97 CVEs discovered during the March Patch Tuesday updates

Teodor Nechita
by Teodor Nechita
Software Managing Editor
Affiliate Disclosure

  • 97 different CVEs were identified according to the reports that came with this Patch Tuesday.
  • 89 affected Microsoft products, while only 8 affected Adobe products.
  • While some CVEs were indeed rated as Critical, the majority of them were rated as Important.
  • Read more about what each CVE affects, and how it manifests itself.
Patch Tuesday March CVE report

The digital world is in a continued arms race between software, malware, and the tools used to keep us safe from malware.

Well, another round of this war has been concluded now that the March Patch Tuesday updates are here, as new reports of discovered CVEs have been brought to light.

So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:

Well, it seems that the month of March is quite abundant as well, with 97 CVEs discovered, all of which will be discussed in greater detail in the article below:


The March CVE report includes 97 identified CVEs

Vulnerabilities found in Adobe products

Of the 97 CVEs found this month, only 8 belonged to Adobe programs, more precisely Adobe Connect, Creative Cloud Desktop, and Framemaker.

Of the 8 identified CVEs, 4 were rated as being Critical while the other 4 were rated as Important.


Vulnerabilities found in Microsoft products

As always, Microsoft products hold the bulk of identified CVEs, with 89 found this month alone.

These CVes affected multiple Microsoft services, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office , and more.

4 of these vulnerabilities were considered under active attack, so a smaller patch to fix them right away was released before the regular Patch Tuesday schedule.

Of these 89 bugs, they were rated as follows:

  • 14 are listed as Critical
  • 75 are listed as Important in severity.

Which were some of the most severe CVEs?

While all CVEs should be deemed as noteworthy, there were some that stood out due to their severity, or the way they behaved:

All other identified CVEs are listed in the table below:

CVE

Title

Severity

CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability Critical
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability Important
CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability Important
CVE-2021-27074 Azure Sphere Unsigned Code Execution Vulnerability Critical
CVE-2021-27080 Azure Sphere Unsigned Code Execution Vulnerability Critical
CVE-2021-21300 Git for Visual Studio Remote Code Execution Vulnerability Critical
CVE-2021-24089 HEVC Video Extensions Remote Code Execution Vulnerability Critical
CVE-2021-26902 HEVC Video Extensions Remote Code Execution Vulnerability Critical
CVE-2021-27061 HEVC Video Extensions Remote Code Execution Vulnerability Critical
CVE-2021-26412 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-26876 OpenType Font Parsing Remote Code Execution Vulnerability Critical
CVE-2021-26897 Windows DNS Server Remote Code Execution Vulnerability Critical
CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability Critical
CVE-2021-26890 Application Virtualization Remote Code Execution Vulnerability Important
CVE-2021-27075 Azure Virtual Machine Information Disclosure Vulnerability Important
CVE-2021-24095 DirectX Elevation of Privilege Vulnerability Important
CVE-2021-24110 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27047 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27048 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27049 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27050 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27051 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27062 HEVC Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27085 Internet Explorer Remote Code Execution Vulnerability Important
CVE-2021-27053 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2021-27054 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability Important
CVE-2021-27078 Microsoft Exchange Server Remote Code Execution Vulnerability Important
CVE-2021-27058 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important
CVE-2021-24108 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-27057 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-27059 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-26859 Microsoft Power BI Information Disclosure Vulnerability Important
CVE-2021-27056 Microsoft PowerPoint Remote Code Execution Vulnerability Important
CVE-2021-27052 Microsoft SharePoint Server Information Disclosure Vulnerability Important
CVE-2021-27076 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
CVE-2021-24104 Microsoft SharePoint Spoofing Vulnerability Important
CVE-2021-27055 Microsoft Visio Security Feature Bypass Vulnerability Important
CVE-2021-26887 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability Important
CVE-2021-26881 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important
CVE-2021-27082 Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-26882 Remote Access API Elevation of Privilege Vulnerability Important
CVE-2021-27083 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-26880 Storage Spaces Controller Elevation of Privilege Vulnerability Important
CVE-2021-26886 User Profile Service Denial of Service Vulnerability Important
CVE-2021-27081 Visual Studio Code ESLint Extension Remote Code Execution Vulnerability Important
CVE-2021-27084 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability Important
CVE-2021-27060 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-27070 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important
CVE-2021-26869 Windows ActiveX Installer Service Information Disclosure Vulnerability Important
CVE-2021-27066 Windows Admin Center Security Feature Bypass Vulnerability Important
CVE-2021-26860 Windows App-V Overlay Filter Elevation of Privilege Vulnerability Important
CVE-2021-26865 Windows Container Execution Agent Elevation of Privilege Vulnerability Important
CVE-2021-26891 Windows Container Execution Agent Elevation of Privilege Vulnerability Important
CVE-2021-26896 Windows DNS Server Denial of Service Vulnerability Important
CVE-2021-27063 Windows DNS Server Denial of Service Vulnerability Important
CVE-2021-26877 Windows DNS Server Remote Code Execution Vulnerability Important
CVE-2021-26893 Windows DNS Server Remote Code Execution Vulnerability Important
CVE-2021-26894 Windows DNS Server Remote Code Execution Vulnerability Important
CVE-2021-26895 Windows DNS Server Remote Code Execution Vulnerability Important
CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability Important
CVE-2021-26872 Windows Event Tracing Elevation of Privilege Vulnerability Important
CVE-2021-26898 Windows Event Tracing Elevation of Privilege Vulnerability Important
CVE-2021-26901 Windows Event Tracing Elevation of Privilege Vulnerability Important
CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability Important
CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important
CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability Important
CVE-2021-26861 Windows Graphics Component Remote Code Execution Vulnerability Important
CVE-2021-26862 Windows Installer Elevation of Privilege Vulnerability Important
CVE-2021-26884 Windows Media Photo Codec Information Disclosure Vulnerability Important
CVE-2021-26879 Windows NAT Denial of Service Vulnerability Important
CVE-2021-26874 Windows Overlay Filter Elevation of Privilege Vulnerability Important
CVE-2021-1640 Windows Print Spooler Elevation of Privilege Vulnerability Important
CVE-2021-26878 Windows Print Spooler Elevation of Privilege Vulnerability Important
CVE-2021-26870 Windows Projected File System Elevation of Privilege Vulnerability Important
CVE-2021-26866 Windows Update Service Elevation of Privilege Vulnerability Important
CVE-2021-26889 Windows Update Stack Elevation of Privilege Vulnerability Important
CVE-2021-1729 Windows Update Stack Setup Elevation of Privilege Vulnerability Important
CVE-2021-26899 Windows UPnP Device Host Elevation of Privilege Vulnerability Important
CVE-2021-26873 Windows User Profile Service Elevation of Privilege Vulnerability Important
CVE-2021-26864 Windows Virtual Registry Provider Elevation of Privilege Vulnerability Important
CVE-2021-26871 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2021-26885 Windows WalletService Elevation of Privilege Vulnerability Important
CVE-2021-26863 Windows Win32k Elevation of Privilege Vulnerability Important
CVE-2021-26875 Windows Win32k Elevation of Privilege Vulnerability Important
CVE-2021-26900 Windows Win32k Elevation of Privilege Vulnerability Important

January and February 2021 already started off with an ascending trend in terms of the number of CVEs, but March seems to have brought fewer for a change.

Remember that if you use any of the Microsoft or Adobe products and services mentioned above, you stand a greater risk because of the aforementioned vulnerabilities, so remember to download and install the latest Patch Tuesday updates.

It could also help to use third-party antivirus tools, but that means spending some more, while the Patch Tuesday updates are, and will always be free.

What’s your take on this month’s CVE report?

Let us know whether CVEs should be a concern for the general public by leaving us your feedback in the comments section below.

There are no comments yet. Please leave a comment

add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *