⚡ TL;DR | Go Straight to the March 2021 Patch Tuesday Audit Report.
Microsoft releases software updates to address 82 security flaws within Windows and other products during this March 2021 Patch Tuesday. Including a patch for an Internet Explorer zero-day and flaws in the DNS server of Windows Server 2008 all the way to 2019. It's safe to say that this March 2021 Patch Tuesday edition contains critical fixes.
Microsoft also released fixes in their March 2021 Patch Tuesday for Azure, Exchange Server, Office, SharePoint Server, Visual Studio, Azure Sphere and Azure Devops.
Internet Explorer Zero-Day
There is a bug within Internet Explorer and Edge HTML versions that has been exploited in the wild. The flaw, CVE-2021-26411, allows hackers to execute a file that they choose by getting you to visit a malicious website in Internet Explorer or Edge.
Windows Hyper-V Remote Code Execution (RCE) Vulnerability
The RCE vulnerability could allow an authenticated hacker to execute code on the Hyper-V server. However, this can only be done to those using the Plan-9 file system so if you are using this, we advise you urgently to patch your installations.
Windows DNS Server Remote Code Execution (RCE) Vulnerability
5 bugs (CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895 and CVE-2021-26897) are listed as DNS Server RCE vulnerabilities on Windows Server 2008 all the way to Windows Server 2019 but CVE-2021-26897 is the only critical one. An attacker can use these flaws to remotely install malicious software. There is a chance that this could be wormable between DNS servers.
Get Started with Lansweeper
Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.
Updates for Adobe software
Adobe released security patches for Adobe Connect, Creative Cloud Desktop and Framemaker.The last one (Framemaker) contained an Out-of-Bounds (OOB) vulnerability. Adobe Connect had 4 vulnerabilities: one of them is a critical bug that could lead to Arbitrary Code Execution. The other three are all reflective cross-site scripting (XSS) bugs.
Run the Patch Tuesday (March 2021) Audit Report
Our experts created a Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.