Patch Analysis for March 2021

Welcome to this March Patch Tuesday Bulletin. This month there are 122 total CVE’s, affecting 9 technologies, 5 CVE’s actively attacked, and 2 CVE’s publicly disclosed. The biggest news this month is on-premise Exchange servers being actively attacked in the wild. Updates were released out of band on March 2nd since the attacks were ongoing. It is safe to say this is the highest priority of your patch program this month, in fact, if you have not patched yet then it is critical to scan Exchange logs with the MS tool they provided and use the Microsoft Safety Scanner tool to remove malicious code. IE and Edge both suffer from CVE-2021-26411 which could allow remote code execution so make sure those updates are applied quickly. CVE-2021-27077 was publicly disclosed but MS did not indicate it was exploited in the wild. This vulnerability is an elevation of privilege vulnerability in Windows. Finally, Microsoft noted that the Edge Chromium-Based browser ingests Chromium which was addressed by Google and these updates were applied on this patch Tuesday. Google states that CVE-2021-21166 was exploited in the wild so it is important to get Edge updated as well.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.