Microsoft has pushed fixes for a total of 66 common vulnerabilities and exposures (CVEs), three critical and one moderate in severity, as well as the previously disclosed CVE-2021-40444 zero-day, in its September 2021 Patch Tuesday update.
CVE-2021-40444 is a remote code execution vulnerability in Microsoft MSHTML, a component used in Internet Explorer and Office, and a workaround to address it was made available last week.
Christopher Hass, director of information security and research at Automox, described CVE-2021-40444 as a particularly nasty vulnerability and recommended that security teams prioritise remediation.