With cybersecurity threats on the rise thanks to the pandemic, it’s essential to understand the importance of Patch Tuesday releases, and find ways to deploy them to remote endpoints efficiently.
This Patch Tuesday, Microsoft has released fixes for 82 vulnerabilities, among which 10 are classified as Critical, and 72 as Important. Along with these vulnerabilities, Microsoft also released fixes for two publicly-disclosed and actively exploited zero-day vulnerabilities. This March has been undeniably hard for IT admins, as around 40 vulnerabilities for Microsoft Exchange and Chromium Edge were also released earlier this month.
A lineup of significant updates
Microsoft released security updates for:
-
Microsoft Windows
-
Microsoft Office
-
Microsoft Windows Codecs Library
-
Visual Studio
-
Internet Explorer
-
Microsoft Edge on Chromium
-
Microsoft Exchange Server
-
Microsoft Graphics Component
-
Power BI
Publicly-disclosed and actively exploited zero-days
This month, Microsoft fixed the zero-day vulnerabilities below:
-
CVE-2021-26411: Internet Explorer Memory Corruption Vulnerability
-
CVE-2021-27077: Windows Win32k Elevation of Privilege
Shedding some light on this month’s critical updates
Listed below are the Critical vulnerabilities reported in this month’s Patch Tuesday:
Product |
CVE title |
CVE ID |
Azure Sphere |
Azure Sphere Unsigned Code Execution Vulnerability |
|
Azure Sphere |
Azure Sphere Unsigned Code Execution Vulnerability |
|
Internet Explorer |
Internet Explorer Memory Corruption Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
Microsoft Graphics Component |
OpenType Font Parsing Remote Code Execution Vulnerability |
|
Microsoft Windows Codecs Library |
HEVC Video Extensions Remote Code Execution Vulnerability |
|
Microsoft Windows Codecs Library |
HEVC Video Extensions Remote Code Execution Vulnerability |
|
Microsoft Windows Codecs Library |
HEVC Video Extensions Remote Code Execution Vulnerability |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
|
Role: Hyper-V |
Windows Hyper-V Remote Code Execution Vulnerability |
|
Visual Studio |
Git for Visual Studio Remote Code Execution Vulnerability |
Third-party updates released this month
Coinciding with this month’s Patch Tuesday, Android has also released security updates this month. There are also notable security updates from Adobe, Apple, SAP, Cisco, and VMWare.
Sign up for our free webinar on Patch Tuesday updates for a complete breakdown of the security, non-security, and third-party updates released this Patch Tuesday.
Here are a few best practices for remote patch management that you can follow in your organization:
-
Prioritize security updates over non-security and optional updates.
-
Download patches directly to endpoints rather than saving them on your server and distributing them to remote locations.
-
Schedule automation tasks specifically for deploying critical patches for timely updates.
-
Plan to set broad deployment windows so critical updates aren’t missed due to unavoidable hindrances.
-
Allow end users to skip deployments to avoid disrupting their productivity.
-
Ensure the machines under your scope aren’t running any end-of-life OSs or applications.
-
Ensure you use a secure gateway server to establish safe connections between your remote endpoints.
Want to learn how you can easily implement these best practices using Patch Manager Plus or Desktop Central? Register for our free ManageEngine Patch Tuesday webinar, and watch our experts carry out these best practices in real time. You’ll also gain insights on trending cybersecurity incidents, and our product specialists will be available to clarify any questions you might have.
Happy patching!