Security News > 2021 > March > Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates
A week after Microsoft warned that four zero-day flaws and three others in its Exchange Server were being actively exploited and issued out-of-band remediation, the cloudy Windows biz has delivered software fixes to address 82 other vulnerabilities as part of its monthly Patch Tuesday ritual.
Microsoft says two of these vulnerabilities are publicly known and five are under active exploitation.
Exchange bugs from last week aside, CVE-2021-26411, an Internet Explorer memory corruption vulnerability, deserves immediate attention.
"While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly," said Dustin Childs, director of communications for the Zero Day Initiative, in a blog post.
Childs also recommends paying attention to CVE-2021-26897, a critical Windows DNS Server remote code execution flaw rated 9.8 severity.
The various updates all address a single bug in the company's WebKit browser engine.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/09/march_patch_tuesday/
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-26411 | Use After Free vulnerability in Microsoft Edge and Internet Explorer Internet Explorer Memory Corruption Vulnerability | 0.0 |
| 2021-03-11 | CVE-2021-26897 | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 0.0 |