Patch Tuesday, March 2021
The March Patch Tuesday is here and it's been an unfortunately busy month for Microsoft. Earlier last week they released information on a campaign targeting Microsoft Exchange Server with multiple zero-day exploits. We released information about this campaign yesterday and those affected should absolutely be working on updating their systems if they haven't already.
Today's release covers an additional 88 CVEs including 14 rated as "Critical", 73 rated as "Important", and 1 as "Low". Additional patches for MS Exchange Server are included in the Critical list and Microsoft released patches for EOL versions of MS Exchange as well via a manual Cumulative Security Update. You can read more about that here.
While the Exchange vulnerabilities are without a doubt the most pressing patches. There is plenty to be concerned about this Tuesday. On the Critical list are patches for Remote Code Execution (RCE) vulnerabilities in Windows DNS Server, Hyper-V, and Azure Sphere. The Important list includes patches for server packages like MS Exchange, Sharepoint, Visual Studio, Windows DNS, and the Update service itself. The list also patches for multiple client-side software like the MS Office suite, Internet Explorer, DirectX, ActiveX, and various media codes.
All in all, March brings with it some of the most important patches in at least a year. Please patch as soon as you can and stay safe!
Critical
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-27074, CVE-2021-27080
Remote Code Execution
Azure Virtual Machine Information Disclosure Vulnerability
CVE-2021-27075
Information Disclosure
Git for Visual Studio Remote Code Execution Vulnerability
CVE-2021-21300
Remote Code Execution
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-26902, CVE-2021-27061
Remote Code Execution
Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411
Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065
Remote Code Execution
OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2021-26876
Remote Code Execution
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26897
Remote Code Execution
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-26867
Remote Code Execution
Important
Application Virtualization Remote Code Execution Vulnerability
CVE-2021-26890
Remote Code Execution
DirectX Elevation of Privilege Vulnerability
CVE-2021-24095
Elevation of Privilege
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-24089, CVE-2021-24110, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051
Remote Code Execution
Internet Explorer Remote Code Execution Vulnerability
CVE-2021-27085
Remote Code Execution
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27053, CVE-2021-27054
Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26854, CVE-2021-26858, CVE-2021-27078
Remote Code Execution
Microsoft Office ClickToRun Remote Code Execution Vulnerability
CVE-2021-27058
Remote Code Execution
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-24108, CVE-2021-27057, CVE-2021-27059
Remote Code Execution
Microsoft Power BI Information Disclosure Vulnerability
CVE-2021-26859
Information Disclosure
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2021-27056
Remote Code Execution
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-27052
Information Disclosure
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-27076
Remote Code Execution
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-24104
Spoofing
Microsoft Visio Security Feature Bypass Vulnerability
CVE-2021-27055
Security Feature Bypass
Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
CVE-2021-26887
Elevation of Privilege
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-26881
Remote Code Execution
Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27082
Remote Code Execution
Remote Access API Elevation of Privilege Vulnerability
CVE-2021-26882
Elevation of Privilege
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27083
Remote Code Execution
Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-26880
Elevation of Privilege
User Profile Service Denial of Service Vulnerability
CVE-2021-26886
Denial of Service
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
CVE-2021-27081
Remote Code Execution
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2021-27084
Remote Code Execution
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27060
Remote Code Execution
Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-27070
Elevation of Privilege
Windows ActiveX Installer Service Information Disclosure Vulnerability
CVE-2021-26869
Information Disclosure
Windows Admin Center Security Feature Bypass Vulnerability
CVE-2021-27066
Security Feature Bypass
Windows App-V Overlay Filter Elevation of Privilege Vulnerability
CVE-2021-26860
Elevation of Privilege
Windows Container Execution Agent Elevation of Privilege Vulnerability
CVE-2021-26865, CVE-2021-26891
Elevation of Privilege
Windows DNS Server Denial of Service Vulnerability
CVE-2021-26896, CVE-2021-27063
Denial of Service
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895
Remote Code Execution
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2021-24090
Elevation of Privilege
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-26872, CVE-2021-26898, CVE-2021-26901, CVE-2021-24107
Information Disclosure
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2021-26892
Security Feature Bypass
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868
Elevation of Privilege
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-26861
Remote Code Execution
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26862
Elevation of Privilege
Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-26884
Information Disclosure
Windows NAT Denial of Service Vulnerability
CVE-2021-26879
Denial of Service
Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2021-26874
Elevation of Privilege
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1640, CVE-2021-26878
Elevation of Privilege
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2021-26870
Elevation of Privilege
Windows Update Service Elevation of Privilege Vulnerability
CVE-2021-26866
Elevation of Privilege
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-26889
Elevation of Privilege
Windows Update Stack Setup Elevation of Privilege Vulnerability
CVE-2021-1729
Elevation of Privilege
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2021-26899
Elevation of Privilege
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-26873
Elevation of Privilege
Windows Virtual Registry Provider Elevation of Privilege Vulnerability
CVE-2021-26864
Elevation of Privilege
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-26871, CVE-2021-26885
Elevation of Privilege
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-26863, CVE-2021-26875, CVE-2021-26900
Elevation of Privilege
Low
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-27077
Denial of Service
About the Author
Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20-year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.
ABOUT TRUSTWAVE
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.