- Docker Desktop 4.36 | Docker
- This 3-in-1 MagSafe dock will charge your Apple devices while keeping them cool (and for Black Friday it's only $48)
- Why Cisco Leads with Wi-Fi 7: Transforming Future Connectivity
- What is AI networking? How it automates your infrastructure (but faces challenges)
- I traveled with a solar panel that's lighter than a MacBook, and it's my new backpack essential (and now get 23% off for Black Friday)
Patch Priority Index for March 2021 | The State of Security
Tripwire’s March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft.
First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Next on the list are patches for Internet Explorer, which resolve memory corruption and remote code execution vulnerabilities.
Up next on the patch priority list this month are patches for Microsoft Excel, Visio, PowerPoint and Office. These patches resolve seven issues including security feature bypass and remote code execution vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 35 vulnerabilities including elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect core Windows, WalletService, Error Reporting, Windows Media, Storage Spaces Controller, DirectX, OpenType Font, Graphics, Event Tracing, User Profile Service, App-V, Update Stack and others.
Up next is a patch that resolves a denial of service and remote code execution vulnerability for Hyper-V.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Exchange and DNS. These patches resolve several issues including remote code execution, information disclosure, denial of service and spoofing vulnerabilities.
BULLETIN | CVE |
Exploit Framework – Metasploit | CVE-2021-27065, CVE-2021-26855, CVE-2021-25282, CVE-2021-25281, CVE-2021-22986, CVE-2021-21972 |
Internet Explorer | CVE-2021-26411, CVE-2021-27085 |
Microsoft Office | CVE-2021-27055, CVE-2021-27056, CVE-2021-27054, CVE-2021-27053, CVE-2021-27057, CVE-2021-27059, CVE-2021-24108 |
Microsoft Windows | CVE-2021-26885, CVE-2021-26871, CVE-2021-24090, CVE-2021-26881, CVE-2021-26862, CVE-2021-26880, CVE-2021-24095, CVE-2021-26870, CVE-2021-26884, CVE-2021-26876, CVE-2021-26868, CVE-2021-26861, CVE-2021-27077, CVE-2021-26875, CVE-2021-26863, CVE-2021-26901, CVE-2021-26872, CVE-2021-26898, CVE-2021-24107, CVE-2021-27070, CVE-2021-26886, CVE-2021-26873, CVE-2021-26864, CVE-2021-26890, CVE-2021-26860, CVE-2021-26874, CVE-2021-26900, CVE-2021-26865, CVE-2021-26891, CVE-2021-26866, CVE-2021-26889, CVE-2021-1729, CVE-2021-26899, CVE-2021-1640, CVE-2021-26878, CVE-2021-26892, CVE-2021-26869, CVE-2021-26882 |
Hyper-V | CVE-2021-26867, CVE-2021-26879 |
Exchange Server | CVE-2021-27065, CVE-2021-27078, CVE-2021-26858, CVE-2021-26857, CVE-2021-26854, CVE-2021-26855, CVE-2021-26412 |
Microsoft Office SharePoint | CVE-2021-27052, CVE-2021-27076, CVE-2021-24104 |
Microsoft DNS Server | CVE-2021-27063, CVE-2021-26896, CVE-2021-26877, CVE-2021-26893, CVE-2021-26897, CVE-2021-26894, CVE-2021-26895 |