Microsoft Security Update Summary (September 14, 2021)

Update[German]On September 14, Microsoft released security updates for Windows clients and servers, for Office, etc. – as well as for other products – were released. These include fixes for PrintNightmare as well as for the MSHTML vulnerability. Below is a compact overview of these updates released on Patchday.


Advertising

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office, etc. are available in separate blog posts.

Notes on the updates

Windows 10 version 2004, 20H2 and 21H1 share a common core and have an identical set of system files. Therefore, the same security update will be delivered for these Windows 10 versions. Information on how to enable the features of Windows 10 version 1909 as well as 20H2, which is done through an Enablement Package update, can be found in this tech community post.

All Windows 10 updates are cumulative. The monthly Patchday update includes all security fixes for Windows 10 and all non-security fixes through Patchday. In addition to vulnerability security patches, the updates include security enhancement measures. Microsoft is integrating the Servicing Stack Updates (SSUs) into the Latest Cumulative Updates (LCUs) for newer versions of Windows 10. A list of the latest SSUs can be found at ADV990001(although the list is not always up-to-date).

Windows 7 SP1 is no longer supported as of January 2020. Only customers with a 2nd year ESU license (or bypasses) will still receive updates. With the current ESU bypass lets install the update. Updates can also be downloaded from the Microsoft Update Catalog . Updates for Windows RT 8.1 and Microsoft Office RT are only available through Windows Update.

Fixed vulnerabilities

The September 2021 security updates close vulnerabilities (60 CVEs, 3 of them critical) in Microsoft products. A list of all covered CVEs can be found on this Microsoft page. The vulnerability in MSHTML (see Disaster Windows MSHTML vulnerability CVE-2021-40444, hopefully a patch will come today) is said to have been patched. Furthermore, there is a fix for CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability),  CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability), CVE-2021-38633, CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerability) and the recurring fixed vulnerability CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability). Qualys has listed all the fixed vulnerabilities on this web page.


Advertising

Critical Security Updates

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)
Windows Server 2019
Windows Server 2019  (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
HEVC Video Extensions
MPEG-2 Video Extension
Azure Open Management Infrastructure

Important Security Updates

Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Edge (Chromium-based)
Microsoft Edge for Android
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 – 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 – 16.8)
Visual Studio Code
Accessibility Insights for Android
Accessibility Insights for Android Service – v2.0.0
Azure Sphere
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 – Update 18.5

Similar articles
Microsoft Office Patchday (September 7, 2021)
Microsoft Security Update Summary (September 14, 2021)
Patchday: Windows 10-Updates (September 14, 2021)
Patchday: Windows 8.1/Server 2012 Updates (September 14, 2021)
Patchday: Updates for Windows 7/Server 2008 R2 (September 14, 2021)
Patchday Microsoft Office Updates (September 14, 2021)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Office, Security, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.