-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: September 14, 2021
**************************************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2021-1678
* CVE-2021-36958
* CVE-2021-40444
CVE-2021-1678
- Windows Print Spooler Spoofing Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1678
- Version 2.0
- Reason for Revision: CVE updated to announce that Microsoft is releasing the
September 2021 security updates for all affected versions of Windows to address
this vulnerability. Additionally, other information has been updated, including
the following: 1) The CVE title and impact have been changed to better reflect
the vulnerability. 2) FAQs have been added. 3) Acknowledgement has been updated.
- Originally posted: January 12, 2021
- Updated: September 14, 2021
CVE-2021-36958
- Windows Print Spooler Remote Code Execution Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
- Version 2.0
- Reason for Revision: CVE updated to announce that Microsoft is releasing the
September 2021 security updates for all affected versions of Windows to address
this vulnerability. Additionally, other information has been updated, including the
following: 1) Executive Summary has been updated 2) Workarounds have been removed as
they are no longer applicable 3) FAQs have been updated to reflect the release of the
September 2021 security updates.
- Originally posted: August 11, 2021
- Updated: September 14, 2021
CVE-2021-40444
- Microsoft MSHTML Remote Code Execution Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
- Version 2.0
- Reason for Revision: CVE updated to announce that Microsoft is releasing security
updates for all affected versions of Windows to address this vulnerability. These
updates include Monthly Rollups, Security Only, and IE Cumulative updates. Please
see the FAQ for information on which updates are applicable to your system. Other
information has been updated as well, including the following: 1) Executive Summary
has been updated 2) FAQs have been added.
- Originally posted: September 7, 2021
- Updated: September 14, 2021
**************************************************************************************
The following CVE was assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see Google Chrome Releases (https://chromereleases.googleblog.com/2021) for more information.
See
for more information about third-party CVEs in the Security Update Guide.
* CVE-2021-30632
**************************************************************************************
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email.
