Patch Tuesday

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today.

With today's update, Microsoft has fixed 82 vulnerabilities, with 10 classified as Critical and 72 as Important. These numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities released earlier this month.

There are also two zero-day vulnerabilities patched today that were publicly disclosed and known to be used in attacks.

For information about the non-security Windows updates, you can read about today's Windows 10 KB5000808 & KB5000802 cumulative updates.

Microsoft Exchange ProxyLogon attacks

Last week, Microsoft released out-of-band security updates for the ProxyLogon vulnerability that are actively being used by threat actors worldwide to compromise Microsoft Exchange servers.

Threat actors exploit these vulnerabilities on publicly accessible Outlook on the Web (OWA) servers to install web shells and other malware.

These vulnerabilities are being tracked with the following CVEs:

  • CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26857 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-27065 - Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft has released security updates for currently supported Microsoft Exchange cumulative updates and older unsupported versions.

While installing the updates will prevent the server from being compromised, attacks have been so pervasive that admins should analyze all Exchange servers for attacks that may have occurred before the patches were installed.

Microsoft has released a PowerShell script called Test-ProxyLogon.ps1 that will check for indicators of compromise (IOC) in Exchange HttpProxy logs, Exchange log files, and Windows Application event logs.

Microsoft has also updated Microsoft Defender to detect web shells and other IOCs associated with these attacks.

Their standalone Microsoft Safety Scanner (MSERT) tool has been updated to detect web shells and other IOCs for those not using Microsoft Defender.

With the fixes for the zero-days, Microsoft also released fixes for three Microsoft Exchange vulnerabilities not exploited in attacks:

  • CVE-2021-26412 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26854 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-27078 - Microsoft Exchange Server Remote Code Execution Vulnerability

Two other zero-day vulnerabilities were fixed

Microsoft also fixed two other zero-day vulnerabilities today, with one publicly used in attacks.

In January, Google disclosed that the Lazarus group was conducting attacks against security researchers using compromised Visual Studio projects and unknown zero-day exploits. 

In February, South Korean cybersecurity firm Enki disclosed that the threat actors used an Internet Explorer zero-day vulnerability in the attacks to install custom backdoors.

This vulnerability, tracked as "CVE-2021-26411 - Internet Explorer Memory Corruption Vulnerability," is fixed today.

Another zero-day vulnerability fixed today is tracked as "CVE-2021-27077 - Windows Win32k Elevation of Privilege Vulnerability."

This vulnerability was publicly disclosed by Trend Micro Zero Day Initiative in January after Microsoft initially stated that they would not fix it.

Update: We incorrectly stated that the CVE-2021-27077 zero-day was used in attacks. It was just publicly disclosed.

Recent updates from other companies

Other vendors who released updates in March include:

The March 2021 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the March 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
Application Virtualization CVE-2021-26890 Application Virtualization Remote Code Execution Vulnerability Important
Azure CVE-2021-27075 Azure Virtual Machine Information Disclosure Vulnerability Important
Azure Sphere CVE-2021-27074 Azure Sphere Unsigned Code Execution Vulnerability Critical
Azure Sphere CVE-2021-27080 Azure Sphere Unsigned Code Execution Vulnerability Critical
Internet Explorer CVE-2021-27085 Internet Explorer Remote Code Execution Vulnerability Important
Internet Explorer CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability Critical
Microsoft ActiveX CVE-2021-26869 Windows ActiveX Installer Service Information Disclosure Vulnerability Important
Microsoft Edge on Chromium CVE-2021-21173 Chromium CVE-2021-21173: Side-channel information leakage in Network Internals Unknown
Microsoft Edge on Chromium CVE-2021-21172 Chromium CVE-2021-21172: Insufficient policy enforcement in File System API Unknown
Microsoft Edge on Chromium CVE-2021-21169 Chromium CVE-2021-21169: Out of bounds memory access in V8 Unknown
Microsoft Edge on Chromium CVE-2021-21170 Chromium CVE-2021-21170: Incorrect security UI in Loader Unknown
Microsoft Edge on Chromium CVE-2021-21171 Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation Unknown
Microsoft Edge on Chromium CVE-2021-21175 Chromium CVE-2021-21175: Inappropriate implementation in Site isolation Unknown
Microsoft Edge on Chromium CVE-2021-21176 Chromium CVE-2021-21176: Inappropriate implementation in full screen mode Unknown
Microsoft Edge on Chromium CVE-2021-21177 Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill Unknown
Microsoft Edge on Chromium CVE-2021-21174 Chromium CVE-2021-21174: Inappropriate implementation in Referrer Unknown
Microsoft Edge on Chromium CVE-2021-21178 Chromium CVE-2021-21178 : Inappropriate implementation in Compositing Unknown
Microsoft Edge on Chromium CVE-2021-21161 Chromium CVE-2021-21161: Heap buffer overflow in TabStrip Unknown
Microsoft Edge on Chromium CVE-2021-21162 Chromium CVE-2021-21162: Use after free in WebRTC Unknown
Microsoft Edge on Chromium CVE-2021-21160 Chromium CVE-2021-21160: Heap buffer overflow in WebAudio Unknown
Microsoft Edge on Chromium CVE-2020-27844 Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG Unknown
Microsoft Edge on Chromium CVE-2021-21159 Chromium CVE-2021-21159: Heap buffer overflow in TabStrip Unknown
Microsoft Edge on Chromium CVE-2021-21163 Chromium CVE-2021-21163: Insufficient data validation in Reader Mode Unknown
Microsoft Edge on Chromium CVE-2021-21167 Chromium CVE-2021-21167: Use after free in bookmarks Unknown
Microsoft Edge on Chromium CVE-2021-21168 Chromium CVE-2021-21168: Insufficient policy enforcement in appcache Unknown
Microsoft Edge on Chromium CVE-2021-21166 Chromium CVE-2021-21166: Object lifecycle issue in audio Unknown
Microsoft Edge on Chromium CVE-2021-21164 Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS Unknown
Microsoft Edge on Chromium CVE-2021-21165 Chromium CVE-2021-21165: Object lifecycle issue in audio Unknown
Microsoft Edge on Chromium CVE-2021-21189 Chromium CVE-2021-21189: Insufficient policy enforcement in payments Unknown
Microsoft Edge on Chromium CVE-2021-21181 Chromium CVE-2021-21181: Side-channel information leakage in autofill Unknown
Microsoft Edge on Chromium CVE-2021-21186 Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning Unknown
Microsoft Edge on Chromium CVE-2021-21190 Chromium CVE-2021-21190 : Uninitialized Use in PDFium Unknown
Microsoft Edge on Chromium CVE-2021-21183 Chromium CVE-2021-21183: Inappropriate implementation in performance APIs Unknown
Microsoft Edge on Chromium CVE-2021-21185 Chromium CVE-2021-21185: Insufficient policy enforcement in extensions Unknown
Microsoft Edge on Chromium CVE-2021-21187 Chromium CVE-2021-21187: Insufficient data validation in URL formatting Unknown
Microsoft Edge on Chromium CVE-2021-21182 Chromium CVE-2021-21182: Insufficient policy enforcement in navigations Unknown
Microsoft Edge on Chromium CVE-2021-21180 Chromium CVE-2021-21180: Use after free in tab search Unknown
Microsoft Edge on Chromium CVE-2021-21184 Chromium CVE-2021-21184: Inappropriate implementation in performance APIs Unknown
Microsoft Edge on Chromium CVE-2021-21179 Chromium CVE-2021-21179: Use after free in Network Internals Unknown
Microsoft Edge on Chromium CVE-2021-21188 Chromium CVE-2021-21188: Use after free in Blink Unknown
Microsoft Exchange Server CVE-2021-26412 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-27078 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-26863 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-26861 Windows Graphics Component Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-26876 OpenType Font Parsing Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2021-26875 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2021-24108 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-27058 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-27059 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-27053 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-27054 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-27057 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office PowerPoint CVE-2021-27056 Microsoft PowerPoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-27052 Microsoft SharePoint Server Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-24104 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-27076 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office Visio CVE-2021-27055 Microsoft Visio Security Feature Bypass Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27050 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27049 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-26884 Windows Media Photo Codec Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27051 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27062 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-24110 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-24089 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2021-27061 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2021-27048 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27047 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-26902 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Power BI CVE-2021-26859 Microsoft Power BI Information Disclosure Vulnerability Important
Role: DNS Server CVE-2021-27063 Windows DNS Server Denial of Service Vulnerability Important
Role: DNS Server CVE-2021-26893 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-26897 Windows DNS Server Remote Code Execution Vulnerability Critical
Role: DNS Server CVE-2021-26894 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-26895 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-26896 Windows DNS Server Denial of Service Vulnerability Important
Role: DNS Server CVE-2021-26877 Windows DNS Server Remote Code Execution Vulnerability Important
Role: Hyper-V CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability Critical
Role: Hyper-V CVE-2021-26879 Windows NAT Denial of Service Vulnerability Important
Visual Studio CVE-2021-27084 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability Important
Visual Studio CVE-2021-21300 Git for Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio Code CVE-2021-27060 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-27081 Visual Studio Code ESLint Extension Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-27083 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-27082 Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability Important
Windows Admin Center CVE-2021-27066 Windows Admin Center Security Feature Bypass Vulnerability Important
Windows Container Execution Agent CVE-2021-26891 Windows Container Execution Agent Elevation of Privilege Vulnerability Important
Windows Container Execution Agent CVE-2021-26865 Windows Container Execution Agent Elevation of Privilege Vulnerability Important
Windows DirectX CVE-2021-24095 DirectX Elevation of Privilege Vulnerability Important
Windows Error Reporting CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability Important
Windows Event Tracing CVE-2021-26872 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-26901 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-26898 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Extensible Firmware Interface CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important
Windows Folder Redirection CVE-2021-26887 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability Important
Windows Installer CVE-2021-26862 Windows Installer Elevation of Privilege Vulnerability Important
Windows Media CVE-2021-26881 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important
Windows Overlay Filter CVE-2021-26874 Windows Overlay Filter Elevation of Privilege Vulnerability Important
Windows Overlay Filter CVE-2021-26860 Windows App-V Overlay Filter Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2021-1640 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2021-26878 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Projected File System Filter Driver CVE-2021-26870 Windows Projected File System Elevation of Privilege Vulnerability Important
Windows Registry CVE-2021-26864 Windows Virtual Registry Provider Elevation of Privilege Vulnerability Important
Windows Remote Access API CVE-2021-26882 Remote Access API Elevation of Privilege Vulnerability Important
Windows Storage Spaces Controller CVE-2021-26880 Storage Spaces Controller Elevation of Privilege Vulnerability Important
Windows Update Assistant CVE-2021-27070 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2021-1729 Windows Update Stack Setup Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2021-26889 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2021-26866 Windows Update Service Elevation of Privilege Vulnerability Important
Windows UPnP Device Host CVE-2021-26899 Windows UPnP Device Host Elevation of Privilege Vulnerability Important
Windows User Profile Service CVE-2021-26873 Windows User Profile Service Elevation of Privilege Vulnerability Important
Windows User Profile Service CVE-2021-26886 User Profile Service Denial of Service Vulnerability Important
Windows WalletService CVE-2021-26871 Windows WalletService Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-26885 Windows WalletService Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2021-26900 Windows Win32k Elevation of Privilege Vulnerability Important

Related Articles:

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs

Windows 10 KB5036892 update released with 23 new fixes, changes

Windows 11 KB5036893 update released with 29 changes, Moment 5 features

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Windows 10 KB5035845 update released with 9 new changes, fixes