Windows Update March 2021 Edition

Описание: Patch Tuesday includes 82 Vulnerabilities of which 10 are Critical and 72 Important
There are 30 Escalation of Privileges (All Important), 6 Information disclosures (Important), 38 Remote Code Executions (10 Critical), 4 Denial of Service (Important), 3 Security Bypass (Important), and 1 Spoofing (Important).
These vulnerabilities DO NOT include Microsoft Emergency out of band updates they released last week. These Updates include 4 Critical and 3 Important Microsoft Exchange Vulnerabilities that we reported on in an earlier video. These vulnerabilities are being actively exploited and Microsoft and CISA recommend updating immediately and investigate the logs of your Microsoft Exchange Server to determine if you WERE indeed hacked or not. There is also a joint Alert from the FBI and CISA on the matter. These vulnerabilities were described in our recent video and I will include links in the post below
CVE-2021-26411 is an Internet Explorer vulnerability that is currently being exploited in the wild. An Attacker can socially engineer someone to visit a website either by email, social media, etc. When the victim does visit the website will download code and infect the victim. This infection allows the attacker to run code as the permissions of the logged in user. This is another good reason not to give users administrative privileges on their own accounts. This vulnerability is currently being used by a Nation State Threat actor Google’s Threat Analysis Group says is based out of North Korea.
CVE-2021-26867 is a Hyper-V vulnerability. This patch is for Virtual machines using the Plan 9 file system only. Plan 9 is a File system designed by Bell Labs. If you are not using this file system, you may not need to worry about this patch. This vulnerability is rated CVSS 9.9.
For the second month in a row Microsoft has given the DNS Server Critical updates. If your DNS servers are setup for Secure Zone Updates this might partially mitigate the vulnerabilities; however, the only true fix is to patch these vulnerabilities. Some reports state this attack may be wormable so prioritize these set of updates. Administrators should look at Remote Code Execution CVE-2021-26897 first, as it is the only one marked critical. However, all 7 patches this month are all rated a CVSS score of 9.8. The CVEs addressing these vulnerabilities are CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26896, CVE-2021-26897, and CVE-2021-27063.
CVE-2021-27076 is a SharePoint Remote Code Execution vulnerability. A user that can create a site also can run code within the kernel remotely. Note: Default configuration of SharePoint is to allow any Authenticated user to create sites. Hence, if this default is still in place and you have a SharePoint Server, please patch.
Some of the Products affected in this Patch Tuesday Updates for March include Print Spooler, Win32, DNS Server, Office, Office Web Apps, Azure, HEVC Video Extensions, Internet Explorer, Git for Visual Studio, OpenType Fonts, Windows Projected File System, Windows UPnP Device Host, Windows Update Stack, Windows Update Service, Windows Kernel, Windows Media Photo Codec, Windows Installer, Windows Graphics Component, Windows Event Tracing, Windows Error Reporting, Windows Container Execution, Windows App-V Overlay Filter, Windows Admin Center, Windows ActiveX Installer Service
There are many, many more patches that we have not covered, as most of these, are just important patches; however, with all these Products that have been patched, make sure you perform backups before you update. There usually are reports of problems with patches due to hardware incompatibilities or vendors that do not comply with industry standards. And these issues could possibly result in some problems if you do not backup your working computer so you can rollback to a working machine if something goes wrong.
Sources
https://www.thezdi.com/blog/2021/3/9/...
https://www.tenable.com/blog/microsof...
https://us-cert.cisa.gov/ncas/current...
https://msrc.microsoft.com/update-gui...
https://msrc-blog.microsoft.com/2021/...
https://msrc-blog.microsoft.com/2021/...
https://www.volexity.com/blog/2021/03...
https://msrc-blog.microsoft.com/2021/...
https://us-cert.cisa.gov/remediating-...
https://blog.google/threat-analysis-g...
https://en.wikipedia.org/wiki/Plan_9_...