97 CVEs discovered during the March Patch Tuesday updates
7 min. read
Updated on
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- 97 different CVEs were identified according to the reports that came with this Patch Tuesday.
- 89 affected Microsoft products, while only 8 affected Adobe products.
- While some CVEs were indeed rated as Critical, the majority of them were rated as Important.
- Read more about what each CVE affects, and how it manifests itself.
The digital world is in a continued arms race between software, malware, and the tools used to keep us safe from malware.
Well, another round of this war has been concluded now that the March Patch Tuesday updates are here, as new reports of discovered CVEs have been brought to light.
So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:
Well, it seems that the month of March is quite abundant as well, with 97 CVEs discovered, all of which will be discussed in greater detail in the article below:
The March CVE report includes 97 identified CVEs
Vulnerabilities found in Adobe products
Of the 97 CVEs found this month, only 8 belonged to Adobe programs, more precisely Adobe Connect, Creative Cloud Desktop, and Framemaker.
Of the 8 identified CVEs, 4 were rated as being Critical while the other 4 were rated as Important.
Vulnerabilities found in Microsoft products
As always, Microsoft products hold the bulk of identified CVEs, with 89 found this month alone.
These CVes affected multiple Microsoft services, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office , and more.
4 of these vulnerabilities were considered under active attack, so a smaller patch to fix them right away was released before the regular Patch Tuesday schedule.
Of these 89 bugs, they were rated as follows:
- 14 are listed as Critical
- 75 are listed as Important in severity.
Which were some of the most severe CVEs?
While all CVEs should be deemed as noteworthy, there were some that stood out due to their severity, or the way they behaved:
- CVE-2021-26897
- Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-26867
- Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2021-27076
- Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2021-26411
- Internet Explorer Memory Corruption Vulnerability
All other identified CVEs are listed in the table below:
CVE |
Title |
Severity |
| CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability | Critical |
| CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2021-27074 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
| CVE-2021-27080 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
| CVE-2021-21300 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2021-24089 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
| CVE-2021-26902 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
| CVE-2021-27061 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
| CVE-2021-26412 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| CVE-2021-26876 | OpenType Font Parsing Remote Code Execution Vulnerability | Critical |
| CVE-2021-26897 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
| CVE-2021-26867 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2021-26890 | Application Virtualization Remote Code Execution Vulnerability | Important |
| CVE-2021-27075 | Azure Virtual Machine Information Disclosure Vulnerability | Important |
| CVE-2021-24095 | DirectX Elevation of Privilege Vulnerability | Important |
| CVE-2021-24110 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27047 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27048 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27049 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27050 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27051 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27062 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability | Important |
| CVE-2021-27053 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2021-26854 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| CVE-2021-27078 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| CVE-2021-27058 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important |
| CVE-2021-24108 | Microsoft Office Remote Code Execution Vulnerability | Important |
| CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability | Important |
| CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | Important |
| CVE-2021-26859 | Microsoft Power BI Information Disclosure Vulnerability | Important |
| CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| CVE-2021-27052 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| CVE-2021-27076 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| CVE-2021-24104 | Microsoft SharePoint Spoofing Vulnerability | Important |
| CVE-2021-27055 | Microsoft Visio Security Feature Bypass Vulnerability | Important |
| CVE-2021-26887 | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | Important |
| CVE-2021-26881 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| CVE-2021-27082 | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | Important |
| CVE-2021-26882 | Remote Access API Elevation of Privilege Vulnerability | Important |
| CVE-2021-27083 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important |
| CVE-2021-26880 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| CVE-2021-26886 | User Profile Service Denial of Service Vulnerability | Important |
| CVE-2021-27081 | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | Important |
| CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | Important |
| CVE-2021-27060 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important |
| CVE-2021-26869 | Windows ActiveX Installer Service Information Disclosure Vulnerability | Important |
| CVE-2021-27066 | Windows Admin Center Security Feature Bypass Vulnerability | Important |
| CVE-2021-26860 | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | Important |
| CVE-2021-26865 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important |
| CVE-2021-26891 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important |
| CVE-2021-26896 | Windows DNS Server Denial of Service Vulnerability | Important |
| CVE-2021-27063 | Windows DNS Server Denial of Service Vulnerability | Important |
| CVE-2021-26877 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| CVE-2021-26893 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| CVE-2021-26894 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| CVE-2021-26895 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| CVE-2021-24090 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| CVE-2021-26872 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| CVE-2021-26898 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| CVE-2021-26901 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| CVE-2021-24107 | Windows Event Tracing Information Disclosure Vulnerability | Important |
| CVE-2021-26892 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
| CVE-2021-26868 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| CVE-2021-26861 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| CVE-2021-26862 | Windows Installer Elevation of Privilege Vulnerability | Important |
| CVE-2021-26884 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
| CVE-2021-26879 | Windows NAT Denial of Service Vulnerability | Important |
| CVE-2021-26874 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
| CVE-2021-1640 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| CVE-2021-26878 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| CVE-2021-26870 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| CVE-2021-26866 | Windows Update Service Elevation of Privilege Vulnerability | Important |
| CVE-2021-26889 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| CVE-2021-1729 | Windows Update Stack Setup Elevation of Privilege Vulnerability | Important |
| CVE-2021-26899 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| CVE-2021-26873 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
| CVE-2021-26864 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | Important |
| CVE-2021-26871 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| CVE-2021-26885 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| CVE-2021-26863 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2021-26875 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2021-26900 | Windows Win32k Elevation of Privilege Vulnerability | Important |
January and February 2021 already started off with an ascending trend in terms of the number of CVEs, but March seems to have brought fewer for a change.
Remember that if you use any of the Microsoft or Adobe products and services mentioned above, you stand a greater risk because of the aforementioned vulnerabilities, so remember to download and install the latest Patch Tuesday updates.
It could also help to use third-party antivirus tools, but that means spending some more, while the Patch Tuesday updates are, and will always be free.
What’s your take on this month’s CVE report?
Let us know whether CVEs should be a concern for the general public by leaving us your feedback in the comments section below.
User forum
0 messages