The recent trend with zero-day vulnerabilities continued in September: the information on zero-day vulnerability was publicly disclosed about a week before the Patch Tuesday. Apparently the zero-day vulnerability was not considered too big a threat, as no out-of-band patch was released. September’s total vulnerability count was a pretty standard 84.

This month’s zero-day vulnerability is known as CVE-2021-40444 (CVSS scoring of 8.8). There is also an alternative protection for this vulnerability, and you can find more information on that in the Workarounds section of the vulnerability article. September also saw another publicly disclosed vulnerability, CVE-2021-36968, with a CVSS scoring of 7.8. This month’s highest CVSS scoring goes to the vulnerability CVE-2021-38647.

Key points

  • CVE-2021-40444
    • Absolute recommendation to update as soon as possible.
    • Alternative fix can be found in the vulnerability article’s Workarounds section.

There were five more publicly disclosed vulnerabilities fixed this month.
CVE-2021-36968

Active and known issues in Windows operating systems

Operating System Active known issues (previous month)
Windows 10, version 21H1 and Windows Server, version 21H1 1 (2)
Windows 10, version 20H2 and Windows Server, version 20H2 1 (2)
Windows 10, version 2004 and Windows Server, version 2004 1 (2)
Windows 10, versions 1909* and 1903*, and Windows Server, version 1903** 0 (0) Support has ended for Windows 10 version 1903.
Windows 10, version 1809**, and Windows Server 2019 2 (2) Support has ended for Windows 10 version 1803.
Windows 10, version 1803** Support has ended.
Windows 10, version 1709***, and Windows Server, version 1709 Support has ended.
Windows 10, version 1703*** Support has ended.
Windows 10, version 1607 LTSC*** and Windows Server 20162 0
Windows 8.1**** and Windows Server 2012 R2 1 (1)
Windows Server 2012 1 (1)
Windows 7**** and Windows Server 2008 R2 SP1 1 (2)
  • * 1909 has the same operating system core and identical system files as its predecessor, 1903.
  • ** The support for Windows 10’s build in question has ended for versions Home, Pro, and Enterprise.
  • *** The support for Windows 10’s build in question has ended for all versions.
  • **** The Mainstream support period for the Windows version has ended. Extended support periods end: For Windows 8.1, on Jan 10th 2023, and for Windows 7, on Jan 14th 2020.

Recommended actions

The critical, zero-day, and publicly disclosed vulnerabilities mentioned in the beginning should be patched as soon as possible. CVE-2021-40444 is the vulnerability you should prioritize. If for some reason the patch can’t be installed you should definitely check the MSRC article mentioned before and see whether any of the alternative ways could be used to mitigate the vulnerability.

Organizations should make sure their devices have one of the three most recent Windows 10 property versions (21H1, 20H2, or 2004), meaning their devices are still getting their monthly security patches.

However, Centero recommends testing the updates carefully before migrating them into production. In addition, you should go through any known issues before deploying the updates.

Microsoft’s documentation on the subject

Microsoft maintains a list of Windows updates and their known issues on the following pages. You can find additional information on Windows-versions’ lifecycle behind the last link.

 

With Centero Software Manager Cloud and  CSM Cloud for Servers, your devices get these and other updates in a managed way, according to the configuration you have selected. Read more on Centero Software Manager here.

Read more on this topic:

CSM for Intune in Production Usage Starting on December 1

At the beginning of November 2019, we released CSM for Intune for the preview phase, after which our customers could activate the service for themselves. The product has been officially in the production phase since December 1. During the preview phase, we received a lot of good feedback from customers who had used the service, […]

Comparing Patch Management solutions – Part 1/12 – Background on the comparison

We are launching a series of blog posts based on our Patch Management Tools’ Comparison, conducted in 2019. We’ll start the blog series by explaining the background of the tool comparison. Hop along and dive into the world of Patch Management!