Microsoft Patch Tuesday March 2021 has released March Patch Tuesday security updates. The updates address 82 vulnerabilities in the family of Windows operating systems and related products. Among them, 10 are classified as Critical, and 72 are classified as Important. The exploitation of bugs with critical ratings is happening with a malware or an adversary with little or no help from the user. This is where vulnerability management solution comes in. These numbers do not include 7 Microsoft Exchange and other Chromium Edge vulnerabilities released earlier this month. Microsoft has also rolled out patches for one Zero-Day vulnerability with a publicly known bug with its Microsoft Patch Tuesday of March 2021.
These bugs can be mitigated using a reliable patch management tool.
Zero-day vulnerability
The flaw can be tracked as CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability. This bug is seeing active exploitation around the globe. The flaw affects IE11 and newer EdgeHTML-based versions, allowing attackers to run files by tricking a victim to open a malicious or hacked website in IE.
Dustin Childs of Trend Micro’s Zero Day Initiative said
While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly. Successful exploitation would yield code execution at the level of the logged-on user, which is another reminder not to browse web pages using an account with Administrative privileges.
This Internet Explorer flaw is tied to a vulnerability that was publicly disclosed by researchers of ENKI. The researchers also claimed that the same flaw has recently been used by nation-state actors to target security researchers. In the ENKI blog, the researchers said they would publish proof-of-concept (PoC) code once the bug is patched.
It has been seen in the past. Once the PoC code becomes publicly available. Attackers quickly start using those PoCs for their malicious intent.
Publicly known vulnerability
The flaw can be tracked as CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability. Trend Micro Zero Day Initiative had publicly disclosed this vulnerability in January. After which, Microsoft initially stated that they would not fix it.
The flaw gets the severity rating as important, that exists in the Windows Win32K for which exploit code is publicly available. According to Microsoft, the exploitation is “less likely,” and thus it has not been exploited in the wild. Hence a local attacker can exploit the flaw to gain elevated privileges.
Interesting vulnerabilities
Windows DNS Server remote code execution vulnerability | CVE-2021-26897
A remote code execution vulnerability(RCE) exists in Windows DNS Server. Hence among 5 bugs reported as DNS Server Remote Code Execution Vulnerabilities, this flaw is only marked as critical.
Windows Hyper-V remote code execution vulnerability | CVE-2021-26867
A remote code execution vulnerability(RCE) exists in Hyper-V Server. The flaw is given a score of CVSS of 9.9, while the vulnerability is found to be only relevant to those using the Plan-9 file system. Therefore Microsoft does not state that other Hyper-V clients are impacted by the flaw.
Microsoft SharePoint Server remote code execution vulnerability | CVE-2021-27076
A remote code execution vulnerability(RCE) exists in SharePoint Server. The submission of the flaw was originally from the ZeroDayInitiative (ZDI) Program.To exploit the flaw successfully, an attacker must be able to create/modify sites hence using the SharePoint server. Additionally the default configuration of SharePoint allows authenticated users to create sites. After doing so, the user will be the owner of this site and will have all the necessary permissions.
Microsoft security bulletin summary for March 2021
- Azure Sphere
- Internet Explorer
- Microsoft Exchange Server
- Microsoft Edge (Chromium-based)
- Microsoft Office
- Visual Studio
- Visual Studio Code
Product: Azure Sphere
CVEs/Advisory: CVE-2021-27074, CVE-2021-27080
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
Product: Azure Sphere
CVEs/Advisory: CVE-2021-26411
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
KBs: 5000800, 5000802, 5000803, 5000807, 5000808, 5000809, 5000822, 5000841, 5000847, 5000848
Product: Exchange Server
CVEs/Advisory: CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
KBs: 5000871, 5000978
Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2020-27844, CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21164, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178 , CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190
Product: Microsoft Office
CVEs/Advisory: CVE-2021-24104, CVE-2021-24108, CVE-2021-27052, CVE-2021-27053, CVE-2021-27054, CVE-2021-27056, CVE-2021-27057, CVE-2021-27058, CVE-2021-27059, CVE-2021-27076
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
KBs: 3101541, 4493177, 4493199, 4493200, 4493203, 4493214, 4493224, 4493225, 4493227, 4493228, 4493229, 4493230, 4493231, 4493232, 4493233, 4493234, 4493238, 4493239, 4504702, 4504703, 4504707
Product: Visual Studio
CVEs/Advisory: CVE-2021-21300
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical
Product: Visual Studio Code
CVEs/Advisory: CVE-2021-27081, CVE-2021-27082, CVE-2021-27083, CVE-2021-27084, CVE-2021-27060
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Important
SanerNow detects these vulnerabilities and hence automatically fixes them by applying security updates. Therefore SanerNow and keep your systems updated and secure.