{"id":8691,"date":"2021-04-19T06:47:33","date_gmt":"2021-04-19T13:47:33","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8691"},"modified":"2023-03-03T14:36:46","modified_gmt":"2023-03-03T21:36:46","slug":"march-2021-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/march-2021-patch-watch-digest\/","title":{"rendered":"March 2021: Patch Watch Digest"},"content":{"rendered":"<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 800px; height: 373px;\" src=\"\/wp-content\/uploads\/2015\/11\/highlights-of-march-digest1.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\"><strong>Highlights of March Digest<\/strong><\/h2>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Known exploit\">23 vendors released security patches in March for 911 vulnerabilities, including 116 CVEs with known exploits.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#CISA Alerts\">24 vulnerabilities that got patched were alerted by CISA.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Old CVEs\">510 old vulnerabilities have been patched.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Microsoft CVEs\">Microsoft fixed 89 bugs this month.<\/a><\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><strong><a id=\"Known exploit\" name=\"Known exploit\"><\/a>Weaponized Vulnerabilities<\/strong><\/h2>\n<p dir=\"ltr\">We have 116 vulnerabilities with known exploits. Here is our analysis \u2013<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs are associated with DearCry ransomware, 10 APT Groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, Vicious Panda Group), and 2 malwares (PlugX &amp; ShadowPad Malware).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVE has been alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">9 CVEs have Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">13 CVEs are associated with Remote Code Execution.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">14 CVEs have Denial of Service.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">8 CVEs are linked to SQL Injection.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">47 CVEs are rated high.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2015\/11\/weaponized-vulnerabilities-3.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<h2><strong><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a>Old Vulnerabilities Patched in March 2021<\/strong><\/h2>\n<p dir=\"ltr\">510 Old vulnerabilities have been issued security updates ranging from the year 2010 to 2020.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs are linked to BitPaymer and RansomExx ransomware.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">6 CVEs have been alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">4 CVEs have PE capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs are RCE bugs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">13 CVEs have Denial of Service.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">103 CVEs are critical and 320 medium severity.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Out of 510 Old vulnerabilities, 76 have known exploits.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 384px;\" src=\"\/wp-content\/uploads\/2015\/11\/old-vulnerabilities.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<h2 dir=\"ltr\"><strong><a id=\"Microsoft CVEs\" name=\"Microsoft CVEs\"><\/a>Microsoft March Patches 2021<\/strong><\/h2>\n<p dir=\"ltr\">Microsoft issued patches for 89 security vulnerabilities, including two zero-day.<\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/csw-patch-watch\/march-microsoft-patches-89-security-vulnerabilities.html\" rel=\"unfollow\">Check out our Microsoft Patch Watch edition here\u00a0\u00a0<\/a><\/p>\n<p dir=\"ltr\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/D6AVYjcmgBsEbXbp0e8kJwN3yKYu1gReiK3yiW6iWBmvUNaA5XvsjPSiR1Ffs9bQ-RL5HpzpiEiGGfGlDm8TOxQGp1-KU_x7l8f-EzMDADcOStT3V3OeFm-TfbgIjQ\" width=\"509\" height=\"369\" \/><\/p>\n<h2 dir=\"ltr\"><strong><a id=\"CISA Alerts\" name=\"CISA Alerts\"><\/a>CISA Alerts<\/strong><\/h2>\n<p dir=\"ltr\">24 vulnerabilities have been red-flagged by CISA.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs have been weaponized with RCE\/PE.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">4 CVEs are associated with DearCry ransomware, 10 APT Groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, Vicious Panda Group), and 2 malware (PlugX &amp; ShadowPad Malware).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">9 CVEs are rated high, and 6 of medium severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 418px;\" src=\"\/wp-content\/uploads\/2015\/11\/cisa-alerts.png\" alt=\"\" \/><a id=\"Airtable\" name=\"Airtable\"><\/a><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shr8pMDr4GfQqNzKE?backgroundColor=green&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\"><strong>Table: March 2021 Security Patches<\/strong><\/p>\n<p dir=\"ltr\">Threat actors need only one vulnerability to exploit and get into the system. Today, the only way to get around this problem is to apply patches whenever the vendor releases them.<\/p>\n<p style=\"text-align: center;\"><strong><span style=\"font-size: 24px;\">Worried about vulnerability management.\u00a0<a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to us<\/a>.<\/span><\/strong><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Highlights of March Digest 23 vendors released security patches in March for 911 vulnerabilities, including 116 CVEs with known exploits. 24 vulnerabilities that got patched were alerted by CISA. 510 old vulnerabilities have been patched. Microsoft fixed 89 bugs this month. Weaponized Vulnerabilities We have 116 vulnerabilities with known exploits. Here is our analysis \u2013 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14443,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[288],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8691"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14443"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8691"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}