- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Patch Priority Index for March 2021 | The State of Security
Tripwire’s March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft.
First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Next on the list are patches for Internet Explorer, which resolve memory corruption and remote code execution vulnerabilities.
Up next on the patch priority list this month are patches for Microsoft Excel, Visio, PowerPoint and Office. These patches resolve seven issues including security feature bypass and remote code execution vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 35 vulnerabilities including elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect core Windows, WalletService, Error Reporting, Windows Media, Storage Spaces Controller, DirectX, OpenType Font, Graphics, Event Tracing, User Profile Service, App-V, Update Stack and others.
Up next is a patch that resolves a denial of service and remote code execution vulnerability for Hyper-V.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Exchange and DNS. These patches resolve several issues including remote code execution, information disclosure, denial of service and spoofing vulnerabilities.
BULLETIN | CVE |
Exploit Framework – Metasploit | CVE-2021-27065, CVE-2021-26855, CVE-2021-25282, CVE-2021-25281, CVE-2021-22986, CVE-2021-21972 |
Internet Explorer | CVE-2021-26411, CVE-2021-27085 |
Microsoft Office | CVE-2021-27055, CVE-2021-27056, CVE-2021-27054, CVE-2021-27053, CVE-2021-27057, CVE-2021-27059, CVE-2021-24108 |
Microsoft Windows | CVE-2021-26885, CVE-2021-26871, CVE-2021-24090, CVE-2021-26881, CVE-2021-26862, CVE-2021-26880, CVE-2021-24095, CVE-2021-26870, CVE-2021-26884, CVE-2021-26876, CVE-2021-26868, CVE-2021-26861, CVE-2021-27077, CVE-2021-26875, CVE-2021-26863, CVE-2021-26901, CVE-2021-26872, CVE-2021-26898, CVE-2021-24107, CVE-2021-27070, CVE-2021-26886, CVE-2021-26873, CVE-2021-26864, CVE-2021-26890, CVE-2021-26860, CVE-2021-26874, CVE-2021-26900, CVE-2021-26865, CVE-2021-26891, CVE-2021-26866, CVE-2021-26889, CVE-2021-1729, CVE-2021-26899, CVE-2021-1640, CVE-2021-26878, CVE-2021-26892, CVE-2021-26869, CVE-2021-26882 |
Hyper-V | CVE-2021-26867, CVE-2021-26879 |
Exchange Server | CVE-2021-27065, CVE-2021-27078, CVE-2021-26858, CVE-2021-26857, CVE-2021-26854, CVE-2021-26855, CVE-2021-26412 |
Microsoft Office SharePoint | CVE-2021-27052, CVE-2021-27076, CVE-2021-24104 |
Microsoft DNS Server | CVE-2021-27063, CVE-2021-26896, CVE-2021-26877, CVE-2021-26893, CVE-2021-26897, CVE-2021-26894, CVE-2021-26895 |