CVE-2021-36966: Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2021-36966 [HIGH] CWE-269 GHSA-r8fw-c3wm-75m3: Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2021-36966 [HIGH] Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux: Windows Subsystem for Linux Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005568 Reference: https://support.microsoft.com/help/5005568 Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005566 Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005565 Reference: https://support.microsoft.com/help/5005565

CVE-2021-40444 [HIGH] Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities ## Microsoft Patch Tuesday – September 2021 Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important. ## Critical Microsoft Vulnerabilities Patched CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.