Security News > 2021 > March > Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates

Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates
2021-03-09 22:09

A week after Microsoft warned that four zero-day flaws and three others in its Exchange Server were being actively exploited and issued out-of-band remediation, the cloudy Windows biz has delivered software fixes to address 82 other vulnerabilities as part of its monthly Patch Tuesday ritual.

Microsoft says two of these vulnerabilities are publicly known and five are under active exploitation.

Exchange bugs from last week aside, CVE-2021-26411, an Internet Explorer memory corruption vulnerability, deserves immediate attention.

"While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly," said Dustin Childs, director of communications for the Zero Day Initiative, in a blog post.

Childs also recommends paying attention to CVE-2021-26897, a critical Windows DNS Server remote code execution flaw rated 9.8 severity.

The various updates all address a single bug in the company's WebKit browser engine.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/09/march_patch_tuesday/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-11 CVE-2021-26411 Use After Free vulnerability in Microsoft Edge and Internet Explorer
Internet Explorer Memory Corruption Vulnerability
network
low complexity
microsoft CWE-416
8.8
8.8
2021-03-11 CVE-2021-26897 Unspecified vulnerability in Microsoft products
Windows DNS Server Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8