Tripwire's March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft.
First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Next on the list are patches for Internet Explorer, which resolve memory corruption and remote code execution vulnerabilities.
Up next on the patch priority list this month are patches for Microsoft Excel, Visio, PowerPoint and Office. These patches resolve seven issues including security feature bypass and remote code execution vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 35 vulnerabilities including elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect core Windows, WalletService, Error Reporting, Windows Media, Storage Spaces Controller, DirectX, OpenType Font, Graphics, Event Tracing, User Profile Service, App-V, Update Stack and others.
Up next is a patch that resolves a denial of service and remote code execution vulnerability for Hyper-V.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Exchange and DNS. These patches resolve several issues including remote code execution, information disclosure, denial of service and spoofing vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Exploit Framework - Metasploit | CVE-2021-27065, CVE-2021-26855, CVE-2021-25282, CVE-2021-25281, CVE-2021-22986, CVE-2021-21972 |
| Internet Explorer | CVE-2021-26411, CVE-2021-27085 |
| Microsoft Office | CVE-2021-27055, CVE-2021-27056, CVE-2021-27054, CVE-2021-27053, CVE-2021-27057, CVE-2021-27059, CVE-2021-24108 |
| Microsoft Windows | CVE-2021-26885, CVE-2021-26871, CVE-2021-24090, CVE-2021-26881, CVE-2021-26862, CVE-2021-26880, CVE-2021-24095, CVE-2021-26870, CVE-2021-26884, CVE-2021-26876, CVE-2021-26868, CVE-2021-26861, CVE-2021-27077, CVE-2021-26875, CVE-2021-26863, CVE-2021-26901, CVE-2021-26872, CVE-2021-26898, CVE-2021-24107, CVE-2021-27070, CVE-2021-26886, CVE-2021-26873, CVE-2021-26864, CVE-2021-26890, CVE-2021-26860, CVE-2021-26874, CVE-2021-26900, CVE-2021-26865, CVE-2021-26891, CVE-2021-26866, CVE-2021-26889, CVE-2021-1729, CVE-2021-26899, CVE-2021-1640, CVE-2021-26878, CVE-2021-26892, CVE-2021-26869, CVE-2021-26882 |
| Hyper-V | CVE-2021-26867, CVE-2021-26879 |
| Exchange Server | CVE-2021-27065, CVE-2021-27078, CVE-2021-26858, CVE-2021-26857, CVE-2021-26854, CVE-2021-26855, CVE-2021-26412 |
| Microsoft Office SharePoint | CVE-2021-27052, CVE-2021-27076, CVE-2021-24104 |
| Microsoft DNS Server | CVE-2021-27063, CVE-2021-26896, CVE-2021-26877, CVE-2021-26893, CVE-2021-26897, CVE-2021-26894, CVE-2021-26895 |
