back to article Microsoft's end-of-summer software security cleanse crushes more than 80 bugs

For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge. Affected products include: Azure, Edge (Android, Chromium, and iOS), Office, SharePoint Server, Windows, Windows DNS, and the Windows Subsystem for Linux. Of these CVEs, three are rated …

  1. A random security guy Bronze badge

    OMIGOD, Microsoft's secret agent that compromises Linux

    Microsoft just can't seem to get it right.

    From: https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution

    "When customers set up a Linux virtual machine in their cloud, the OMI agent is automatically deployed without their knowledge when they enable certain Azure services. Unless a patch is applied, attackers can easily exploit these four vulnerabilities to escalate to root privileges and remotely execute malicious code (for instance, encrypting files for ransom)."

    Today Microsoft issued the following CVEs for OMIGOD and made a patch available to customers during their Patch Tuesday release:

    CVE-2021-38647 – Unauthenticated RCE as root (Severity: 9.8)

    CVE-2021-38648 – Privilege Escalation vulnerability (Severity: 7.8)

    CVE-2021-38645 – Privilege Escalation vulnerability (Severity: 7.8)

    CVE-2021-38649 – Privilege Escalation vulnerability (Severity: 7.0)

    1. diodesign (Written by Reg staff) Silver badge

      Re: OMIGOD

      Yeah, it's in that big box in the story, BTW.

      C.

  2. Anonymous Coward
    Anonymous Coward

    What doesnt appear to be mentioned in these releases is that it will break printing for older clients. It will also require type 4 print drivers for those that wish to install without admin rights, even when the option is turned on to allow all users. Type 3 will ask do you trust this driver and require admin to continue. This will happen for all drivers as they will be redeployed after this months updates.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021