This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Desktop, and Adobe Connect products.
Microsoft released patches addressing another 0-day vulnerability (CVE-2021-26411). This is a memory corruption vulnerability in Internet Explorer. This CVE already has a working exploit and is assigned a CVSSv3 base score of 8.8 by the vendor.
Microsoft released patches to fix a RCE vulnerability in Windows Hyper-V (CVE-2021-26867). This vulnerability has a CVSSv3 base score of 9.9 and should be prioritized for patching.
Microsoft released patches to fix a RCE vulnerability in Windows DNS Server (CVE-2021-26897). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.
Microsoft Office vulnerabilities should be prioritized for workstation-type devices.
On March 2, Microsoft released out-of-band patches to address critical remote code execution vulnerabilities in Microsoft Exchange Server. See details at Microsoft Exchange Server Zero-Days (ProxyLogon).
Adobe issued patches today covering multiple vulnerabilities in FrameMaker, Creative Cloud Desktop, and Adobe Connect. Patching Adobe FrameMaker for CVE-2021-21056 and Creative Cloud Desktop for CVE-2021-21068, CVE-2021-21078, and CVE-21069 should be prioritized due to their critical impact.
Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday, followed shortly after by PT dashboards.