The bugs affect the 2013, 2016, and 2019 versions of Microsoft Exchange server. Microsoft designated the attackers with the pseudonym Hafnium and published a detailed disclosure about the bug and the threat actors who were using it in active attacks. Unfortunately, in the case of some of the Exchange vulnerabilities fixed this month, there was the combination of a novel bug, actively being abused by a nation-state threat actor, that could reveal the contents of someone’s email inbox. Out-of-band patches for bugs Microsoft was planning to fix, anyway, in an upcoming release cycle are thankfully rare, but they’re also an indication of a serious problem that demands immediate action. ![]() What follows are notes about some of the more critically important fixes released this month. You can also read the full technical details about each patch on March ‘s Security Updates Guide. To find and download this month’s Cumulative Update patch yourself, search for the term “2021-03” at the Microsoft Update Catalog website and select the monthly security rollup that matches your computer’s CPU architecture and build of Windows. T he availability of patches does not mean that your computer will install it quickly, enough. In all, 89 distinct vulnerabilities will be closed down by this update, 14 of which the company classifies as critical.Īs with all Patch Tuesdays, Microsoft publishes detailed analysis about major fixes on their Security Updates page. ![]() And Microsoft has fixed a critical RCE bug affecting Git for Windows, which is now included by default with Microsoft’s Visual Studio development tools. Another important bug addressed this month is a remote code execution vulnerability currently being exploited against Internet Explorer. In the analysis guidance provided by Microsoft, these vulnerabilities not only pose a risk of remote code execution but could lead to so-called wormable exploits targeting DNS servers en masse. This month’s updates will also address several serious problems that have been discovered in Microsoft’s DNS Server software. Microsoft also published a series of fixes ahead of the normal release schedule to address critical vulnerabilities that have been actively exploited against Exchange, the mail server software widely used by large organizations and hosted both in cloud services and in on-premises installations. After several months of monthly updates that fix fewer-than-average bugs in Windows and other Microsoft products, the March edition of Patch Tuesday once again repairs a raft of urgently-needed fixes affecting both enterprise services and software common to most Windows desktop installations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |