Description

Microsoft has released September 2021 security updates to fix found vulnerabilities in their software products and features that include, but not limited to:

• Windows OS: versions 7, 8, 8.1 and 10
• Microsoft Office: versions 2013, 2016 and 2019
• Windows Server: versions 2012, 2016, 2019 and 2022
• Azure

The released security updates fix about 60 vulnerabilities that include 2 zero-day vulnerabilities, CVE-2021-36968 and CVE-2021-40444 and another rated as critical, CVE-2021-36958.

Security Risks

If the identified vulnerabilities in Microsoft products are not patched, malicious actors can exploit them to gain control of vulnerable systems with elevated privileges.

For the full list of security patches released by Microsoft, please refer to Microsoft Security Update Guide.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends all users and system administrators to:

1. apply the latest security patches as soon as possible to prevent malware and malicious actors from exploiting and gaining unauthorized  control over unpatched systems. 

   • To apply the latest security updates for Windows OS, select the Start button, go to Settings → Update & Security → Windows Update → Check for Updates and click on Install Now;

2. upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches. The following Microsoft software reached their end-of-life and need to be upgraded immediately:

• Windows XP, 8, 7;
• Windows Server 2008, 2008 RE;
• and Windows Exchange Server 2010.

    3.   Before any update task, please ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to: rwcsirt@ncsa.gov.rw or call us on 9009

References

September 2021 Security Updates

Security Update Guide