Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Μαρτίου 2021, το οποίο διορθώνει 82 ευπάθειες, εκ των οποίων οι 10 έχουν χαρακτηριστεί ως κρίσιμες. Δεν περιλαμβάνονται οι 7 ευπάθειες στο Microsoft Exchange που διευθετήθηκαν πριν μερικές ημέρες.
Μεταξύ των ευπαθειών, διορθώνονται και δύο zero-day, οι οποίες είχαν γίνει γνωστές και λέγεται ότι χρησιμοποιούνταν σε επιθέσεις.
Microsoft Exchange
Την περασμένη εβδομάδα, η Microsoft κυκλοφόρησε έκτακτες ενημερώσεις ασφαλείας για την ευπάθεια του ProxyLogon και άλλα RCE bugs, που χρησιμοποιήθηκαν από εγκληματίες του κυβερνοχώρου για την παραβίαση Microsoft Exchange servers.
Η Microsoft κυκλοφόρησε ενημερωμένες εκδόσεις ασφαλείας για τα τρέχοντα υποστηριζόμενα Microsoft Exchange cumulative updates αλλά και για παλαιότερες μη υποστηριζόμενες εκδόσεις.
Δείτε επίσης: Microsoft Patch Tuesday Ιουλίου 2024: Διορθώσεις 142 ευπαθειών
Η εγκατάσταση των ενημερώσεων θα αποτρέψει την παραβίαση του server, αλλά οι επιθέσεις ήταν τόσο διαδεδομένες που οι διαχειριστές θα πρέπει να αναλύουν όλους τους Exchange servers για επιθέσεις που ενδέχεται να έχουν επηρεάσει τα συστήματά τους πριν από την εγκατάσταση των ενημερώσεων.
Η Microsoft κυκλοφόρησε ένα PowerShell script που ονομάζεται Test-ProxyLogon.ps1, το οποίο θα ελέγξει για δείκτες παραβίασης (IOC) στα Exchange HttpProxy logs, Exchange log files
και Windows Application event logs.Η Microsoft έχει, επίσης, ενημερώσει το Microsoft Defender για να εντοπίσει web shells και άλλα IOCs που σχετίζονται με αυτές τις επιθέσεις.
Από την άλλη, η εταιρεία διαθέτει και το αυτόνομο εργαλείο Microsoft Safety Scanner (MSERT), το οποίο έχει ενημερωθεί για τον εντοπισμό web shells και IOCs, για όσους δεν χρησιμοποιούν το Microsoft Defender.
Πέρα από τις zero-day ευπάθειες, η Microsoft διόρθωσε, επίσης, τρεις ευπάθειες του Microsoft Exchange που δεν έχουν χρησιμοποιηθεί σε επιθέσεις.
Η εταιρεία διόρθωσε άλλες δύο zero-day ευπάθειες
Το Microsoft Patch Tuesday Μαρτίου διορθώνει και δύο άλλες zero-day (CVE-2021-26411, CVE-2021-27077) ευπάθειες.
Στον παρακάτω πίνακα, μπορείτε να δείτε όλες τις ευπάθειες που διορθώνει το Microsoft Patch Tuesday Μαρτίου 2021:
Tag | CVE ID | CVE Title | Severity |
Application Virtualization | CVE-2021-26890 | Application Virtualization Remote Code Execution Vulnerability | Important |
Azure | CVE-2021-27075 | Azure Virtual Machine Information Disclosure Vulnerability | Important |
Azure Sphere | CVE-2021-27074 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
Azure Sphere | CVE-2021-27080 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
Internet Explorer | CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability | Important |
Internet Explorer | CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability | Critical |
Microsoft ActiveX | CVE-2021-26869 | Windows ActiveX Installer Service Information Disclosure Vulnerability | Important |
Microsoft Edge on Chromium | CVE-2021-21173 | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals | Unknown |
Microsoft Edge on Chromium | CVE-2021-21172 | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API | Unknown |
Microsoft Edge on Chromium | CVE-2021-21169 | Chromium CVE-2021-21169: Out of bounds memory access in V8 | Unknown |
Microsoft Edge on Chromium | CVE-2021-21170 | Chromium CVE-2021-21170: Incorrect security UI in Loader | Unknown |
Microsoft Edge on Chromium | CVE-2021-21171 | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation | Unknown |
Microsoft Edge on Chromium | CVE-2021-21175 | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation | Unknown |
Microsoft Edge on Chromium | CVE-2021-21176 | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode | Unknown |
Microsoft Edge on Chromium | CVE-2021-21177 | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill | Unknown |
Microsoft Edge on Chromium | CVE-2021-21174 | Chromium CVE-2021-21174: Inappropriate implementation in Referrer | Unknown |
Microsoft Edge on Chromium | CVE-2021-21178 | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing | Unknown |
Microsoft Edge on Chromium | CVE-2021-21161 | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip | Unknown |
Microsoft Edge on Chromium | CVE-2021-21162 | Chromium CVE-2021-21162: Use after free in WebRTC | Unknown |
Microsoft Edge on Chromium | CVE-2021-21160 | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio | Unknown |
Microsoft Edge on Chromium | CVE-2020-27844 | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG | Unknown |
Microsoft Edge on Chromium | CVE-2021-21159 | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip | Unknown |
Microsoft Edge on Chromium | CVE-2021-21163 | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode | Unknown |
Microsoft Edge on Chromium | CVE-2021-21167 | Chromium CVE-2021-21167: Use after free in bookmarks | Unknown |
Microsoft Edge on Chromium | CVE-2021-21168 | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache | Unknown |
Microsoft Edge on Chromium | CVE-2021-21166 | Chromium CVE-2021-21166: Object lifecycle issue in audio | Unknown |
Microsoft Edge on Chromium | CVE-2021-21164 | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS | Unknown |
Microsoft Edge on Chromium | CVE-2021-21165 | Chromium CVE-2021-21165: Object lifecycle issue in audio | Unknown |
Microsoft Edge on Chromium | CVE-2021-21189 | Chromium CVE-2021-21189: Insufficient policy enforcement in payments | Unknown |
Microsoft Edge on Chromium | CVE-2021-21181 | Chromium CVE-2021-21181: Side-channel information leakage in autofill | Unknown |
Microsoft Edge on Chromium | CVE-2021-21186 | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning | Unknown |
Microsoft Edge on Chromium | CVE-2021-21190 | Chromium CVE-2021-21190 : Uninitialized Use in PDFium | Unknown |
Microsoft Edge on Chromium | CVE-2021-21183 | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs | Unknown |
Microsoft Edge on Chromium | CVE-2021-21185 | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions | Unknown |
Microsoft Edge on Chromium | CVE-2021-21187 | Chromium CVE-2021-21187: Insufficient data validation in URL formatting | Unknown |
Microsoft Edge on Chromium | CVE-2021-21182 | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations | Unknown |
Microsoft Edge on Chromium | CVE-2021-21180 | Chromium CVE-2021-21180: Use after free in tab search | Unknown |
Microsoft Edge on Chromium | CVE-2021-21184 | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs | Unknown |
Microsoft Edge on Chromium | CVE-2021-21179 | Chromium CVE-2021-21179: Use after free in Network Internals | Unknown |
Microsoft Edge on Chromium | CVE-2021-21188 | Chromium CVE-2021-21188: Use after free in Blink | Unknown |
Microsoft Exchange Server | CVE-2021-26412 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-27078 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-26854 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-26863 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-26861 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-26876 | OpenType Font Parsing Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2021-26875 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-26868 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2021-24108 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2021-27058 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-27053 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office PowerPoint | CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-27052 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-24104 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-27076 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office Visio | CVE-2021-27055 | Microsoft Visio Security Feature Bypass Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-27050 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-27049 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-26884 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-27051 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-27062 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-24110 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-24089 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2021-27061 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2021-27048 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-27047 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-26902 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Power BI | CVE-2021-26859 | Microsoft Power BI Information Disclosure Vulnerability | Important |
Role: DNS Server | CVE-2021-27063 | Windows DNS Server Denial of Service Vulnerability | Important |
Role: DNS Server | CVE-2021-26893 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-26897 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
Role: DNS Server | CVE-2021-26894 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-26895 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-26896 | Windows DNS Server Denial of Service Vulnerability | Important |
Role: DNS Server | CVE-2021-26877 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: Hyper-V | CVE-2021-26867 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Role: Hyper-V | CVE-2021-26879 | Windows NAT Denial of Service Vulnerability | Important |
Visual Studio | CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2021-21300 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio Code | CVE-2021-27060 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-27081 | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-27083 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-27082 | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | Important |
Windows Admin Center | CVE-2021-27066 | Windows Admin Center Security Feature Bypass Vulnerability | Important |
Windows Container Execution Agent | CVE-2021-26891 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important |
Windows Container Execution Agent | CVE-2021-26865 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important |
Windows DirectX | CVE-2021-24095 | DirectX Elevation of Privilege Vulnerability | Important |
Windows Error Reporting | CVE-2021-24090 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2021-24107 | Windows Event Tracing Information Disclosure Vulnerability | Important |
Windows Event Tracing | CVE-2021-26872 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2021-26901 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2021-26898 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows Extensible Firmware Interface | CVE-2021-26892 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows Folder Redirection | CVE-2021-26887 | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2021-26862 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2021-26881 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
Windows Overlay Filter | CVE-2021-26874 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
Windows Overlay Filter | CVE-2021-26860 | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2021-1640 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2021-26878 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Projected File System Filter Driver | CVE-2021-26870 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
Windows Registry | CVE-2021-26864 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | Important |
Windows Remote Access API | CVE-2021-26882 | Remote Access API Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-26880 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
Windows Update Assistant | CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2021-1729 | Windows Update Stack Setup Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2021-26889 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2021-26866 | Windows Update Service Elevation of Privilege Vulnerability | Important |
Windows UPnP Device Host | CVE-2021-26899 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
Windows User Profile Service | CVE-2021-26873 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
Windows User Profile Service | CVE-2021-26886 | User Profile Service Denial of Service Vulnerability | Important |
Windows WalletService | CVE-2021-26871 | Windows WalletService Elevation of Privilege Vulnerability | Important |
Windows WalletService | CVE-2021-26885 | Windows WalletService Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2021-26900 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Πηγή: Bleeping Computer