Critical Vulnerabilities Bulletin -September 2021

9/15/21 9:56 AM | by RedLegg Blog

Open Management Infrastructure Remote Code Execution Vulnerability

Identifier: CVE-2021-38647

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647

Description: CVE-2021-38647 allows an attacker to remotely execute code in Azure via the vulnerable Open Management Infrastructure component.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows Bind Filter Driver Elevation of Privilege Vulnerability

Identifier: CVE-2021-36954

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36954

Description: CVE-2021-36954 allows an attacker to elevate privilege on a host with the vulnerable Bind Filter Driver.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

Identifier: CVE-2021-36965

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965

Description: CVE-2021-36965 allows an attacker to remotely execute code on a host via the vulnerable Windows WLAN AutoConfig component.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows Scripting Engine Memory Corruption Vulnerability

Identifier: CVE-2021-26435

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26435

Description: CVE-2021-26435 allows an attacker to remotely execute code on a host via the vulnerable Windows Scripting Engine.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

Identifier: CVE-2021-36967

Exploit or POC: No.

Update: https://msrc.microsoft.com/update-guide/vulnerability/ CVE-2021-36967

Description: CVE-2021-36967 allows an attacker to to elevate privileges on a host via the vulnerable Windows WLAN AutoConfig component.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Patching is currently the only mitigation.

Microsoft MSHTML Remote Code Execution Vulnerability

Identifier: CVE-2021-40444

Exploit or POC: Yes.

Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

Description: CVE-2021-40444 allows an attacker to remotely execute code on a host via the vulnerable MSHTML component. This vulnerability is actively being exploited and used to install CobaltStrike payloads onto vulnerable hosts.

Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Microsoft has offered alternative mitigation steps if patching is not possible at this time. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

CVE	Product	Impact	CVSS v3
CVE-2021-38647	Azure Open Management Infrastructure	Remote Code Execution	9.8
CVE-2021-40444	Windows 10 Version 1607 for 32-bit Systems	Remote Code Execution	8.8
CVE-2021-36954	Windows 10 Version 1809 for 32-bit Systems	Elevation of Privilege	8.8
CVE-2021-36965	Windows 10 Version 1607 for 32-bit Systems	Remote Code Execution	8.8
CVE-2021-26435	Windows 10 Version 1607 for 32-bit Systems	Remote Code Execution	8.1
CVE-2021-36967	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	8
CVE-2021-38661	HEVC Video Extensions	Remote Code Execution	7.8
CVE-2021-38655	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	7.8
CVE-2021-38644	MPEG-2 Video Extension	Remote Code Execution	7.8
CVE-2021-38646	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	7.8
CVE-2021-38660	Microsoft Excel 2013 RT Service Pack 1	Remote Code Execution	7.8
CVE-2021-38658	Microsoft Office 2013 RT Service Pack 1	Remote Code Execution	7.8
CVE-2021-38659	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	7.8
CVE-2021-38653	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	7.8
CVE-2021-38654	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	7.8
CVE-2021-38656	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	7.8
CVE-2021-38645	Azure Open Management Infrastructure	Elevation of Privilege	7.8
CVE-2021-38648	Azure Open Management Infrastructure	Elevation of Privilege	7.8
CVE-2021-26434	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	Elevation of Privilege	7.8
CVE-2021-36952	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	Remote Code Execution	7.8
CVE-2021-38639	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36975	Windows 10 Version 1809 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38628	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38638	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36955	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36963	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38633	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36968	Windows 7 for 32-bit Systems Service Pack 1	Elevation of Privilege	7.8
CVE-2021-36964	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38630	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38625	Windows Server 2008 for 32-bit Systems Service Pack 2	Elevation of Privilege	7.8
CVE-2021-38626	Windows Server 2008 for 32-bit Systems Service Pack 2	Elevation of Privilege	7.8
CVE-2021-38667	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-40447	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38671	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36973	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36974	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-36966	Windows 10 Version 1809 for 32-bit Systems	Elevation of Privilege	7.8
CVE-2021-38650	Microsoft 365 Apps for Enterprise for 32-bit Systems	Spoofing	7.6
CVE-2021-38651	Microsoft SharePoint Enterprise Server 2016	Spoofing	7.6
CVE-2021-38652	Microsoft SharePoint Enterprise Server 2016	Spoofing	7.6
CVE-2021-36960	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	7.5
CVE-2021-38634	Windows 10 Version 1607 for 32-bit Systems	Elevation of Privilege	7.1
CVE-2021-38649	Azure Open Management Infrastructure	Elevation of Privilege	7
CVE-2021-38629	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	6.5
CVE-2021-38624	Windows 10 Version 1607 for 32-bit Systems	Security Feature Bypass	6.5
CVE-2021-38669	Microsoft Edge (Chromium-based)	Tampering	6.4
CVE-2021-40448	Accessibility Insights for Android	Information Disclosure	6.3
CVE-2021-26436	Microsoft Edge (Chromium-based)	Elevation of Privilege	6.1
CVE-2021-38641	Microsoft Edge (Chromium-based)	Spoofing	6.1
CVE-2021-38642	Microsoft Edge (Chromium-based)	Spoofing	6.1
CVE-2021-38657	Microsoft 365 Apps for Enterprise for 32-bit Systems	Remote Code Execution	6.1
CVE-2021-38632	Windows 10 Version 1607 for 32-bit Systems	Security Feature Bypass	5.7
CVE-2021-26437	Visual Studio Code	Spoofing	5.5
CVE-2021-36959	Windows 10 Version 1607 for 32-bit Systems	Spoofing	5.5
CVE-2021-36961	Windows 10 Version 1607 for 32-bit Systems	Denial of Service	5.5
CVE-2021-36962	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	5.5
CVE-2021-36969	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	5.5
CVE-2021-38635	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	5.5
CVE-2021-38636	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	5.5
CVE-2021-36972	Windows 10 Version 1607 for 32-bit Systems	Information Disclosure	5.5
CVE-2021-38637	Windows 10 Version 1809 for 32-bit Systems	Information Disclosure	5.5
CVE-2021-40440	Microsoft Dynamics 365 Business Central 2020 Release Wave 2 ‚Äì Update 17.10	Spoofing	5.4
CVE-2021-36930	Microsoft Edge (Chromium-based)	Elevation of Privilege	5.3
CVE-2021-26439	Microsoft Edge for Android	Information Disclosure	4.6
CVE-2021-36956	Azure Sphere	Information Disclosure	4.4
CVE-2021-30606	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30607	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30608	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30609	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30610	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30611	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30612	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30613	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30614	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30615	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30616	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30617	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30618	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30619	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30620	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30621	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30622	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30623	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30624	Microsoft Edge (Chromium-based)	-	0
CVE-2021-30632	Microsoft Edge (Chromium-based)	-	0

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...

Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...