March 2021 Patch Tuesday – 82 Vulnerabilities, 10 Critical, Adobe
Last updated on: October 27, 2022
This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Desktop, and Adobe Connect products.
Internet Explorer Memory Corruption Vulnerability
Microsoft released patches addressing another 0-day vulnerability (CVE-2021-26411). This is a memory corruption vulnerability in Internet Explorer. This CVE already has a working exploit and is assigned a CVSSv3 base score of 8.8 by the vendor.
Windows Hyper-V Remote Code Execution (RCE) Vulnerability
Microsoft released patches to fix a RCE vulnerability in Windows Hyper-V (CVE-2021-26867). This vulnerability has a CVSSv3 base score of 9.9 and should be prioritized for patching.
Windows DNS Server RCE Vulnerability
Microsoft released patches to fix a RCE vulnerability in Windows DNS Server (CVE-2021-26897). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
Microsoft Office vulnerabilities should be prioritized for workstation-type devices.
ProxyLogon / Exchange Vulnerabilities
On March 2, Microsoft released out-of-band patches to address critical remote code execution vulnerabilities in Microsoft Exchange Server. See details at Microsoft Exchange Server Zero-Days (ProxyLogon).
Adobe issued patches today covering multiple vulnerabilities in FrameMaker, Creative Cloud Desktop, and Adobe Connect. Patching Adobe FrameMaker for CVE-2021-21056 and Creative Cloud Desktop for CVE-2021-21068, CVE-2021-21078, and CVE-21069 should be prioritized due to their critical impact.
About Patch Tuesday
Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday, followed shortly after by PT dashboards.