And we are kicking off with March’s edition of Microsoft Patch Tuesday!
The most notable patch of the bunch is the one that addresses the IE weakness, dubbed as CVE-2021-26411.
Take note that both IE11 and newer EdgeHTML-based versions are affected.
Once exploited, attackers can proceed to execute a file of their choosing.
This flaw is connected to another one that ENKI researchers brought to the public’s attention back in February.
Allegedly, nation-state attackers capitalised on the very same vulnerability to go after security researchers.
After the bug has been patched, the ENKI team promised to share proof-of-concept details.
According to Satnam Narang, staff research engineer at Tenable, attackers quickly tend to incorporate such proof-of-concept code into their attack toolkits.
Therefore, anyone using Microsoft Edge or Internet Explorer should not delay installing the patches.
Note that this bids the last farewell to Microsoft Edge browser as it is being retired by Microsoft.
Once again, we are getting patches for DNS server security flaws in Windows Server 2008 through 2019, the compromise of which would allow an attacker to install any software of their choosing.
Do not underestimate the severity of these DNS bugs — they have all received a CVSS score of 9.8, the red alert of ratings.
Dustin Childs from Trend Micro warns it could be wormable between DNS servers.
At this point in time, countless organisations are busy with trying to resolve the security nightmare of having their Outlook Web Access and Exchange Server compromised with a backdoor.
While enterprises should not hesitate to apply the updates, it is fine for regular users to wait it out for a couple of days so Microsoft can iron out any bugs in the meantime.
Either way, you are encouraged to make a backup of your system so you can rest assured you are covered even in case something goes awry.