Microsoft released their March 2021 Patch Tuesday software updates to address 82 security flaws within Windows and other products, including a patch for an actively exploited Internet Explorer zero-day.
Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. It’s color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched.
Internet Explorer Zero-Day
CVE-2021-26411
There is a bug within Internet Explorer and Edge HTML versions that has been exploited in the wild. The flaw, CVE-2021-26411, allows hackers to execute a file that they choose by getting you to visit a malicious website in Internet Explorer or Edge.
Windows Hyper-V Remote Code Execution (RCE) Vulnerability
CVE-2021-26867
The RCE vulnerability could allow an authenticated hacker to execute code on the Hyper-V server. However, this can only be done to those using the Plan-9 file system so if you are using this, we advise you urgently to patch your installations.
Windows DNS Server Remote Code Execution (RCE) Vulnerability
CVE-2021-26897
5 bugs (CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895 and CVE-2021-26897) are listed as DNS Server RCE vulnerabilities on Windows Server 2008 all the way to Windows Server 2019 but CVE-2021-26897 is the only critical one. An attacker can use these flaws to remotely install malicious software. There is a chance that this could be wormable between DNS servers.
Read more:
Microsoft Patch Tuesday – March 2021