- 연 85억 원 절감한 공공기관의 선택…출장 관리 DX로 완성한 비용 최적화 공식
- Zoom goes down across the globe - what we know about the outage so far
- AIがCXを加速:年間8600億ドルのビジネス価値創出の可能性、では導入の壁は?
- Free IRS Direct File service for taxpayers to end, according to reports
- Why the CVE database for tracking security flaws nearly went dark - and what happens next
Patch Priority Index for March 2021 | The State of Security
Tripwire’s March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft.
First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Next on the list are patches for Internet Explorer, which resolve memory corruption and remote code execution vulnerabilities.
Up next on the patch priority list this month are patches for Microsoft Excel, Visio, PowerPoint and Office. These patches resolve seven issues including security feature bypass and remote code execution vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 35 vulnerabilities including elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect core Windows, WalletService, Error Reporting, Windows Media, Storage Spaces Controller, DirectX, OpenType Font, Graphics, Event Tracing, User Profile Service, App-V, Update Stack and others.
Up next is a patch that resolves a denial of service and remote code execution vulnerability for Hyper-V.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Exchange and DNS. These patches resolve several issues including remote code execution, information disclosure, denial of service and spoofing vulnerabilities.
| BULLETIN | CVE |
| Exploit Framework – Metasploit | CVE-2021-27065, CVE-2021-26855, CVE-2021-25282, CVE-2021-25281, CVE-2021-22986, CVE-2021-21972 |
| Internet Explorer | CVE-2021-26411, CVE-2021-27085 |
| Microsoft Office | CVE-2021-27055, CVE-2021-27056, CVE-2021-27054, CVE-2021-27053, CVE-2021-27057, CVE-2021-27059, CVE-2021-24108 |
| Microsoft Windows | CVE-2021-26885, CVE-2021-26871, CVE-2021-24090, CVE-2021-26881, CVE-2021-26862, CVE-2021-26880, CVE-2021-24095, CVE-2021-26870, CVE-2021-26884, CVE-2021-26876, CVE-2021-26868, CVE-2021-26861, CVE-2021-27077, CVE-2021-26875, CVE-2021-26863, CVE-2021-26901, CVE-2021-26872, CVE-2021-26898, CVE-2021-24107, CVE-2021-27070, CVE-2021-26886, CVE-2021-26873, CVE-2021-26864, CVE-2021-26890, CVE-2021-26860, CVE-2021-26874, CVE-2021-26900, CVE-2021-26865, CVE-2021-26891, CVE-2021-26866, CVE-2021-26889, CVE-2021-1729, CVE-2021-26899, CVE-2021-1640, CVE-2021-26878, CVE-2021-26892, CVE-2021-26869, CVE-2021-26882 |
| Hyper-V | CVE-2021-26867, CVE-2021-26879 |
| Exchange Server | CVE-2021-27065, CVE-2021-27078, CVE-2021-26858, CVE-2021-26857, CVE-2021-26854, CVE-2021-26855, CVE-2021-26412 |
| Microsoft Office SharePoint | CVE-2021-27052, CVE-2021-27076, CVE-2021-24104 |
| Microsoft DNS Server | CVE-2021-27063, CVE-2021-26896, CVE-2021-26877, CVE-2021-26893, CVE-2021-26897, CVE-2021-26894, CVE-2021-26895 |
