Another Patch Tuesday (2021-Mar) is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild.
Vulnerability Breakdown by Software Family
Family
Vulnerability Count
Windows
59
Browser
35
ESU
24
Microsoft Office
11
Exchange Server
7
Developer Tools
6
Azure
3
SQL Server
1
Earlier this month Microsoft released out of band updates for Exchange Server. These critical updates fixed a number of publicly exploited vulnerabilities, but not before attackers were able to compromise over 30,000 internet facing instances.
Yesterday, Microsoft issued an additional set of patches for older, unsupported versions of Exchange Server. This allows customers who have not been able to update to the most recent version of Exchange the ability to defend against these widespread exploit attempts.
If you administer an Exchange Server, stop reading this blog and go patch these systems! For more information please see our blog post on the topic.
Patch those Windows systems!
Almost half of the newly announced vulnerabilities this month affect components of Windows itself. Some major highlights include:
Browser Vulnerabilities
Since going end-of-life in November 2020, we haven't seen any Internet Explorer patches from Microsoft. However, this month Microsoft has made two new updates available: patch tuesday march
