Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft March 2021 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft March 2021 Patch Tuesday

This month we got patches for 122 vulnerabilities. Of these, 14 are critical, 5 are being exploited and 2 were previously disclosed. 

The highlight for this month goes to the Microsoft Exchange Server vulnerabilities that are being exploited and for which Microsoft has made available the emergency patches on March 2. If you have this software in your environment, especially if the service is exposed to the internet, and did not apply the patches, in addition to apply the patches, it is imperative that you check if your system could have been already compromised. Johannes published a diary summarizing the vulnerabilities and giving advices on how to check for evidence of compromise.

In addition to the 4 Microsoft Exchange Server vulnerabilities, there is a fifth vulnerability being exploited which have been previously disclosed. This is a RCE affecting Microsoft Edge and Internet Explorer 11 (CVE-2021-26411) on multiple Windows versions. According to the vulnerability advisory, to exploit this vulnerability, an attacker would have to convince a user to access a malicious website, like in a phishing scenario. The exploit is publicly disclosed, and exploitations were already detected. 

The highest CVSS score this month (9.90) was given to the Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-26867). The vulnerability advisory says that any Hyper-V client which is configured to use the Plan 9 file system could be vulnerable. An authenticated attacker who successfully exploited this vulnerability on a Hyper-V client could cause code to execute on the Hyper-V server.

And for the second month in a row, there is a critical RCE vulnerability affecting Windows DNS Server (CVE-2021-26897) with a CVSS of 9.80. According to the advisory, the vulnerability affects any DNS Server – being it a standalone DNS Primary Authoritative Server or a DNS Server integrated with Active Directory. It also informs that to be vulnerable, a DNS server would need to have dynamic updates enabled. 

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Application Virtualization Remote Code Execution Vulnerability
CVE-2021-26890 No No Less Likely Less Likely Important 7.8 6.8
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-27074 No No Less Likely Less Likely Critical 6.2 5.6
CVE-2021-27080 No No Less Likely Less Likely Critical 9.3 9.3
Azure Virtual Machine Information Disclosure Vulnerability
CVE-2021-27075 No No Less Likely Less Likely Important 6.8 6.1
Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG
CVE-2020-27844 No No - - -    
Chromium CVE-2021-21159: Heap buffer overflow in TabStrip
CVE-2021-21159 No No - - -    
Chromium CVE-2021-21160: Heap buffer overflow in WebAudio
CVE-2021-21160 No No - - -    
Chromium CVE-2021-21161: Heap buffer overflow in TabStrip
CVE-2021-21161 No No - - -    
Chromium CVE-2021-21162: Use after free in WebRTC
CVE-2021-21162 No No - - -    
Chromium CVE-2021-21163: Insufficient data validation in Reader Mode
CVE-2021-21163 No No - - -    
Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS
CVE-2021-21164 No No - - -    
Chromium CVE-2021-21165: Object lifecycle issue in audio
CVE-2021-21165 No No - - -    
Chromium CVE-2021-21166: Object lifecycle issue in audio
CVE-2021-21166 No No - - -    
Chromium CVE-2021-21167: Use after free in bookmarks
CVE-2021-21167 No No - - -    
Chromium CVE-2021-21168: Insufficient policy enforcement in appcache
CVE-2021-21168 No No - - -    
Chromium CVE-2021-21169: Out of bounds memory access in V8
CVE-2021-21169 No No - - -    
Chromium CVE-2021-21170: Incorrect security UI in Loader
CVE-2021-21170 No No - - -    
Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation
CVE-2021-21171 No No - - -    
Chromium CVE-2021-21172: Insufficient policy enforcement in File System API
CVE-2021-21172 No No - - -    
Chromium CVE-2021-21173: Side-channel information leakage in Network Internals
CVE-2021-21173 No No - - -    
Chromium CVE-2021-21174: Inappropriate implementation in Referrer
CVE-2021-21174 No No - - -    
Chromium CVE-2021-21175: Inappropriate implementation in Site isolation
CVE-2021-21175 No No - - -    
Chromium CVE-2021-21176: Inappropriate implementation in full screen mode
CVE-2021-21176 No No - - -    
Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill
CVE-2021-21177 No No - - -    
Chromium CVE-2021-21178 : Inappropriate implementation in Compositing
CVE-2021-21178 No No - - -    
Chromium CVE-2021-21179: Use after free in Network Internals
CVE-2021-21179 No No - - -    
Chromium CVE-2021-21180: Use after free in tab search
CVE-2021-21180 No No - - -    
Chromium CVE-2021-21181: Side-channel information leakage in autofill
CVE-2021-21181 No No - - -    
Chromium CVE-2021-21182: Insufficient policy enforcement in navigations
CVE-2021-21182 No No - - -    
Chromium CVE-2021-21183: Inappropriate implementation in performance APIs
CVE-2021-21183 No No - - -    
Chromium CVE-2021-21184: Inappropriate implementation in performance APIs
CVE-2021-21184 No No - - -    
Chromium CVE-2021-21185: Insufficient policy enforcement in extensions
CVE-2021-21185 No No - - -    
Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning
CVE-2021-21186 No No - - -    
Chromium CVE-2021-21187: Insufficient data validation in URL formatting
CVE-2021-21187 No No - - -    
Chromium CVE-2021-21188: Use after free in Blink
CVE-2021-21188 No No - - -    
Chromium CVE-2021-21189: Insufficient policy enforcement in payments
CVE-2021-21189 No No - - -    
Chromium CVE-2021-21190 : Uninitialized Use in PDFium
CVE-2021-21190 No No - - -    
DirectX Elevation of Privilege Vulnerability
CVE-2021-24095 No No More Likely More Likely Important 7.0 6.1
Git for Visual Studio Remote Code Execution Vulnerability
CVE-2021-21300 No No Less Likely Less Likely Critical 8.8 7.7
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-24089 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2021-24110 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26902 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2021-27047 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27048 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27049 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27050 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27051 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27061 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2021-27062 No No Less Likely Less Likely Important 7.8 6.8
Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411 Yes Yes Detected Detected Critical 8.8 7.9
Internet Explorer Remote Code Execution Vulnerability
CVE-2021-27085 No No Less Likely Less Likely Important 8.8 7.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27053 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27054 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26412 No No Less Likely Less Likely Critical 9.1 8.2
CVE-2021-26854 No No Less Likely Less Likely Important 6.6 5.8
CVE-2021-26855 No Yes Detected Detected Critical 9.1 8.4
CVE-2021-26857 No Yes More Likely Detected Critical 7.8 7.2
CVE-2021-26858 No Yes Detected Detected Important 7.8 7.2
CVE-2021-27065 No Yes Detected Detected Critical 7.8 7.2
CVE-2021-27078 No No Less Likely Less Likely Important 9.1 8.2
Microsoft Office ClickToRun Remote Code Execution Vulnerability
CVE-2021-27058 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-24108 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27057 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-27059 No No Less Likely Less Likely Important 7.6 6.6
Microsoft Power BI Information Disclosure Vulnerability
CVE-2021-26859 No No Less Likely Less Likely Important 7.7 6.7
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2021-27056 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-27052 No No Less Likely Less Likely Important 5.3 4.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-27076 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-24104 No No Less Likely Less Likely Important 4.6 4.2
Microsoft Visio Security Feature Bypass Vulnerability
CVE-2021-27055 No No Less Likely Less Likely Important 7.0 6.1
Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
CVE-2021-26887 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-26881 No No Less Likely Less Likely Important 7.5 6.5
OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2021-26876 No No Less Likely Less Likely Critical 8.8 7.7
Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27082 No No - - Important 7.8 6.8
Remote Access API Elevation of Privilege Vulnerability
CVE-2021-26882 No No Less Likely Less Likely Important 7.8 6.8
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27083 No No Less Likely Less Likely Important 7.8 6.8
Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-26880 No No Less Likely Less Likely Important 7.8 6.8
User Profile Service Denial of Service Vulnerability
CVE-2021-26886 No No Less Likely Less Likely Important 5.5 4.8
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
CVE-2021-27081 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2021-27084 No No Less Likely Less Likely Important    
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27060 No No Less Likely Less Likely Important 7.8 6.8
Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-27070 No No Less Likely Less Likely Important 7.3 6.4
Windows ActiveX Installer Service Information Disclosure Vulnerability
CVE-2021-26869 No No Less Likely Less Likely Important 5.5 4.8
Windows Admin Center Security Feature Bypass Vulnerability
CVE-2021-27066 No No Less Likely Less Likely Important 4.3 3.8
Windows App-V Overlay Filter Elevation of Privilege Vulnerability
CVE-2021-26860 No No Less Likely Less Likely Important 7.8 6.8
Windows Container Execution Agent Elevation of Privilege Vulnerability
CVE-2021-26865 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-26891 No No Less Likely Less Likely Important 7.8 6.8
Windows DNS Server Denial of Service Vulnerability
CVE-2021-26896 No No Less Likely Less Likely Important 7.5 6.5
CVE-2021-27063 No No Less Likely Less Likely Important 7.5 6.5
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26877 No No More Likely More Likely Important 9.8 8.5
CVE-2021-26893 No No Less Likely Less Likely Important 9.8 8.5
CVE-2021-26894 No No Less Likely Less Likely Important 9.8 8.5
CVE-2021-26895 No No Less Likely Less Likely Important 9.8 8.5
CVE-2021-26897 No No More Likely More Likely Critical 9.8 8.5
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2021-24090 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-26872 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26898 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26901 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Information Disclosure Vulnerability
CVE-2021-24107 No No Less Likely Less Likely Important 5.5 4.8
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2021-26892 No No Less Likely Less Likely Important 6.2 5.6
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868 No No More Likely More Likely Important 7.8 6.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-26861 No No Less Likely Less Likely Important 7.8 6.8
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2021-26867 No No Less Likely Less Likely Critical 9.9 8.6
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26862 No No Less Likely Less Likely Important 6.3 5.5
Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-26884 No No Less Likely Less Likely Important 5.5 4.8
Windows NAT Denial of Service Vulnerability
CVE-2021-26879 No No Less Likely Less Likely Important 7.5 6.5
Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2021-26874 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1640 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26878 No No Less Likely Less Likely Important 7.8 6.8
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2021-26870 No No Less Likely Less Likely Important 7.8 6.8
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2021-26899 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Service Elevation of Privilege Vulnerability
CVE-2021-26866 No No Less Likely Less Likely Important 7.1 6.2
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-26889 No No Less Likely Less Likely Important 7.1 6.2
Windows Update Stack Setup Elevation of Privilege Vulnerability
CVE-2021-1729 No No Less Likely Less Likely Important 7.1 6.2
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2021-26873 No No Less Likely Less Likely Important 7.0 6.1
Windows Virtual Registry Provider Elevation of Privilege Vulnerability
CVE-2021-26864 No No Less Likely Less Likely Important 8.4 7.3
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-26871 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26885 No No Less Likely Less Likely Important 7.8 6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-27077 Yes No Less Likely Less Likely Important 7.8 7.0
CVE-2021-26863 No No More Likely More Likely Important 7.0 6.1
CVE-2021-26875 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-26900 No No Less Likely Less Likely Important 7.8 6.8

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

84 Posts
ISC Handler
Mar 9th 2021
Thread locked Subscribe Mar 9th 2021
1 year ago
Heads up for anyone with Kyocera, Ricoh, and Dymo printers.....

The 2 updates they mention specifically pertain to 1909 and 20H2 (2009)..... not sure if others are affected.....

https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
 K-Dee

68 Posts
Quote Mar 12th 2021
1 year ago
1803 and 1909 did not crash when printing to a Dymo Twin Turbo 450 with Dymo Label v8.7.3, but the labels printed blank...

v8.7.4 fixed the issue
 K-Dee

68 Posts
Quote Mar 18th 2021
1 year ago

Sign Up for Free or Log In to start participating in the conversation!