Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0182 Microsoft Patch Tuesday update for Microsoft Edge for September 2021 15 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge Operating System: Windows Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-38669 CVE-2021-38642 CVE-2021-38641 CVE-2021-36930 CVE-2021-30632 CVE-2021-30624 CVE-2021-30623 CVE-2021-30622 CVE-2021-30621 CVE-2021-30620 CVE-2021-30619 CVE-2021-30618 CVE-2021-30617 CVE-2021-30616 CVE-2021-30615 CVE-2021-30614 CVE-2021-30613 CVE-2021-30612 CVE-2021-30611 CVE-2021-30610 CVE-2021-30609 CVE-2021-30608 CVE-2021-30607 CVE-2021-30606 CVE-2021-26439 CVE-2021-26436 Reference: ASB-2021.0178 ASB-2021.0176 OVERVIEW Microsoft has released its monthly security patch update for the month of September 2021. This update resolves 26 vulnerabilities across the following product(s): [1] Microsoft Edge (Chromium-based) Microsoft Edge for Android IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-26436 Elevation of Privilege Important CVE-2021-26439 Information Disclosure Moderate CVE-2021-30606 -na- -na- CVE-2021-30607 -na- -na- CVE-2021-30608 -na- -na- CVE-2021-30609 -na- -na- CVE-2021-30610 -na- -na- CVE-2021-30611 -na- -na- CVE-2021-30612 -na- -na- CVE-2021-30613 -na- -na- CVE-2021-30614 -na- -na- CVE-2021-30615 -na- -na- CVE-2021-30616 -na- -na- CVE-2021-30617 -na- -na- CVE-2021-30618 -na- -na- CVE-2021-30619 -na- -na- CVE-2021-30620 -na- -na- CVE-2021-30621 -na- -na- CVE-2021-30622 -na- -na- CVE-2021-30623 -na- -na- CVE-2021-30624 -na- -na- CVE-2021-30632 -na- -na- CVE-2021-36930 Elevation of Privilege Important CVE-2021-38641 Spoofing Important CVE-2021-38642 Spoofing Important CVE-2021-38669 Tampering Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUGLMuNLKJtyKPYoAQhAWA//dovjvP4XuKI0zxNLIiZs7pctuAYBb4ME JTLo27wDQgL/sPeJdClWmvO7qI0+XoXYqAxLw+L5xpbDyQl+NWmXxf8qABGYhWRH vutwrdsf/ksyhYuV7851PRxViERZaasTjDkGQjcP2GJNWVEyUMgHr1LBlA0ZyhDW rKDnYzJsrNne+OMfXS9i2iKbJBmjnOnkGtDVxUHNEbqWLnUn0pZJhk43awjJ7uvF zGCildpDgZ2WC05EWD720Y/iUGOaepA8qJtXXsvFvyjb5HGxHPqCxg+GN2jrpgVl fSoSTCkpi8rkzm5fERXeCCRvzI2zuzSJe9fZhOboC4ha/NvBicxaKgXP0O2c904g p9GGrOevSpUmU5tFTv4xvNf8Us+1vgsUaE+gM90fiHKhzqYOjTjZGBpwHZloq88M unUKL8QrxAydmyKWzatP0/3L/CjRDyXrnACSl5VVDDtDka27M00R31M8aiDFqanH GO0eLCYN2iiYM6/gS3LySQ8SmbsZI4hCtR/5O2H6JD0Zb0n5Gj4iFnZF1WiK/CrT 9cbuhv0Ldk/RsllgKp4aA4suQer+s9aq+P1uLZaXnPQB5723mZQpOf1K76xbqJ2Z TLuqkM8hf8gwn0/s9iUx5hjmZm2noxGIjXJKK2zoWCM4q3uTo+5h62oLsdHRyOhs 7hkLWHssgeY= =bQhJ -----END PGP SIGNATURE-----