Tripwire’s March 2021 Patch Priority Index (PPI) gathers important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft.
First on the priority list for fixes this month are fixes for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281) , BIG-IP (CVE- 2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities were recently added to the Metasploit Exploit Framework. These systems should be corrected as soon as possible.
Next are fixes for Internet Explorer, which address memory corruption and remote code execution vulnerabilities.
The next fixes to the fix priority list this month are fixes for Microsoft Excel, Visio, PowerPoint, and Office. These fixes resolve seven issues, including bypassing security features and remote code execution vulnerabilities.
This is followed by fixes that affect components of Windows operating systems. These fixes resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect Windows, WalletService, Error Reporting, Windows Media, Storage Space Controller, DirectX, OpenType Font, Graphics, Event Tracking, User Profile Service, App-V, Stack updates and more.
The next step is a patch that resolves a denial of service and remote code execution vulnerability for Hyper-V.
Finally, administrators should focus on server side fixes for Microsoft, which resolve issues in Microsoft SharePoint, Exchange, and DNS. These fixes resolve several issues, including remote code execution, information disclosure, denial of service, and spoofing vulnerabilities.
|Exploit Framework – Metasploit||CVE-2021-27065, CVE-2021-26855, CVE-2021-25282, CVE-2021-25281, CVE-2021-22986, CVE-2021-21972|
|Internet Explorer||CVE-2021-26411, CVE-2021-27085|
|Microsoft Office||CVE-2021-27055, CVE-2021-27056, CVE-2021-27054, CVE-2021-27053, CVE-2021-27057, CVE-2021-27059, CVE-2021-24108|
|Microsoft Windows||CVE-2021-26885, CVE-2021-26871, CVE-2021-24090, CVE-2021-26881, CVE-2021-26862, CVE-2021-26880, CVE-2021-24095, CVE-2021-26870, CVE- 2021-26884, CVE-2021-26876, CVE-2021-26868, CVE-2021-26861, CVE-2021-27077, CVE-2021-26875, CVE-2021-26863, CVE-2021-26901, CVE-2021- 26872, CVE-2021-26898, CVE-2021-24107, CVE-2021-27070, CVE-2021-26886, CVE-2021-26873, CVE-2021-26864, CVE-2021-26890, CVE-2021-26860, CVE-2021-26874, CVE-2021-26900, CVE-2021-26865, CVE-2021-26891, CVE-2021-26866, CVE-2021-26889, CVE-2021-1729, CVE-2021-26899, CVE- 2021-1640, CVE-2021-26878, CVE-2021-26892, CVE-2021-26869, CVE-2021-26882|
|Exchange server||CVE-2021-27065, CVE-2021-27078, CVE-2021-26858, CVE-2021-26857, CVE-2021-26854, CVE-2021-26855, CVE-2021-26412|
|Microsoft Office SharePoint||CVE-2021-27052, CVE-2021-27076, CVE-2021-24104|
|Microsoft DNS Server||CVE-2021-27063, CVE-2021-26896, CVE-2021-26877, CVE-2021-26893, CVE-2021-26897, CVE-2021-26894, CVE-2021-26895|