You are currently viewing Patch Tuesday: Microsoft Security Bulletin Summary for March 2021

Patch Tuesday: Microsoft Security Bulletin Summary for March 2021

Microsoft has released March Patch Tuesday security updates. The updates address 82 vulnerabilities in the family of Windows operating systems and related products. Among them, 10 are classified as Critical, and 72 are classified as Important. Bugs with a critical rating can be exploited by malware or an adversary with little or no help from the user.

These numbers do not include 7 Microsoft Exchange and other Chromium Edge vulnerabilities released earlier this month. Microsoft has also rolled out patches for one Zero-Day vulnerability with a publicly known bug.


Zero-day vulnerability

The flaw can be tracked as CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability. This bug is seeing active exploitation around the globe. The flaw affects IE11 and newer EdgeHTML-based versions, allowing attackers to run files by tricking a victim to open a malicious or hacked website in IE.

Dustin Childs of Trend Micro’s Zero Day Initiative said

While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly. Successful exploitation would yield code execution at the level of the logged-on user, which is another reminder not to browse web pages using an account with Administrative privileges.

This Internet Explorer flaw is tied to a vulnerability that was publicly disclosed by researchers of ENKI. The researchers also claimed that the same flaw has recently been used by nation-state actors to target security researchers. In the ENKI blog, the researchers said they would publish proof-of-concept (PoC) code once the bug is patched.

It has been seen in the past. Once the PoC code becomes publicly available. Attackers quickly start using those PoCs for their malicious intent.


Publicly known vulnerability

The flaw can be tracked as CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability. Trend Micro Zero Day Initiative had publicly disclosed this vulnerability in January. After which, Microsoft initially stated that they would not fix it.

The flaw gets the severity rating as important, that exists in the Windows Win32K for which exploit code is publicly available. According to Microsoft, the exploitation is “less likely,” and it has not been exploited in the wild. A local attacker can exploit the flaw to gain elevated privileges.


Interesting vulnerabilities

Windows DNS Server remote code execution vulnerability | CVE-2021-26897

A remote code execution vulnerability(RCE) exists in Windows DNS Server. Among 5 bugs reported as DNS Server Remote Code Execution Vulnerabilities, this flaw is only marked as critical.

Windows Hyper-V remote code execution vulnerability | CVE-2021-26867

A remote code execution vulnerability(RCE) exists in Hyper-V Server. The flaw is given a score of CVSS of 9.9, while the vulnerability is found to be only relevant to those using the Plan-9 file system. Microsoft does not state that other Hyper-V clients are impacted by the flaw.

Microsoft SharePoint Server remote code execution vulnerability | CVE-2021-27076

A remote code execution vulnerability(RCE) exists in SharePoint Server. The flaw was originally submitted through the Zero Day Initiative(ZDI) program. To exploit the flaw successfully, an attacker must be able to create/modify sites using the SharePoint server. The default configuration of SharePoint allows authenticated users to create sites. After doing so, the user will be the owner of this site and will have all the necessary permissions.


Microsoft security bulletin summary for March 2021

  • Azure Sphere
  • Internet Explorer
  • Microsoft Exchange Server
  • Microsoft Edge (Chromium-based)
  • Microsoft Office
  • Visual Studio
  • Visual Studio Code

Product: Azure Sphere
CVEs/Advisory: CVE-2021-27074, CVE-2021-27080
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical


Product: Azure Sphere
CVEs/Advisory: CVE-2021-26411
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
KBs: 5000800, 5000802, 5000803, 5000807, 5000808, 5000809, 5000822, 5000841, 5000847, 5000848


Product: Exchange Server
CVEs/Advisory: CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
KBs: 5000871, 5000978


Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2020-27844, CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21164, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178 , CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190


Product: Microsoft Office
CVEs/Advisory: CVE-2021-24104, CVE-2021-24108, CVE-2021-27052, CVE-2021-27053, CVE-2021-27054, CVE-2021-27056, CVE-2021-27057, CVE-2021-27058, CVE-2021-27059, CVE-2021-27076
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
KBs: 3101541, 4493177, 4493199, 4493200, 4493203, 4493214, 4493224, 4493225, 4493227, 4493228, 4493229, 4493230, 4493231, 4493232, 4493233, 4493234, 4493238, 4493239, 4504702, 4504703, 4504707


Product: Visual Studio
CVEs/Advisory: CVE-2021-21300
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical


Product: Visual Studio Code
CVEs/Advisory: CVE-2021-27081, CVE-2021-27082, CVE-2021-27083, CVE-2021-27084, CVE-2021-27060
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Important


SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments