![\"\"](\"\/wp-content\/uploads\/2015\/11\/microsoft-march-patches-2021-1.png\")
<\/h2>\nMicrosoft\u2019s March Patches Overview<\/strong><\/h2>\nIn March, Microsoft patched 89 vulnerabilities discovered in 2021 –<\/p>\n
RCE\/PE:\u00a0<\/strong>Remote Code Execution and Privilege Execution are two of the most dangerous weaknesses that are most exploited by malicious actors. Microsoft has fixed –<\/p>\n\n- \n
45 CVEs that have been classified as RCE bugs<\/p>\n<\/li>\n
- \n
30 CVEs have Privilege Escalation capabilities<\/p>\n<\/li>\n
- \n
4 CVEs are linked to Denial of Service<\/p>\n<\/li>\n<\/ul>\n
Notably four CVEs (CVE-2021-27065, CVE-2021-26855, CVE-2021-26863, CVE-2021-21300) have publicly known exploits therefore patching them would be essential.<\/p>\n
Zero Day Vulnerabilities:<\/strong> Microsoft has released out-of-band patches for four Zero Day Vulnerabilities ( CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065).<\/p>\nThese weaknesses exist in Microsoft exchange server and have been associated with Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, and Vicious Panda APT group.<\/p>\n
These CVEs are also being exploited by DearCry Ransomware and are being delivered through PlugX and ShadowPad malware.<\/p>\n
CISA Alerts<\/strong><\/h2>\nSix CVEs have featured in recent CISA alerts (CVE-2021-26869, CVE-2021-27065, CVE-2021-26857, CVE-2021-26855, CVE-2021-26858, CVE-2021-26867)<\/p>\n
These CVEs have been red flagged by security agencies primarily because these vulnerabilities are associated with DearCry ransomware and APT groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen -Vicious Panda Group) are exploiting it to mount cyber attacks.<\/p>\n
Product Analysis<\/strong><\/h2>\nPatches are released for 47 different Microsoft products.<\/p>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/product-analysis-horizontal.jpg\")
<\/p>\n
Severity Scores<\/strong><\/h2>\n![](\"https:\/\/lh4.googleusercontent.com\/fQmdOQ9esUdoePUxoPS4qvKt8Bl8aqyN6gBGX_8Ezs7W9SolPUegF5YLEd_k0Fx6crsrIhi_fbvE4bJYLdFyFZwb7qCFTdJeqB6JzYhXsvvqWFgbcsV4T3tAPcvZLyX59464Ujch\")
- \n
- \n
45 CVEs that have been classified as RCE bugs<\/p>\n<\/li>\n
- \n
30 CVEs have Privilege Escalation capabilities<\/p>\n<\/li>\n
- \n
4 CVEs are linked to Denial of Service<\/p>\n<\/li>\n<\/ul>\n
Notably four CVEs (CVE-2021-27065, CVE-2021-26855, CVE-2021-26863, CVE-2021-21300) have publicly known exploits therefore patching them would be essential.<\/p>\n
Zero Day Vulnerabilities:<\/strong> Microsoft has released out-of-band patches for four Zero Day Vulnerabilities ( CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065).<\/p>\n
These weaknesses exist in Microsoft exchange server and have been associated with Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, and Vicious Panda APT group.<\/p>\n
These CVEs are also being exploited by DearCry Ransomware and are being delivered through PlugX and ShadowPad malware.<\/p>\n
CISA Alerts<\/strong><\/h2>\n
Six CVEs have featured in recent CISA alerts (CVE-2021-26869, CVE-2021-27065, CVE-2021-26857, CVE-2021-26855, CVE-2021-26858, CVE-2021-26867)<\/p>\n
These CVEs have been red flagged by security agencies primarily because these vulnerabilities are associated with DearCry ransomware and APT groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen -Vicious Panda Group) are exploiting it to mount cyber attacks.<\/p>\n
Product Analysis<\/strong><\/h2>\n
Patches are released for 47 different Microsoft products.<\/p>\n
<\/p>\nSeverity Scores<\/strong><\/h2>\n