ΑρχικήUpdatesΗ Microsoft κυκλοφόρησε το Patch Tuesday Μαρτίου 2021
Updates

Η Microsoft κυκλοφόρησε το Patch Tuesday Μαρτίου 2021

Digital Fortress
By Digital Fortress
Microsoft Patch Tuesday
Η Microsoft κυκλοφόρησε το Patch Tuesday Μαρτίου 2021

Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Μαρτίου 2021, το οποίο διορθώνει 82 ευπάθειες, εκ των οποίων οι 10 έχουν χαρακτηριστεί ως κρίσιμες. Δεν περιλαμβάνονται οι 7 ευπάθειες στο Microsoft Exchange που διευθετήθηκαν πριν μερικές ημέρες.

Μεταξύ των ευπαθειών, διορθώνονται και δύο zero-day, οι οποίες είχαν γίνει γνωστές και λέγεται ότι χρησιμοποιούνταν σε επιθέσεις.

Microsoft Patch Tuesday
Η Microsoft κυκλοφόρησε το Patch Tuesday Μαρτίου 2021

Microsoft Exchange

Την περασμένη εβδομάδα, η Microsoft κυκλοφόρησε έκτακτες ενημερώσεις ασφαλείας για την ευπάθεια του ProxyLogon και άλλα RCE bugs, που χρησιμοποιήθηκαν από εγκληματίες του κυβερνοχώρου για την παραβίαση Microsoft Exchange servers.

Η Microsoft κυκλοφόρησε ενημερωμένες εκδόσεις ασφαλείας για τα τρέχοντα υποστηριζόμενα Microsoft Exchange cumulative updates αλλά και για παλαιότερες μη υποστηριζόμενες εκδόσεις.

SecNewsTV

23.4K subscribers
SecNewsTV
Περισσότερα... Subscribe!

Η εγκατάσταση των ενημερώσεων θα αποτρέψει την παραβίαση του server, αλλά οι επιθέσεις ήταν τόσο διαδεδομένες που οι διαχειριστές θα πρέπει να αναλύουν όλους τους Exchange servers για επιθέσεις που ενδέχεται να έχουν επηρεάσει τα συστήματά τους πριν από την εγκατάσταση των ενημερώσεων.

Η Microsoft κυκλοφόρησε ένα PowerShell script που ονομάζεται Test-ProxyLogon.ps1, το οποίο θα ελέγξει για δείκτες παραβίασης (IOC) στα Exchange HttpProxy logs, Exchange log files και Windows Application event logs.

Η Microsoft έχει, επίσης, ενημερώσει το Microsoft Defender για να εντοπίσει web shells και άλλα IOCs που σχετίζονται με αυτές τις επιθέσεις.

Από την άλλη, η εταιρεία διαθέτει και το αυτόνομο εργαλείο Microsoft Safety Scanner (MSERT), το οποίο έχει ενημερωθεί για τον εντοπισμό web shells και IOCs, για όσους δεν χρησιμοποιούν το Microsoft Defender.

Πέρα από τις zero-day ευπάθειες, η Microsoft διόρθωσε, επίσης, τρεις ευπάθειες του Microsoft Exchange που δεν έχουν χρησιμοποιηθεί σε επιθέσεις.

Η Microsoft κυκλοφόρησε το Patch Tuesday Μαρτίου 2021

Η εταιρεία διόρθωσε άλλες δύο zero-day ευπάθειες

Το Microsoft Patch Tuesday Μαρτίου διορθώνει και δύο άλλες zero-day (CVE-2021-26411, CVE-2021-27077) ευπάθειες.

Στον παρακάτω πίνακα, μπορείτε να δείτε όλες τις ευπάθειες που διορθώνει το Microsoft Patch Tuesday Μαρτίου 2021:

TagCVE IDCVE TitleSeverity
Application VirtualizationCVE-2021-26890Application Virtualization Remote Code Execution VulnerabilityImportant
AzureCVE-2021-27075Azure Virtual Machine Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-27074Azure Sphere Unsigned Code Execution VulnerabilityCritical
Azure SphereCVE-2021-27080Azure Sphere Unsigned Code Execution VulnerabilityCritical
Internet ExplorerCVE-2021-27085Internet Explorer Remote Code Execution VulnerabilityImportant
Internet ExplorerCVE-2021-26411Internet Explorer Memory Corruption VulnerabilityCritical
Microsoft ActiveXCVE-2021-26869Windows ActiveX Installer Service Information Disclosure VulnerabilityImportant
Microsoft Edge on ChromiumCVE-2021-21173Chromium CVE-2021-21173: Side-channel information leakage in Network InternalsUnknown
Microsoft Edge on ChromiumCVE-2021-21172Chromium CVE-2021-21172: Insufficient policy enforcement in File System APIUnknown
Microsoft Edge on ChromiumCVE-2021-21169Chromium CVE-2021-21169: Out of bounds memory access in V8Unknown
Microsoft Edge on ChromiumCVE-2021-21170Chromium CVE-2021-21170: Incorrect security UI in LoaderUnknown
Microsoft Edge on ChromiumCVE-2021-21171Chromium CVE-2021-21171: Incorrect security UI in TabStrip and NavigationUnknown
Microsoft Edge on ChromiumCVE-2021-21175Chromium CVE-2021-21175: Inappropriate implementation in Site isolationUnknown
Microsoft Edge on ChromiumCVE-2021-21176Chromium CVE-2021-21176: Inappropriate implementation in full screen modeUnknown
Microsoft Edge on ChromiumCVE-2021-21177Chromium CVE-2021-21177: Insufficient policy enforcement in AutofillUnknown
Microsoft Edge on ChromiumCVE-2021-21174Chromium CVE-2021-21174: Inappropriate implementation in ReferrerUnknown
Microsoft Edge on ChromiumCVE-2021-21178Chromium CVE-2021-21178 : Inappropriate implementation in CompositingUnknown
Microsoft Edge on ChromiumCVE-2021-21161Chromium CVE-2021-21161: Heap buffer overflow in TabStripUnknown
Microsoft Edge on ChromiumCVE-2021-21162Chromium CVE-2021-21162: Use after free in WebRTCUnknown
Microsoft Edge on ChromiumCVE-2021-21160Chromium CVE-2021-21160: Heap buffer overflow in WebAudioUnknown
Microsoft Edge on ChromiumCVE-2020-27844Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEGUnknown
Microsoft Edge on ChromiumCVE-2021-21159Chromium CVE-2021-21159: Heap buffer overflow in TabStripUnknown
Microsoft Edge on ChromiumCVE-2021-21163Chromium CVE-2021-21163: Insufficient data validation in Reader ModeUnknown
Microsoft Edge on ChromiumCVE-2021-21167Chromium CVE-2021-21167: Use after free in bookmarksUnknown
Microsoft Edge on ChromiumCVE-2021-21168Chromium CVE-2021-21168: Insufficient policy enforcement in appcacheUnknown
Microsoft Edge on ChromiumCVE-2021-21166Chromium CVE-2021-21166: Object lifecycle issue in audioUnknown
Microsoft Edge on ChromiumCVE-2021-21164Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOSUnknown
Microsoft Edge on ChromiumCVE-2021-21165Chromium CVE-2021-21165: Object lifecycle issue in audioUnknown
Microsoft Edge on ChromiumCVE-2021-21189Chromium CVE-2021-21189: Insufficient policy enforcement in paymentsUnknown
Microsoft Edge on ChromiumCVE-2021-21181Chromium CVE-2021-21181: Side-channel information leakage in autofillUnknown
Microsoft Edge on ChromiumCVE-2021-21186Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanningUnknown
Microsoft Edge on ChromiumCVE-2021-21190Chromium CVE-2021-21190 : Uninitialized Use in PDFiumUnknown
Microsoft Edge on ChromiumCVE-2021-21183Chromium CVE-2021-21183: Inappropriate implementation in performance APIsUnknown
Microsoft Edge on ChromiumCVE-2021-21185Chromium CVE-2021-21185: Insufficient policy enforcement in extensionsUnknown
Microsoft Edge on ChromiumCVE-2021-21187Chromium CVE-2021-21187: Insufficient data validation in URL formattingUnknown
Microsoft Edge on ChromiumCVE-2021-21182Chromium CVE-2021-21182: Insufficient policy enforcement in navigationsUnknown
Microsoft Edge on ChromiumCVE-2021-21180Chromium CVE-2021-21180: Use after free in tab searchUnknown
Microsoft Edge on ChromiumCVE-2021-21184Chromium CVE-2021-21184: Inappropriate implementation in performance APIsUnknown
Microsoft Edge on ChromiumCVE-2021-21179Chromium CVE-2021-21179: Use after free in Network InternalsUnknown
Microsoft Edge on ChromiumCVE-2021-21188Chromium CVE-2021-21188: Use after free in BlinkUnknown
Microsoft Exchange ServerCVE-2021-26412Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-27065Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-27078Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-26854Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-26857Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-26855Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-26858Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26863Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-27077Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26861Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26876OpenType Font Parsing Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-26875Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26868Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2021-24108Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-27058Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-27059Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-27053Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-27054Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-27057Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2021-27056Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-27052Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24104Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-27076Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-27055Microsoft Visio Security Feature Bypass VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27050HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27049HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-26884Windows Media Photo Codec Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27051HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27062HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-24110HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-24089HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-27061HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-27048HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27047HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-26902HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Power BICVE-2021-26859Microsoft Power BI Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2021-27063Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-26893Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-26897Windows DNS Server Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2021-26894Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-26895Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-26896Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-26877Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-26867Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Hyper-VCVE-2021-26879Windows NAT Denial of Service VulnerabilityImportant
Visual StudioCVE-2021-27084Visual Studio Code Java Extension Pack Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2021-21300Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual Studio CodeCVE-2021-27060Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-27081Visual Studio Code ESLint Extension Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-27083Remote Development Extension for Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-27082Quantum Development Kit for Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Admin CenterCVE-2021-27066Windows Admin Center Security Feature Bypass VulnerabilityImportant
Windows Container Execution AgentCVE-2021-26891Windows Container Execution Agent Elevation of Privilege VulnerabilityImportant
Windows Container Execution AgentCVE-2021-26865Windows Container Execution Agent Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-24095DirectX Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2021-24090Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-24107Windows Event Tracing Information Disclosure VulnerabilityImportant
Windows Event TracingCVE-2021-26872Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-26901Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-26898Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Extensible Firmware InterfaceCVE-2021-26892Windows Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows Folder RedirectionCVE-2021-26887Microsoft Windows Folder Redirection Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-26862Windows Installer Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2021-26881Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Windows Overlay FilterCVE-2021-26874Windows Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Overlay FilterCVE-2021-26860Windows App-V Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-1640Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-26878Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-26870Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows RegistryCVE-2021-26864Windows Virtual Registry Provider Elevation of Privilege VulnerabilityImportant
Windows Remote Access APICVE-2021-26882Remote Access API Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-26880Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Update AssistantCVE-2021-27070Windows 10 Update Assistant Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-1729Windows Update Stack Setup Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-26889Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-26866Windows Update Service Elevation of Privilege VulnerabilityImportant
Windows UPnP Device HostCVE-2021-26899Windows UPnP Device Host Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2021-26873Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2021-26886User Profile Service Denial of Service VulnerabilityImportant
Windows WalletServiceCVE-2021-26871Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-26885Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-26900Windows Win32k Elevation of Privilege VulnerabilityImportant

Πηγή: Bleeping Computer

Ακολουθήστε μας στο Google News και ενημερωθείτε πρώτοι για όλες τις ειδήσεις.

Προηγούμενο άρθρο
Starship SN10: Ο Musk εξηγεί γιατί εξερράγη μετά την προσγείωση
Επόμενο άρθρο
T-Mobile: Θα μοιράζεται app και browsing data πελατών με advertisers από προεπιλογή
Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

RELATED ARTICLES

Εγγραφή στο Newsletter

* indicates required

FOLLOW US

LIVE NEWS

Φόρτωση περισσοτέρων

ABOUT US

SecNews.gr: No1 Portal για Τεχνολογικές ειδήσεις. Security, Hacking, TV και Tweaks για Geeks. Άμεση ενημέρωση για όλες τις εξελίξεις στον χώρο της ασφάλειας και του IT.

Επικοινωνία: contact@secnews.gr

FOLLOW US

SecNews - Copyright © 2010 - 2024