It is a good idea to patch this vulnerability as soon as possible and to take preventative steps in the future by only connecting to secure Wi-Fi networks.ģ. In other words, users are vulnerable if they use unsecured networks such as those used in coffee shops or similar public locations where multiple people connect to the same network. A thing to note is that this vulnerability requires no privileges or user interactions, only that the victim and the attacker are on the same network. CVE-2021-36965, another interesting critical flaw that allows remote code execution in WLAN AutoConfig, the component in Windows 10 and many Server versions that handles auto connections to Wi-Fi networks.
#APPLE SECURITY UPDATE SEPTEMBER 2021 INSTALL#
It is worth bearing in mind that code to exploit the flaw has been discovered in active attacks by ‘Expmon’ and ‘Mandiant’, so install the update as soon as possible.Ģ.
CVE-2021-40444: This critical zero-day vulnerability in MSHTML exploited through Microsoft Office applications as well as other Microsoft products and cloud services, allows the attacker to create a maliciously crafted ActiveX control and embed the code into an Office document that calls the ActiveX control when the document gets opened or previewed. Let’s drill down into those three critical vulnerabilities specifically:ġ. Only three vulnerabilities from this month’s round have been rated critical. This month’s edition addressed a total of 66 vulnerabilities in addition to the 20 Chromium-based CVEs patched by Microsoft Edge earlier this month. It’s been a busy few weeks with several of these hitting mainstream news outlets again, so let’s get started: Microsoft Welcome to the September patch roundup blog, where we cover the latest in patch releases and vulnerability information from Microsoft, Adobe, VMware and the other major vendors.