March 2021 Patch Tuesday – 82 Vulnerabilities, 10 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Desktop, and Adobe Connect products.

Internet Explorer Memory Corruption Vulnerability

Microsoft released patches addressing another 0-day vulnerability (CVE-2021-26411). This is a memory corruption vulnerability in Internet Explorer. This CVE already has a working exploit and is assigned a CVSSv3 base score of 8.8 by the vendor.

Windows Hyper-V Remote Code Execution (RCE) Vulnerability

Microsoft released patches to fix a RCE vulnerability in Windows Hyper-V (CVE-2021-26867). This vulnerability has a CVSSv3 base score of 9.9 and should be prioritized for patching.

Windows DNS Server RCE Vulnerability

Microsoft released patches to fix a RCE vulnerability in Windows DNS Server (CVE-2021-26897). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.

Workstation Patches

Microsoft Office vulnerabilities should be prioritized for workstation-type devices.

ProxyLogon / Exchange Vulnerabilities

On March 2, Microsoft released out-of-band patches to address critical remote code execution vulnerabilities in Microsoft Exchange Server. See details at Microsoft Exchange Server Zero-Days (ProxyLogon).

Adobe

Adobe issued patches today covering multiple vulnerabilities in FrameMaker, Creative Cloud Desktop, and Adobe Connect. Patching Adobe FrameMaker for CVE-2021-21056 and Creative Cloud Desktop for CVE-2021-21068, CVE-2021-21078, and CVE-21069 should be prioritized due to their critical impact.

About Patch Tuesday

Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday, followed shortly after by PT dashboards.