March Patch Tuesday 2021 Addresses 89 Security Fixes
Microsoft Fixes 89 Bugs this Month, Including Critical IE Fix
There are 14 critical and 75 important fixes this month. This includes updates for Windows, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.
Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) also received updates:
- Windows 7 – 5 Important vulnerabilities fixed, with the most important one fixing an issue with pending print jobs which remain in an error state.
- Windows 2008 R2 – 1 Critical and 8 Important vulnerabilities fixed, with the worst impacting DNS as per our recommendation below.
“Today is the last scheduled release of patches for legacy Windows Edge, and going forward this will become an obsolete browser,” said Robert Brown, Head of Customer Success for Syxsense. “ You must upgrade to the newest Microsoft Edge browser which uses the new Chromium engine, similar to Mozilla and Google Chrome.”
For next month, the only updates for Microsoft Edge will be for the Chromium version. We have also seen a very serious weaponized issue fixed with Internet Explorer which has not been patched for almost four months.
Top March Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.
1. CVE-2021-26411: Internet Explorer Memory Corruption Vulnerability
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and convince a user to view the website. Additionally, the attacker could also take advantage of compromised websites, or ones that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.
Syxscore
- Vendor Severity: Critical
- CVSS: 8.8
- Weaponised: Yes
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk Alert
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Yes
2. CVE-2021-26867: Hyper-V Remote Code Execution Vulnerability
Microsoft Windows Hyper-V could allow a remote authenticated attacker to execute arbitrary code on the system. By executing a specially-crafted program on a Hyper-V guest, an attacker could exploit this vulnerability to execute arbitrary code on the host operating system.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.9
- Weaponised: No
- Public Aware: No
- Countermeasure: Hyper-V client which is configured to use the Plan 9 file system, under Linux.
Syxscore Risk Alert
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Yes
3. CVE-2021-26897: Windows DNS Server Remote Code Execution Vulnerability
The vulnerability exists due to improper input validation in the Windows DNS Server. A remote attacker can send a specially-crafted request and execute arbitrary code on the target system which if success may result in complete compromise of vulnerable system.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: Some – DNS server would need to have dynamic updates enabled.
Syxscore Risk Alert
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
Syxsense Recommendations
Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.
| CVE | Title | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Syxsense Recommended |
| CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 9.1 | No | Yes | No | Yes |
| CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability | Critical | 8.8 | Yes | Yes | No | Yes |
| CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 7.8 | No | Yes | No | Yes |
| CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 7.8 | No | Yes | No | Yes |
| CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2021-26867 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 9.9 | No | No | Yes | Yes |
| CVE-2021-26897 | Windows DNS Server Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Yes | Yes |
| CVE-2021-26877 | Windows DNS Server Remote Code Execution Vulnerability | Important | 9.8 | No | No | No | Yes |
| CVE-2021-26893 | Windows DNS Server Remote Code Execution Vulnerability | Important | 9.8 | No | No | No | Yes |
| CVE-2021-26894 | Windows DNS Server Remote Code Execution Vulnerability | Important | 9.8 | No | No | No | Yes |
| CVE-2021-26895 | Windows DNS Server Remote Code Execution Vulnerability | Important | 9.8 | No | No | No | Yes |
| CVE-2021-27080 | Azure Sphere Unsigned Code Execution Vulnerability | Critical | 9.3 | No | No | No | Yes |
| CVE-2021-26412 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 9.1 | No | No | No | Yes |
| CVE-2021-27078 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 9.1 | No | No | No | Yes |
| CVE-2021-21300 | Git for Visual Studio Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-26876 | OpenType Font Parsing Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-27076 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-26865 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-26864 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | Important | 8.4 | No | No | No | Yes |
| CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | No | Yes |
| CVE-2021-24089 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-26902 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-27061 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-27074 | Azure Sphere Unsigned Code Execution Vulnerability | Critical | 6.2 | No | No | No | Yes |
| CVE-2021-26890 | Application Virtualization Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-24110 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27047 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27048 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27049 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27050 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27051 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27062 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27053 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27058 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-24108 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26887 | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27082 | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26882 | Remote Access API Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27083 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26880 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27081 | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27060 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26860 | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26891 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-24090 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26872 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26898 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26901 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26868 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26861 | Windows Graphics Component Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26874 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1640 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26878 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26870 | Windows Projected File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26899 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26871 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26885 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26875 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26900 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26859 | Microsoft Power BI Information Disclosure Vulnerability | Important | 7.7 | No | No | No | |
| CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2021-26881 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-26896 | Windows DNS Server Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-27063 | Windows DNS Server Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-26879 | Windows NAT Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | |
| CVE-2021-26866 | Windows Update Service Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-26889 | Windows Update Stack Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-1729 | Windows Update Stack Setup Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-24095 | DirectX Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-27055 | Microsoft Visio Security Feature Bypass Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-26873 | Windows User Profile Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-26863 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-27075 | Azure Virtual Machine Information Disclosure Vulnerability | Important | 6.8 | No | No | No | |
| CVE-2021-26854 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | No | |
| CVE-2021-26862 | Windows Installer Elevation of Privilege Vulnerability | Important | 6.3 | No | No | No | |
| CVE-2021-26892 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.2 | No | No | No | |
| CVE-2021-26886 | User Profile Service Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-26869 | Windows ActiveX Installer Service Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-24107 | Windows Event Tracing Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-26884 | Windows Media Photo Codec Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-27052 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2021-24104 | Microsoft SharePoint Spoofing Vulnerability | Important | 4.6 | No | No | No | |
| CVE-2021-27066 | Windows Admin Center Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | |
| CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | Important | NA | No | No | No |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
