Further to our Security Alert (A21-09-04a) issued on 13.9.2021, Microsoft has released security updates to address the vulnerability (CVE-2021-40444) that is being actively exploited in the wild. A successful attack could lead to remote code execution on an affected system.
Please note that systems running Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both the Security Only and the IE Cumulative updates. For detailed information, please refer to the following vendor's URL:
Reports indicated that the technical details of an elevation of privilege vulnerability in Microsoft Windows 7 and Windows Server 2008 (CVE-2021-36968) was publicly disclosed and hence the vulnerability is at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that the extended support for Windows 7 and Windows Server 2008 was ceased on 14 January 2020 and security updates will only be provided after the Extended Security Update is purchased. Users should arrange upgrading the Windows or migrating to other supported technology.