Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s March 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-933 on Wednesday, March 10th.

In-The-Wild & Disclosed CVEs

CVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.

CVE-2021-26411

A vulnerability in Microsoft Internet Explorer and the EdgeHTML-based Microsoft Edge is currently experiencing active exploitation. To successfully exploit this vulnerability, an attacker would need to direct the victim to a website, which would typically be accomplished via a phishing attack or some other form of social engineering.

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.

CVE-2021-27077

This CVE describes a disclosed but not yet exploited vulnerability in Win32k that could allow for privilege escalation. This is a local vulnerability, meaning that an attacker must already have access to the system in order to exploit this issue.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
Windows WalletService 2 CVE-2021-26871, CVE-2021-26885
Windows Error Reporting 1 CVE-2021-24090
Windows Media 1 CVE-2021-26881
Windows Installer 1 CVE-2021-26862
Visual Studio 2 CVE-2021-21300, CVE-2021-27084
Windows Storage Spaces Controller 1 CVE-2021-26880
Windows DirectX 1 CVE-2021-24095
Internet Explorer 2 CVE-2021-26411, CVE-2021-27085
Microsoft Office SharePoint 3 CVE-2021-24104, CVE-2021-27052, CVE-2021-27076
Windows Projected File System Filter Driver 1 CVE-2021-26870
Microsoft Office PowerPoint 1 CVE-2021-27056
Microsoft Windows Codecs Library 11 CVE-2021-24089, CVE-2021-24110, CVE-2021-26884, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062
Visual Studio Code 4 CVE-2021-27060, CVE-2021-27081, CVE-2021-27082, CVE-2021-27083
Microsoft Office Visio 1 CVE-2021-27055
Microsoft Office Excel 3 CVE-2021-27053, CVE-2021-27054, CVE-2021-27057
Microsoft Graphics Component 6 CVE-2021-27077, CVE-2021-26861, CVE-2021-26863, CVE-2021-26868, CVE-2021-26875, CVE-2021-26876
Windows Event Tracing 4 CVE-2021-24107, CVE-2021-26872, CVE-2021-26898, CVE-2021-26901
Windows Update Assistant 1 CVE-2021-27070
Windows User Profile Service 2 CVE-2021-26873, CVE-2021-26886
Role: Hyper-V 2 CVE-2021-26867, CVE-2021-26879
Microsoft Exchange Server 7 CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078
Microsoft Office 3 CVE-2021-24108, CVE-2021-27058, CVE-2021-27059
Windows Registry 1 CVE-2021-26864
Azure Sphere 2 CVE-2021-27074, CVE-2021-27080
Application Virtualization 1 CVE-2021-26890
Power BI 1 CVE-2021-26859
Windows Overlay Filter 2 CVE-2021-26860, CVE-2021-26874
Role: DNS Server 7 CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26896, CVE-2021-26897, CVE-2021-27063
Windows Win32K 1 CVE-2021-26900
Azure 1 CVE-2021-27075
Windows Admin Center 1 CVE-2021-27066
Microsoft Edge on Chromium 33 CVE-2020-27844, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21164, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190, CVE-2021-21184
Windows Container Execution Agent 2 CVE-2021-26865, CVE-2021-26891
Windows Update Stack 3 CVE-2021-1729, CVE-2021-26866, CVE-2021-26889
Windows UPnP Device Host 1 CVE-2021-26899
Windows Print Spooler Components 2 CVE-2021-1640, CVE-2021-26878
Windows Extensible Firmware Interface 1 CVE-2021-26892
Microsoft ActiveX 1 CVE-2021-26869
Windows Folder Redirection 1 CVE-2021-26887
Windows Remote Access API 1 CVE-2021-26882

Other Information

There were no advisories included in the March security guidance.

Mastering Configuration Management Across the Modern Enterprise