Patch Analysis for March 2021

Welcome to this March Patch Tuesday Bulletin. This month there are 122 total CVE’s, affecting 9 technologies, 5 CVE’s actively attacked, and 2 CVE’s publicly disclosed. The biggest news this month is on-premise Exchange servers being actively attacked in the wild. Updates were released out of band on March 2nd since the attacks were ongoing. It is safe to say this is the highest priority of your patch program this month, in fact, if you have not patched yet then it is critical to scan Exchange logs with the MS tool they provided and use the Microsoft Safety Scanner tool to remove malicious code. IE and Edge both suffer from CVE-2021-26411 which could allow remote code execution so make sure those updates are applied quickly. CVE-2021-27077 was publicly disclosed but MS did not indicate it was exploited in the wild. This vulnerability is an elevation of privilege vulnerability in Windows. Finally, Microsoft noted that the Edge Chromium-Based browser ingests Chromium which was addressed by Google and these updates were applied on this patch Tuesday. Google states that CVE-2021-21166 was exploited in the wild so it is important to get Edge updated as well.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Edge

HTML-Based

Critical

CVE-2021-26411**

*Workaround: No

**Public: Yes

Exploited: Yes

Remote Code Execution

Edge

Chromium-Based

Critical

CVE-2020-27844

CVE-2021-21159

CVE-2021-21160

CVE-2021-21161

CVE-2021-21162

CVE-2021-21163

CVE-2021-21164

CVE-2021-21165

CVE-2021-21166

CVE-2021-21167

CVE-2021-21168

CVE-2021-21169

CVE-2021-21170

CVE-2021-21171

CVE-2021-21172

CVE-2021-21173

CVE-2021-21174

CVE-2021-21175

CVE-2021-21176

CVE-2021-21177

CVE-2021-21178

CVE-2021-21179

CVE-2021-21180

CVE-2021-21181

CVE-2021-21182

CVE-2021-21183

CVE-2021-21184

CVE-2021-21185

CVE-2021-21186

CVE-2021-21187

CVE-2021-21188

CVE-2021-21189

CVE-2021-21190

*Workaround: No

**Public: No

Exploited: Yes

Security Bypass, Use After Free, Information Disclosure

Internet Explorer

IE 11

Critical

CVE-2021-26411**

CVE-2021-27085

*Workaround: No

**Public: Yes

Exploited: Yes

Remote Code Execution

Visual Studio

Quantum Development Kit

Visual Studio 2017, 2019

Visual Studio Code, ESLint extension, Java Extension Pack, Remote – Containers Extension

Critical

CVE-2021-21300

CVE-2021-27083

CVE-2021-27084

CVE-2021-27082

CVE-2021-27081

CVE-2021-27060

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Exchange

Server 2010, 2013, 2016, 2019

Critical

CVE-2021-27065

CVE-2021-27078

CVE-2021-26858

CVE-2021-26857

CVE-2021-26855

CVE-2021-26854

CVE-2021-26412

*Workaround: No

**Public: No

Exploited: Yes

Remote Code Execution

Azure

Azure Container Instance, Kubernetes Service, Service Fabric, Sphere, Spring Cloud

Critical

CVE-2021-27074

CVE-2021-27075

CVE-2021-27080

*Workaround: No

**Public: No

Exploited: No

Information Disclosure

Remote Code Execution

Office

365 Apps for Enterprise

Excel 2010, 2013, 2016

Office 2010, 2013, 2016, 2019, 2019 for Mac, Online Server, Web Apps 2013, Web Apps Server 2013

PowerPoint 2010, 2013, 2016

SharePoint Enterprise Server 2016

SharePoint Server 2019

Visio 2010, 2013, 2016

Important

CVE-2021-24104

CVE-2021-24108

CVE-2021-27052

CVE-2021-27053

CVE-2021-27054

CVE-2021-27055

CVE-2021-27056

CVE-2021-27057

CVE-2021-27058

CVE-2021-27059

CVE-2021-27076

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Security Feature Bypass

Information Disclosure

Spoofing

SQL Server

Power BI Report Server Version 15

Important

CVE-2021-26859

*Workaround: No

**Public: No

Exploited: No

Information Disclosure

Windows

Windows 8.1, RT 8.1, 10

Server 2012, 2012 R2, 2016, 2019

Critical

CVE-2021-1640

CVE-2021-1729

CVE-2021-24089

CVE-2021-24090

CVE-2021-24095

CVE-2021-24107

CVE-2021-24110

CVE-2021-26860

CVE-2021-26861

CVE-2021-26862

CVE-2021-26863

CVE-2021-26864

CVE-2021-26865

CVE-2021-26866

CVE-2021-26867

CVE-2021-26868

CVE-2021-26869

CVE-2021-26870

CVE-2021-26871

CVE-2021-26872

CVE-2021-26873

CVE-2021-26874

CVE-2021-26875

CVE-2021-26876

CVE-2021-26877

CVE-2021-26878

CVE-2021-26879

CVE-2021-26880

CVE-2021-26881

CVE-2021-26882

CVE-2021-26884

CVE-2021-26885

CVE-2021-26886

CVE-2021-26887

CVE-2021-26889

CVE-2021-26890

CVE-2021-26891

CVE-2021-26892

CVE-2021-26893

CVE-2021-26894

CVE-2021-26895

CVE-2021-26896

CVE-2021-26897

CVE-2021-26898

CVE-2021-26899

CVE-2021-26900

CVE-2021-26901

CVE-2021-26902

CVE-2021-27047

CVE-2021-27048

CVE-2021-27049

CVE-2021-27050

CVE-2021-27051

CVE-2021-27061

CVE-2021-27062

CVE-2021-27063

CVE-2021-27066

CVE-2021-27070

CVE-2021-27077**

*Workaround: No

**Public: Yes

Exploited: No

Elevation of Privilege

Remote Code Execution

Security Feature Bypass

Denial of Service

Information Disclosure

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources