The September Patch Tuesday updates are rolling out today

Reading time icon 5 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Are you ready for a brand new batch of important software updates?
  • Well, Microsoft will release them today, as a part of Patch Tuesday.
  • You can catch up on what the tech giant put out in the previous months.
  • Also, learn what we can expect from the Redmond company in September.
Patch Tuesday intro

September is here, and with it comes yet another batch of Patch Tuesday updates that many users have been eagerly waiting for.

As with all the other Patch Tuesday updates of previous months, these bring a host of changes, fixes, and improvements to all supported versions of the Windows OS.

Microsoft announced the presence of CVE-2021-40444 on Wednesday, a vulnerability that is reported both as Publicly Disclosed and Known Exploited.

This particular vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office.

What can we expect from the September Patch Tuesday?

If you like to keep yourself up to date with everything that the Redmond-based tech company does during these Patch Tuesday events, you surely remember last month’s batch.

Pressed by serious security concerns, Microsoft released a huge number of security fixes, meant to sort out some exploits that were going on in the wild.

Redmond officials included a detailed workaround to disable the installation of all ActiveX controls in Internet Explorer which will mitigate this attack.

Watch for an update that addresses this vulnerability otherwise you will need to consider this mitigation to address the issue in the short term until a fix is released. The CVSS 3.0 score is 8.8.

The zero-day vulnerabilities that Microsoft has tracked as being actively exploited were patched in August 2021, as follows: 

TagCVE IDCVE TitleSeverity
.NET Core & Visual StudioCVE-2021-34485.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
.NET Core & Visual StudioCVE-2021-26423.NET Core and Visual Studio Denial of Service VulnerabilityImportant
ASP.NET Core & Visual StudioCVE-2021-34532ASP.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
AzureCVE-2021-36943Azure CycleCloud Elevation of Privilege VulnerabilityImportant
AzureCVE-2021-33762Azure CycleCloud Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2021-26428Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-26430Azure Sphere Denial of Service VulnerabilityImportant
Azure SphereCVE-2021-26429Azure Sphere Elevation of Privilege VulnerabilityImportant
Microsoft Azure Active Directory ConnectCVE-2021-36949Microsoft Azure Active Directory Connect Authentication Bypass VulnerabilityImportant
Microsoft DynamicsCVE-2021-36946Microsoft Dynamics Business Central Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2021-36950Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2021-34524Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-30591Chromium: CVE-2021-30591 Use after free in File System APIUnknown
Microsoft Edge (Chromium-based)CVE-2021-30592Chromium: CVE-2021-30592 Out of bounds write in Tab GroupsUnknown
Microsoft Edge (Chromium-based)CVE-2021-30597Chromium: CVE-2021-30597 Use after free in Browser UIUnknown
Microsoft Edge (Chromium-based)CVE-2021-30594Chromium: CVE-2021-30594 Use after free in Page Info UIUnknown
Microsoft Edge (Chromium-based)CVE-2021-30596Chromium: CVE-2021-30596 Incorrect security UI in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2021-30590Chromium: CVE-2021-30590 Heap buffer overflow in BookmarksUnknown
Microsoft Edge (Chromium-based)CVE-2021-30593Chromium: CVE-2021-30593 Out of bounds read in Tab StripUnknown
Microsoft Graphics ComponentCVE-2021-34530Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-34533Windows Graphics Component Font Parsing Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-34478Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-36940Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2021-36941Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Scripting EngineCVE-2021-34480Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-36937Windows Media MPEG-4 Video Decoder Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2021-34535Remote Desktop Client Remote Code Execution VulnerabilityCritical
Windows Bluetooth ServiceCVE-2021-34537Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2021-36938Windows Cryptographic Primitives Library Information Disclosure VulnerabilityImportant
Windows DefenderCVE-2021-34471Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-34486Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-34487Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-26425Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2021-36927Windows Digital TV Tuner device registration application Elevation of Privilege VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-34534Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
Windows NTLMCVE-2021-36942Windows LSA Spoofing VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-34483Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-36947Windows Print Spooler Remote Code Execution VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-36936Windows Print Spooler Remote Code Execution VulnerabilityCritical
Windows Services for NFS ONCRPC XDR DriverCVE-2021-36933Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Services for NFS ONCRPC XDR DriverCVE-2021-26433Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Services for NFS ONCRPC XDR DriverCVE-2021-36932Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Services for NFS ONCRPC XDR DriverCVE-2021-26432Windows Services for NFS ONCRPC XDR Driver Remote Code Execution VulnerabilityCritical
Windows Services for NFS ONCRPC XDR DriverCVE-2021-36926Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34536Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2021-26424Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows UpdateCVE-2021-36948Windows Update Medic Service Elevation of Privilege VulnerabilityImportant
Windows Update AssistantCVE-2021-36945Windows 10 Update Assistant Elevation of Privilege VulnerabilityImportant
Windows Update AssistantCVE-2021-26431Windows Recovery Environment Agent Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2021-34484Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2021-26426Windows User Account Profile Picture Elevation of Privilege VulnerabilityImportant

However, this month we can expect a limited number of CVEs addressed across all the operating systems as Microsoft comes back from final summer vacation.

We’re now past the halfway point for the Extended Security Updates (ESUs) for Windows 7 and Server 2008/2008 R2 so anyone running these operating systems should be working on an upgrade scheme.

Also, with CVE-2021-40444 announced, we should definitely see an Internet Explorer update.

If you were wondering about Adobe Acrobat and Reader, know that they will be updated, as Adobe provided a Prenotification Security Advisory APSB21-55.

So this should be a fairly easy September Patch Tuesday but enjoy it while it lasts because this is actually the calm before the storm.

As we know, software updates typically pick up in October and November prior to the end-of-year holidays and we also need to factor in adding support for the release of all these new operating systems.