This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Desktop, and Adobe Connect products.
Internet Explorer Memory Corruption Vulnerability
Microsoft released patches addressing another 0-day vulnerability (CVE-2021-26411). This is a memory corruption vulnerability in Internet Explorer. This CVE already has a working exploit and is assigned a CVSSv3 base score of 8.8 by the vendor.
Windows Hyper-V Remote Code Execution (RCE) Vulnerability
Microsoft released patches to fix a RCE vulnerability in Windows Hyper-V (CVE-2021-26867). This vulnerability has a CVSSv3 base score of 9.9 and should be prioritized for patching.
Windows DNS Server RCE Vulnerability
Microsoft released patches to fix a RCE vulnerability in Windows DNS Server (CVE-2021-26897). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
Microsoft Office vulnerabilities should be prioritized for workstation-type devices.
ProxyLogon / Exchange Vulnerabilities
On March 2, Microsoft released out-of-band patches to address critical remote code execution vulnerabilities in Microsoft Exchange Server. See details at Microsoft Exchange Server Zero-Days (ProxyLogon).
Adobe issued patches today covering multiple vulnerabilities in FrameMaker, Creative Cloud Desktop, and Adobe Connect. Patching Adobe FrameMaker for CVE-2021-21056 and Creative Cloud Desktop for CVE-2021-21068, CVE-2021-21078, and CVE-21069 should be prioritized due to their critical impact.