Description:

Microsoft has released security updates to address several vulnerabilities in the following products:

• Azure Open Management Infrastructure
• Azure Sphere
• Dynamics Business Central Control
• Microsoft Accessibility Insights for Android
• Microsoft Edge (Chromium-based)
• Microsoft Edge for Android
• Microsoft MPEG-2 Video Extension
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows DNS
• Visual Studio
• Windows Ancillary Function Driver for WinSock
• Windows Authenticode
• Windows Bind Filter Driver
• Windows BitLocker
• Windows Common Log File System Driver
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Key Storage Provider
• Windows MSHTML Platform
• Windows Print Spooler Components
• Windows Redirected Drive Buffering
• Windows Scripting
• Windows SMB
• Windows Storage
• Windows Subsystem for Linux
• Windows TDX.sys
• Windows Update
• Windows Win32K
• Windows WLAN Auto Config Service
• Windows WLAN Service

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Elevation of privilege
• Policy bypass
• Information disclosure
• Remote code execution

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep

* The products support automatic updating to the latest available version.