Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/9/2021
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day

The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.

Microsoft today released 82 security fixes as part of its monthly Patch Tuesday rollout, which this month addresses 10 critical vulnerabilities and one Internet Explorer zero-day. This brings its March patch count to 89 after the release of emergency patches for seven CVEs last week. 

Related Content:

Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: Realistic Patch Management Tips, Post-SolarWinds

The out-of-band Exchange patch released March 2 covers seven unique CVEs, four of which are under active attack. Organizations running on-premises Exchange Servers are advised to address the vulnerabilities as soon as possible, as attackers are continuing to scan for and exploit them.

Microsoft today pushed additional patches for older, unsupported versions of Exchange Server.

Today's Patch Tuesday release addresses vulnerabilities in Microsoft Windows, Azure and Azure DevOps, Azure Sphere, Internet Explorer, the Edge browser, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V. One is both publicly known and under active attack.

That is CVE-2021-26411, a memory corruption vulnerability in Internet Explorer that could let a successful attacker run code on a target system if a victim views a specially designed HTML file. This affects older versions such as Internet Explorer 11, and newer EdgeHTML-based versions.

"This kind of exploit would give the attacker the same operating system permissions as the user visiting the website," says Kevin Breen, director of cyber-threat research at Immersive Labs. "So, if you're browsing the Internet as a standard user, the attacker will get user level access to your file system and limited access to the operating system." 

It's a reminder that employees should never browse the Web while logged in with admin privileges, he adds. If a victim is browsing the Internet as an admin, attackers could get "full unrestricted access" to the file system and operating system, Breen adds. Microsoft notes the attack to exploit this critical flaw is low in complexity and requires no privileges.

Worth noting is CVE-2021-26897, a critical remote code execution (RCE) vulnerability in Windows DNS Server. It's worth noting Microsoft patched five RCE flaws in DNS server this month; this is the only one rated Critical. This flaw is also rated as "exploitation more likely" by Microsoft, and requires no privileges and low attack complexity.

"These attacks are not limited to external attackers — they also become a target for attackers who may already be inside your network," Breen says. "An attacker gaining access to manipulate a DNS server within your organization can have a significant impact on your overall security." 

Another CVE that draws attention to privileges is CVE-2021-27076, an RCE vulnerability in SharePoint Server. This is also categorized as "exploitation more likely" and indicates an attacker could exploit the server to gain code execution over the network. A successful attacker would need privileges to create or modify Sites in SharePoint, which authenticated users can do by default. It's a reminder that users who don't need specific privileges shouldn't have them. 

Today's Critical patches also address two RCE flaws in Azure Sphere, both of which are unsigned code execution vulnerabilities. However, users likely won't need to take action because devices running Azure Sphere connected to the Internet get automatic updates, as Dustin Childs, with Trend Micro's Zero-Day Initiative, points out. These flaws are listed as CVE-2021-27074 and CVE-2021-27080.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...