Hello, welcome to the Wednesday, September 15th, 2000, 21 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida, and again, teaching virtually in Reston, Virginia.

Microsoft's patch Tuesday, of course, really evaded this time because we do have the MSHtml

vulnerability CVE 2021-40444, and indeed Microsoft didn't disappoint, we did get a patch for this vulnerability.

Patches are available for all affected versions of Windows,

and of course it's critical that you install these patches with exploits being widely available

for this vulnerability. But this wasn't the only vulnerability of interest that Microsoft

patched this month.

We also got three more vulnerabilities that are being patched here for Windows print spooler

elevation of privilege vulnerabilities.

So more of the print nightmare type vulnerabilities, even though none of these vulnerabilities is apparently currently

being exploited or was released prior to this patch. Something you probably also want to

address quickly is vulnerability affecting the Windows WELAN auto-config service.

This would allow an attacker who has access to the same network

to execute code on your system,

given that this affects Wi-Fi,

while being on the same network,

is probably not such a big deal in particular if you are connecting to random open networks.

Microsoft also patched vulnerability in the open management infrastructure.

This is an open source product that Microsoft publishes that does implement the web-based enterprise management protocol standards.

The vulnerability, again, may be used for remote code execution, but not sure how widely

it's used, but probably for people who do use this tool, it is rather important.

...