Skip to content

Patch Tuesday September 2021

Jordan Hammond fun headshot
Jordan Hammond|Updated September 14, 2021
Fallish Vibes
Fallish Vibes

Patch Tuesday is back! This happens every second Tuesday of the month so I assume nobody was surprised here. 2021 has been pretty consistent so far, which means fewer total patches per month, but more that have gotten out into the wild before they can be patched. Overall we have 66 total patches with 3 of them critical. 2 of the patches are publicly known already with 1 of them already actively exploited. The actively exploited patch is CVE-2021-40444 which was the zero-day that was discovered a week before Patch Tuesday. The workaround has been out for over a week, but now you can fix it with an official patch.

Some Highlights (Or Lowlights)

CVE-2021-40444 - This is a zero-day that was discovered a week before patch Tuesday. It made it possible for remote code execution through ActiveX. It did require a user to click on the corrupted file, and users with lower permissions would have been protected from themselves by a small margin. The official workaround was to disable ActiveX through group policy. If you have not done that, do not worry the official patch can now be installed!

CVE-2021-36965 - This is a Remote Code Execution exploit for the WLAN AutoConfig Service. It is critical with a CVE score of 8.8. It does not require user interaction or privileges with a low complexity to implement, which usually would result in a score much higher. It is dropped a bit because the attack vector is adjacent, which means to implement this attack they would need to have access to the physical or logical network. A barrier that is not impossible, but makes what appears like it could be worm-able to have a score lower than you might usually expect. 

CVE-2021-38647 - This is by far the highest-rated CVE at a 9.8. It impacts Open Management Infrastructure, which is open source software on GitHub. This one requires no user interaction or privileges. This one is a little strange as it is not really fixed through Microsoft as OMI is run on Linux, but it is possible for Microsoft to interact with it, and through that be exploited. If you use OMI you will want to get your Linux machines patched. For more information here is a link to their GitHub

Wrapping Up

It seems like patching has a new normal, gone are the days of 100 plus exploits being patched, with up to 20 being rated as critical. In its place, we have half the patches, but every month we are dealing with exploits that are getting out in the wild before they can be patched. I would personally rather deal with greater numbers over more pressing threats. As threats become more pressing the need for a quicker response is greater than ever before. PDQ Deploy and PDQ Inventory can help you take control of patching, in almost no time you can automate the entire process. All you will need to do is kick up your feet and read the report about how all of your systems patched while you had been forced to attend your pre-meeting meeting to outline how future meetings should go.

Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet.

Related articles