Security News > 2021 > March > Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates
A week after Microsoft warned that four zero-day flaws and three others in its Exchange Server were being actively exploited and issued out-of-band remediation, the cloudy Windows biz has delivered software fixes to address 82 other vulnerabilities as part of its monthly Patch Tuesday ritual.
Microsoft says two of these vulnerabilities are publicly known and five are under active exploitation.
Exchange bugs from last week aside, CVE-2021-26411, an Internet Explorer memory corruption vulnerability, deserves immediate attention.
"While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly," said Dustin Childs, director of communications for the Zero Day Initiative, in a blog post.
Childs also recommends paying attention to CVE-2021-26897, a critical Windows DNS Server remote code execution flaw rated 9.8 severity.
The various updates all address a single bug in the company's WebKit browser engine.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/09/march_patch_tuesday/
Related news
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-26411 | Use After Free vulnerability in Microsoft Edge and Internet Explorer Internet Explorer Memory Corruption Vulnerability | 8.8 |
| 2021-03-11 | CVE-2021-26897 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 9.8 |