Today’s VERT Alert addresses Microsoft’s March 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-933 on Wednesday, March 10th.

In-The-Wild & Disclosed CVEs

CVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
FinConDX 2021

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.

CVE-2021-26411

A vulnerability in Microsoft Internet Explorer and the EdgeHTML-based Microsoft Edge is currently experiencing active exploitation. To successfully exploit this vulnerability, an attacker would need to direct the victim to a website, which would typically be accomplished via a phishing attack or some other form of social engineering.

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.

CVE-2021-27077

This CVE describes a disclosed but not yet exploited vulnerability in Win32k that could allow for privilege escalation. This is a local vulnerability, meaning that an attacker must already have access to the system in order to exploit this issue.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE (Read more...)