REDLEGG BLOG

Critical Vulnerabilities Bulletin -September 2021

9/15/21 9:56 AM  |  by RedLegg Blog

Open Management Infrastructure Remote Code Execution Vulnerability

Identifier: CVE-2021-38647

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647

Description: CVE-2021-38647 allows an attacker to remotely execute code in Azure via the vulnerable Open Management Infrastructure component.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows Bind Filter Driver Elevation of Privilege Vulnerability 

Identifier: CVE-2021-36954

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36954

Description: CVE-2021-36954 allows an attacker to elevate privilege on a host with the vulnerable Bind Filter Driver. 

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

Identifier: CVE-2021-36965

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965

Description: CVE-2021-36965 allows an attacker to remotely execute code on a host via the vulnerable Windows WLAN AutoConfig component.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows Scripting Engine Memory Corruption Vulnerability

Identifier: CVE-2021-26435

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26435

Description:  CVE-2021-26435 allows an attacker to remotely execute code on a host via the vulnerable Windows Scripting Engine.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

Identifier: CVE-2021-36967

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/ CVE-2021-36967

Description: CVE-2021-36967 allows an attacker to to elevate privileges on a host via the vulnerable Windows WLAN AutoConfig component.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Microsoft MSHTML Remote Code Execution Vulnerability

Identifier: CVE-2021-40444

Exploit or POC: Yes.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

Description: CVE-2021-40444 allows an attacker to remotely execute code on a host via the vulnerable MSHTML component. This vulnerability is actively being exploited and used to install CobaltStrike payloads onto vulnerable hosts.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Microsoft has offered alternative mitigation steps if patching is not possible at this time. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

CVE

Product

Impact

CVSS v3

CVE-2021-38647

Azure Open Management Infrastructure

Remote Code Execution

9.8

CVE-2021-40444

Windows 10 Version 1607 for 32-bit Systems

Remote Code Execution

8.8

CVE-2021-36954

Windows 10 Version 1809 for 32-bit Systems

Elevation of Privilege

8.8

CVE-2021-36965

Windows 10 Version 1607 for 32-bit Systems

Remote Code Execution

8.8

CVE-2021-26435

Windows 10 Version 1607 for 32-bit Systems

Remote Code Execution

8.1

CVE-2021-36967

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

8

CVE-2021-38661

HEVC Video Extensions

Remote Code Execution

7.8

CVE-2021-38655

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

7.8

CVE-2021-38644

MPEG-2 Video Extension

Remote Code Execution

7.8

CVE-2021-38646

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

7.8

CVE-2021-38660

Microsoft Excel 2013 RT Service Pack 1

Remote Code Execution

7.8

CVE-2021-38658

Microsoft Office 2013 RT Service Pack 1

Remote Code Execution

7.8

CVE-2021-38659

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

7.8

CVE-2021-38653

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

7.8

CVE-2021-38654

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

7.8

CVE-2021-38656

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

7.8

CVE-2021-38645

Azure Open Management Infrastructure

Elevation of Privilege

7.8

CVE-2021-38648

Azure Open Management Infrastructure

Elevation of Privilege

7.8

CVE-2021-26434

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Elevation of Privilege

7.8

CVE-2021-36952

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Remote Code Execution

7.8

CVE-2021-38639

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36975

Windows 10 Version 1809 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38628

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38638

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36955

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36963

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38633

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36968

Windows 7 for 32-bit Systems Service Pack 1

Elevation of Privilege

7.8

CVE-2021-36964

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38630

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38625

Windows Server 2008 for 32-bit Systems Service Pack 2

Elevation of Privilege

7.8

CVE-2021-38626

Windows Server 2008 for 32-bit Systems Service Pack 2

Elevation of Privilege

7.8

CVE-2021-38667

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-40447

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38671

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36973

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36974

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-36966

Windows 10 Version 1809 for 32-bit Systems

Elevation of Privilege

7.8

CVE-2021-38650

Microsoft 365 Apps for Enterprise for 32-bit Systems

Spoofing

7.6

CVE-2021-38651

Microsoft SharePoint Enterprise Server 2016

Spoofing

7.6

CVE-2021-38652

Microsoft SharePoint Enterprise Server 2016

Spoofing

7.6

CVE-2021-36960

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

7.5

CVE-2021-38634

Windows 10 Version 1607 for 32-bit Systems

Elevation of Privilege

7.1

CVE-2021-38649

Azure Open Management Infrastructure

Elevation of Privilege

7

CVE-2021-38629

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

6.5

CVE-2021-38624

Windows 10 Version 1607 for 32-bit Systems

Security Feature Bypass

6.5

CVE-2021-38669

Microsoft Edge (Chromium-based)

Tampering

6.4

CVE-2021-40448

Accessibility Insights for Android

Information Disclosure

6.3

CVE-2021-26436

Microsoft Edge (Chromium-based)

Elevation of Privilege

6.1

CVE-2021-38641

Microsoft Edge (Chromium-based)

Spoofing

6.1

CVE-2021-38642

Microsoft Edge (Chromium-based)

Spoofing

6.1

CVE-2021-38657

Microsoft 365 Apps for Enterprise for 32-bit Systems

Remote Code Execution

6.1

CVE-2021-38632

Windows 10 Version 1607 for 32-bit Systems

Security Feature Bypass

5.7

CVE-2021-26437

Visual Studio Code

Spoofing

5.5

CVE-2021-36959

Windows 10 Version 1607 for 32-bit Systems

Spoofing

5.5

CVE-2021-36961

Windows 10 Version 1607 for 32-bit Systems

Denial of Service

5.5

CVE-2021-36962

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

5.5

CVE-2021-36969

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

5.5

CVE-2021-38635

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

5.5

CVE-2021-38636

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

5.5

CVE-2021-36972

Windows 10 Version 1607 for 32-bit Systems

Information Disclosure

5.5

CVE-2021-38637

Windows 10 Version 1809 for 32-bit Systems

Information Disclosure

5.5

CVE-2021-40440

Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10

Spoofing

5.4

CVE-2021-36930

Microsoft Edge (Chromium-based)

Elevation of Privilege

5.3

CVE-2021-26439

Microsoft Edge for Android

Information Disclosure

4.6

CVE-2021-36956

Azure Sphere

Information Disclosure

4.4

CVE-2021-30606

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30607

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30608

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30609

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30610

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30611

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30612

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30613

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30614

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30615

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30616

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30617

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30618

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30619

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30620

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30621

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30622

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30623

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30624

Microsoft Edge (Chromium-based)

-

0

CVE-2021-30632

Microsoft Edge (Chromium-based)

-

0

 

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin