Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Patch Tuesday, March 2021

The March Patch Tuesday is here and it's been an unfortunately busy month for Microsoft. Earlier last week they released information on a campaign targeting Microsoft Exchange Server with multiple zero-day exploits. We released information about this campaign yesterday and those affected should absolutely be working on updating their systems if they haven't already.

Today's release covers an additional 88 CVEs including 14 rated as "Critical", 73 rated as "Important", and 1 as "Low". Additional patches for MS Exchange Server are included in the Critical list and Microsoft released patches for EOL versions of MS Exchange as well via a manual Cumulative Security Update. You can read more about that here.

While the Exchange vulnerabilities are without a doubt the most pressing patches. There is plenty to be concerned about this Tuesday. On the Critical list are patches for Remote Code Execution (RCE) vulnerabilities in Windows DNS Server, Hyper-V, and Azure Sphere. The Important list includes patches for server packages like MS Exchange, Sharepoint, Visual Studio, Windows DNS, and the Update service itself. The list also patches for multiple client-side software like the MS Office suite, Internet Explorer, DirectX, ActiveX, and various media codes.

All in all, March brings with it some of the most important patches in at least a year. Please patch as soon as you can and stay safe!


Critical

Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-27074, CVE-2021-27080
Remote Code Execution

Azure Virtual Machine Information Disclosure Vulnerability
CVE-2021-27075
Information Disclosure

Git for Visual Studio Remote Code Execution Vulnerability
CVE-2021-21300
Remote Code Execution

HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-26902, CVE-2021-27061
Remote Code Execution

Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411
Remote Code Execution

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065
Remote Code Execution

OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2021-26876
Remote Code Execution

Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26897
Remote Code Execution

Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-26867
Remote Code Execution


Important

Application Virtualization Remote Code Execution Vulnerability
CVE-2021-26890
Remote Code Execution

DirectX Elevation of Privilege Vulnerability
CVE-2021-24095
Elevation of Privilege

HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-24089, CVE-2021-24110, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051
Remote Code Execution

Internet Explorer Remote Code Execution Vulnerability
CVE-2021-27085
Remote Code Execution

Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27053, CVE-2021-27054
Remote Code Execution

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26854, CVE-2021-26858, CVE-2021-27078
Remote Code Execution

Microsoft Office ClickToRun Remote Code Execution Vulnerability
CVE-2021-27058
Remote Code Execution

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-24108, CVE-2021-27057, CVE-2021-27059
Remote Code Execution

Microsoft Power BI Information Disclosure Vulnerability
CVE-2021-26859
Information Disclosure

Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2021-27056
Remote Code Execution

Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-27052
Information Disclosure

Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-27076
Remote Code Execution

Microsoft SharePoint Spoofing Vulnerability
CVE-2021-24104
Spoofing

Microsoft Visio Security Feature Bypass Vulnerability
CVE-2021-27055
Security Feature Bypass

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
CVE-2021-26887
Elevation of Privilege

Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-26881
Remote Code Execution

Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27082
Remote Code Execution

Remote Access API Elevation of Privilege Vulnerability
CVE-2021-26882
Elevation of Privilege

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27083
Remote Code Execution

Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-26880
Elevation of Privilege

User Profile Service Denial of Service Vulnerability
CVE-2021-26886
Denial of Service

Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
CVE-2021-27081
Remote Code Execution

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2021-27084
Remote Code Execution

Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27060
Remote Code Execution

Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-27070
Elevation of Privilege

Windows ActiveX Installer Service Information Disclosure Vulnerability
CVE-2021-26869
Information Disclosure

Windows Admin Center Security Feature Bypass Vulnerability
CVE-2021-27066
Security Feature Bypass

Windows App-V Overlay Filter Elevation of Privilege Vulnerability
CVE-2021-26860
Elevation of Privilege

Windows Container Execution Agent Elevation of Privilege Vulnerability
CVE-2021-26865, CVE-2021-26891
Elevation of Privilege

Windows DNS Server Denial of Service Vulnerability
CVE-2021-26896, CVE-2021-27063
Denial of Service

Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895
Remote Code Execution

Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2021-24090
Elevation of Privilege

Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-26872, CVE-2021-26898, CVE-2021-26901, CVE-2021-24107
Information Disclosure

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2021-26892
Security Feature Bypass

Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868
Elevation of Privilege

Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-26861
Remote Code Execution

Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26862
Elevation of Privilege

Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-26884
Information Disclosure

Windows NAT Denial of Service Vulnerability
CVE-2021-26879
Denial of Service

Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2021-26874
Elevation of Privilege

Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1640, CVE-2021-26878
Elevation of Privilege

Windows Projected File System Elevation of Privilege Vulnerability
CVE-2021-26870
Elevation of Privilege

Windows Update Service Elevation of Privilege Vulnerability
CVE-2021-26866
Elevation of Privilege

Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-26889
Elevation of Privilege

Windows Update Stack Setup Elevation of Privilege Vulnerability
CVE-2021-1729
Elevation of Privilege

Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2021-26899
Elevation of Privilege

Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-26873
Elevation of Privilege

Windows Virtual Registry Provider Elevation of Privilege Vulnerability
CVE-2021-26864
Elevation of Privilege

Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-26871, CVE-2021-26885
Elevation of Privilege

Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-26863, CVE-2021-26875, CVE-2021-26900
Elevation of Privilege


Low

Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-27077
Denial of Service

Latest SpiderLabs Blogs

Hunting For Integer Overflows In Web Servers

Allow me to set the scene and start proceedings off with a definition of an integer overflow, according to Wikipedia:

Read More

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More