Security News > 2021 > March > March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day

March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day
2021-03-09 19:33

Patches for four actively exploited Exchange Server vulnerabilities have already been delivered with the updates for supported versions released last week.

Among the vulnerabilities patched by Microsoft on this March 2021 Patch Tuesday are several deserving extra attention.

"While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly. Successful exploitation would yield code execution at the level of the logged-on user, which is another reminder not to browse web pages using an account with Administrative privileges," said Dustin Childs of Trend Micro's Zero Day Initiative.

"There's an intriguing update for Git for Visual Studio that fixes a bug that requires no privileges but some level of user interaction. The attack complexity is also listed as low, so we may hear more about this vulnerability in the future," he added.

For March 2021 Patch Tuesday, SAP has released 9 new security notes and updated 4 previously released ones.

The vulnerability has been flagged by Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, a fact that raises the possibility of this being a zero-day flaw that has been spotted being exploited by attackers.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/kIyXRbyvEY8/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400