With cybersecurity threats on the rise thanks to the pandemic, it’s essential to understand the importance of Patch Tuesday releases, and find ways to deploy them to remote endpoints efficiently.

This Patch Tuesday, Microsoft has released fixes for 82 vulnerabilities, among which 10 are classified as Critical, and 72 as Important. Along with these vulnerabilities, Microsoft also released fixes for two publicly-disclosed and actively exploited zero-day vulnerabilities. This March has been undeniably hard for IT admins, as around 40 vulnerabilities for Microsoft Exchange and Chromium Edge were also released earlier this month. 

A lineup of significant updates

Microsoft released security updates for:

  • Microsoft Windows

  • Microsoft Office

  • Microsoft Windows Codecs Library

  • Visual Studio

  • Internet Explorer

  • Microsoft Edge on Chromium

  • Microsoft Exchange Server

  • Microsoft Graphics Component

  • Power BI

Publicly-disclosed and actively exploited zero-days

This month, Microsoft fixed the zero-day vulnerabilities below:

Shedding some light on this month’s critical updates 

Listed below are the Critical vulnerabilities reported in this month’s Patch Tuesday:

Product

CVE title

CVE ID

Azure Sphere

Azure Sphere Unsigned Code Execution Vulnerability

CVE-2021-27074

Azure Sphere

Azure Sphere Unsigned Code Execution Vulnerability

CVE-2021-27080

Internet Explorer

Internet Explorer Memory Corruption Vulnerability

CVE-2021-26411

Microsoft Exchange Server

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26412

Microsoft Exchange Server

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-27065

Microsoft Exchange Server

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26857

Microsoft Exchange Server

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26855

Microsoft Graphics Component

OpenType Font Parsing Remote Code Execution Vulnerability

CVE-2021-26876

Microsoft Windows Codecs Library

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-24089

Microsoft Windows Codecs Library

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-27061

Microsoft Windows Codecs Library

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-26902

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-26897

Role: Hyper-V

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2021-26867

Visual Studio

Git for Visual Studio Remote Code Execution Vulnerability

CVE-2021-21300

 Third-party updates released this month

 Coinciding with this month’s Patch Tuesday, Android has also released security updates this month. There are also notable security updates from Adobe, Apple, SAP, Cisco, and VMWare.

 Sign up for our free webinar on Patch Tuesday updates for a complete breakdown of the security, non-security, and third-party updates released this Patch Tuesday.

 Here are a few best practices for remote patch management that you can follow in your organization:

  • Prioritize security updates over non-security and optional updates.

  • Download patches directly to endpoints rather than saving them on your server and distributing them to remote locations.

  • Schedule automation tasks specifically for deploying critical patches for timely updates.

  • Plan to set broad deployment windows so critical updates aren’t missed due to unavoidable hindrances.

  • Allow end users to skip deployments to avoid disrupting their productivity.

  • Ensure the machines under your scope aren’t running any end-of-life OSs or applications.

  • Ensure you use a secure gateway server to establish safe connections between your remote endpoints.

 Want to learn how you can easily implement these best practices using Patch Manager Plus or Desktop Central? Register for our free ManageEngine Patch Tuesday webinar, and watch our experts carry out these best practices in real time. You’ll also gain insights on trending cybersecurity incidents, and our product specialists will be available to clarify any questions you might have. 

Happy patching!

 

 

 

 

 

 

 

 

 

Gokila Kumar
Product Marketer