Microsoft March Security Updates for Multiple High-Risk Product Vulnerabilities

Microsoft March Security Updates for Multiple High-Risk Product Vulnerabilities

março 18, 2021 | Jie Ji

Vulnerability Description

On March 10, 2021, Beijing time, Microsoft released March 2021 Security Updates that fix 89 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Internet Explorer, and Visual Studio.

In these security updates, Microsoft fixes 14 critical vulnerabilities and 75 important ones.

Affected users are advised to apply patches. For details, please refer to Appendix: Vulnerability List.

NSFOCUS RSAS can detect most of the high-risk vulnerabilities fixed in these security updates, including CVE-2021-26411, CVE-2021-24089, CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26867, CVE-2021-26876, CVE-2021-26897, CVE-2021-26902, CVE-2021-27065, and CVE-2021-21300.

Users are advised to load the RSAS system plug-in updates as soon as they are available to protect against this vulnerability.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

Description of Critical Vulnerabilities

Based on the product popularity and vulnerability importance, we have selected the vulnerabilities with a huge impact from the updates for affected users.

Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)

Internet Explorer is prone to a double free vulnerability in the way DOM objects are handled. Attackers could exploit this vulnerability to cause arbitrary code execution to take control of the target system by tricking a user into clicking a malicious link or file. This vulnerability was exploited by a hacking group to launch APT attacks against professional security researchers. Currently, details of this vulnerability have been made publicly available.

For details of this vulnerability, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-26867)

A Hyper-V client that is configured to use the Plan-9 file system contains a serious vulnerability. An authenticated attacker could execute arbitrary code on the Hyper-V server.

For details of this vulnerability, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867

Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26897)

Windows DNS Server contains a serious remote code execution vulnerability which allows attackers to execute arbitrary code with system privileges by sending a crafted request to the target host. Enabling security zone updates can partially mitigate this vulnerability. Nevertheless, attackers can still attack a “secure zone update” DNS server from a domain-joined computer. Currently, details of this vulnerability have been made publicly available.

For details of this vulnerability, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-27076)

Microsoft SharePoint Server contains a remote code execution vulnerability. An attacker could use a SharePoint server to create or modify websites. An authenticated attacker could exploit this vulnerability to execute deserialization attacks, gaining highest system privileges through arbitrary command execution.

For details of this vulnerability, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27076

Windows Win32k privilege escalation vulnerability (CVE-2021-27077)

Windows Kernel-Mode Driver is prone to a privilege escalation vulnerability due to the improper handling of objects in memory. Unauthenticated local attackers could exploit this vulnerability to execute arbitrary code with escalated privileges on the target system. Currently, details of this vulnerability have been made publicly available.

For details of this vulnerability, visit the following link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27077

Scope of Impact

The following table lists affected product versions that require special attention. Please view Microsoft’s security updates for other products with the scope of impact of the vulnerabilities.

Vulnerability IDAffected Versions
CVE-2021-26411Microsoft Edge (EdgeHTML-based):
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Internet Explorer 11:
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Internet Explorer 9:
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
CVE-2021-26867Windows Server, version  20H2 (Server Core Installation)
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version  2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows Server, version  1909 (Server Core installation)
Windows 10 Version 1909 for x64-based Systems
CVE-2021-26897Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016    (Server Core installation)
Windows Server 2016
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server 2019    (Server Core installation)
Windows Server 2019
Windows Server, version 20H2 (Server Core Installation)
CVE-2021-27076Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
CVE-2021-27077Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016    (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version  20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2

Mitigation

Patch Update

Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully updated immediately after installation.

Right-click the Start button and choose Settings (N) > Update & Security > Windows Update to view the message on the page. Alternatively, you can view historical updates by clicking View update history. If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyberattacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.