Security News > 2021 > March > March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day
Patches for four actively exploited Exchange Server vulnerabilities have already been delivered with the updates for supported versions released last week.
Among the vulnerabilities patched by Microsoft on this March 2021 Patch Tuesday are several deserving extra attention.
"While not as impactful as the Exchange bugs, enterprises that rely on Microsoft browsers should definitely roll this out quickly. Successful exploitation would yield code execution at the level of the logged-on user, which is another reminder not to browse web pages using an account with Administrative privileges," said Dustin Childs of Trend Micro's Zero Day Initiative.
"There's an intriguing update for Git for Visual Studio that fixes a bug that requires no privileges but some level of user interaction. The attack complexity is also listed as low, so we may hear more about this vulnerability in the future," he added.
For March 2021 Patch Tuesday, SAP has released 9 new security notes and updated 4 previously released ones.
The vulnerability has been flagged by Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, a fact that raises the possibility of this being a zero-day flaw that has been spotted being exploited by attackers.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/kIyXRbyvEY8/
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)