windows Key Storage Provider Security Feature Bypass Vulnerability CVE-2021-38624 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-38625 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2021-38626 High
Windows Ancillary Function Driver for WinSock Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2021-38628 High
Windows TDX.sys Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability CVE-2021-38629 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-38630 High
Windows BitLocker BitLocker Security Feature Bypass Vulnerability CVE-2021-38632 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-38633 High
Windows Update Microsoft Windows Update Client Elevation of Privilege Vulnerability CVE-2021-38634 High
Windows Redirected Drive Buffering Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability CVE-2021-38635 High
Windows Redirected Drive Buffering Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability CVE-2021-38636 High
Windows Storage Windows Storage Information Disclosure Vulnerability CVE-2021-38637 High
Windows Ancillary Function Driver for WinSock Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2021-38638 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-38639 High
Microsoft Edge (Chromium-based) Microsoft Edge for Android Spoofing Vulnerability CVE-2021-38641 High
Microsoft Edge (Chromium-based) Microsoft Edge for iOS Spoofing Vulnerability CVE-2021-38642 High
Microsoft MPEG-2 Video Extension Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability CVE-2021-38644 High
Azure Open Management Infrastructure Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38645 High
Microsoft Office Access Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2021-38646 High
Azure Open Management Infrastructure Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38648 High
Azure Open Management Infrastructure Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38649 High
Microsoft Office Microsoft Office Spoofing Vulnerability CVE-2021-38650 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-38651 High
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-38652 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2021-38653 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2021-38654 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-38655 High
Microsoft Office Word Microsoft Word Remote Code Execution Vulnerability CVE-2021-38656 High
Microsoft Office Microsoft Office Graphics Component Information Disclosure Vulnerability CVE-2021-38657 High
Microsoft Office Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2021-38658 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2021-38659 High
Microsoft Office Excel Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2021-38660 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2021-38661 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-38667 High
Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Tampering Vulnerability CVE-2021-38669 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-38671 High
Dynamics Business Central Control Microsoft Dynamics Business Central Cross-site Scripting Vulnerability CVE-2021-40440 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-40447 High
Microsoft Accessibility Insights for Android Microsoft Accessibility Insights for Android Information Disclosure Vulnerability CVE-2021-40448 High
Microsoft Edge for Android Microsoft Edge for Android Information Disclosure Vulnerability CVE-2021-26439 Medium
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30606 Use after free in Blink CVE-2021-30606 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30607 Use after free in Permissions CVE-2021-30607 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30608 Use after free in Web Share CVE-2021-30608 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30609 Use after free in Sign-In CVE-2021-30609 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30610 Use after free in Extensions API CVE-2021-30610 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30611 Use after free in WebRTC CVE-2021-30611 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30612 Use after free in WebRTC CVE-2021-30612 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30613 Use after free in Base internals CVE-2021-30613 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip CVE-2021-30614 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30615 Cross-origin data leak in Navigation CVE-2021-30615 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30616 Use after free in Media CVE-2021-30616 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30617 Policy bypass in Blink CVE-2021-30617 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30618 Inappropriate implementation in DevTools CVE-2021-30618 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30619 UI Spoofing in Autofill CVE-2021-30619 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink CVE-2021-30620 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30621 UI Spoofing in Autofill CVE-2021-30621 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30622 Use after free in WebApp Installs CVE-2021-30622 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30623 Use after free in Bookmarks CVE-2021-30623 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30624 Use after free in Autofill CVE-2021-30624 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-30632 Out of bounds write in V8 CVE-2021-30632 Unknown



About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.