VERT Threat Alert: March 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s March 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-933 on Wednesday, March 10th.
In-The-Wild & Disclosed CVEs
CVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.
CVE-2021-26411
A vulnerability in Microsoft Internet Explorer and the EdgeHTML-based Microsoft Edge is currently experiencing active exploitation. To successfully exploit this vulnerability, an attacker would need to direct the victim to a website, which would typically be accomplished via a phishing attack or some other form of social engineering.
Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.
CVE-2021-27077
This CVE describes a disclosed but not yet exploited vulnerability in Win32k that could allow for privilege escalation. This is a local vulnerability, meaning that an attacker must already have access to the system in order to exploit this issue.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-march-2021-patch-tuesday-analysis/
