Microsoft Patch Tuesday March 2021: fix 89 security vulnerabilities
On March 09, 2021, Microsoft had released a risk notice for the Patch Tuesday March 2021. The security update patches 89 vulnerabilities, mainly covering the following components: Windows operating system, Azure, IE and Edge, Exchange Server, Office, SharePoint Server, Visual Studio, and Hyper-V. This update includes 14 serious vulnerabilities, 75 high-risk vulnerabilities.
Vulnerability Detail
- CVE-2021-26411 – Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411 is a memory corruption vulnerability in Internet Explorer that was exploited in the wild as a zero-day. In order to exploit the flaw, an attacker would need to host the exploit code on a malicious website and convince a user through social engineering tactics to visit the page, or the attacker could inject the malicious payload into a legitimate website. - CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, and CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-26867 – Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-26867 is an RCE vulnerability affecting Hyper-V clients that have been configured to utilize the Plan 9 file system (9P). Successful exploitation could allow an authenticated attacker to execute code on a Hyper-V server. Despite Microsoft’s rating, this vulnerability as “Exploitation Less Likely,” the CVSSv3 score assigned to this flaw is a 9.9 out of 10.0. However, it is important to note that Hyper-V clients not utilizing 9P are not affected by this vulnerability.
- CVE-2021-27076 – Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2021-26855/CVE-2021-26857/CVE-2021-27065/CVE-2021-26858 – Microsoft Exchange Server Remote Code Execution Vulnerability
