Microsoft has rolled out the March Patch Tuesday this week. This update bundle addresses numerous serious vulnerabilities, including a zero-day in Internet Explorer and the Exchange Server bugs under active attack.
Microsoft Exchange Server Bugs Under Exploit
Some serious vulnerabilities exist in the Microsoft Exchange Server that first caught the attention of cybercriminals. Hence, the bugs went under attack before Microsoft could detect and patch them.
The tech giant disclosed these bugs a week ago via a blog post following the reports from researchers (Brian Krebs has shared a detailed timeline of events here.) They revealed details about four different vulnerabilities, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, that they found under attack by a threat actor group HAFNIUM.
Soon after, disclosures from victim firms that the attackers targeted by exploiting these bugs surfaced online.
Hence, Microsoft urged deploying the patches at the earliest. Yet, with this Patch Tuesday update bundle, Microsoft has once again reminded all the users to install the patches at the earliest.
Internet Explorer Zero-Day
Aside from the Exchange Server bugs, Microsoft has fixed another zero-day vulnerability that existed in Internet Explorer and Edge browsers.
Microsoft has marked this vulnerability, CVE-2021-26411, as public and under attack. Whereas, it received a critical-severity rating with a CVSS score of 8.8. Exploiting this bug merely requires the victim to view a maliciously crafted HTML file. It will then allow the attacker to execute codes on the target device.
Other Patch Tuesday March Updates
Apart from the four critical bugs listed above (CVE-2021-26411, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065), Microsoft also released fixes for 10 other critical security flaws.
Whereas, the update bundle also includes fixes for 75 important severity vulnerabilities as well including CVE-2021-26858. These include another noteworthy vulnerability, CVE-2021-27077, that Microsoft labels as “Windows Win32k elevation of privilege vulnerability”. Microsoft confirmed this bug to be publicly known before a fix could be available. This vulnerability has received a CVSS score of 7.8.
In all, with March Patch Tuesday, Microsoft has addressed 89 different vulnerabilities. It’s an important update bundle since it includes no patches for any low-severity bug.
Therefore, all users must ensure updating their systems at the earliest to stay safe from any mishaps.