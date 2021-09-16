Good news: September 14 Patch Tuesday fixes several zero-day vulnerabilities that were actively exploited by hackers. Thus, this new batch of patches fixes the CVE-2021-40444 flaw which was revealed last week and which concerns the Windows MSHTML web page rendering module. It allowed hackers to forge malicious Office documents capable of executing arbitrary code when opened by the user, and therefore potentially taking control of the system.

Microsoft also fixes the CVE-2021-36958 flaw, the last of the PrintNightmare vulnerabilities that still remained gaping. These were about ten bugs in Windows print spoolers that hackers could use for elevation of privilege or remote code execution. This was notably done in August by various hacker groups, such as Magniber, Vice Society, Bazar Loader or Purple Fox.

The French researcher Benjamin Delpy, who had revealed this last flaw, has also confirmed the correct functioning of this patch. The nightmare is well and truly over, provided of course that you install these updates. In total, this latest Patch Tuesday closes 66 security vulnerabilities.

Source: Bleeping Computer