Chances are you wanted to search for more security commands Microsoft today … the company released software updates to support more than 82 security flaws in Windows and other software. Ten of these achieve ‘critical’ ratings from Microsoft, which means that they can be used by malware or malicious people with little or no user help.
The pinnacle of hope this month (apart from the ongoing, global Exchange Server mass compromise) is a patch for a Internet Explorer error that sees active exploitation. The IE vulnerability – CVE-2021-26411 – affects both IE11 and later EdgeHTML-based versions, causing attackers to execute a file of their choice by displaying a hacked or malicious Web site in IE.
The IE error was linked to a vulnerability revealed in early February by researchers at ENKI, who claimed it was one of those used in a recent campaign by national state actors to target security investigators. In the ENKI blog post, the researchers said they would publish proof of concept (PoC) after the bug was patched.
“As we have seen in the past, once the PoC details are publicly available, attackers quickly incorporate these PoCs into their attack tools,” he said. Satnam Narang, staff research engineer at Durable. “We encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-based) to apply these patches as soon as possible.”
This is probably a good place to quote Martin Brinkman from Ghacks.net: it’s the latest cheer for the legendary Microsoft Edge web browser, which is retired by Microsoft.
For the second month in a row, Microsoft has fixed some nasty bugs in the DNA servers Windows Server 2008 by 2019 versions that can be used to remotely install attackers’ software of choice. All five of the DNA bugs fixed in the patch group today earned a CVSS (hazard value) score of 9.8 – almost as bad as it gets.
“The chances are high that it could worm between DNA servers,” Trend Micro’s warned Dustin Childs.
As mentioned above, hundreds of thousands of organizations are dealing with a security nightmare after their Exchange Server and Outlook Web Access (OWA) are hacked and customized with a backdoor. If an organization you know has been affected by this attack, please consult the new Victims Notification Web site.
Susan Bradley on Askwoody.com says ‘nothing in the security updates in March (other than the Exchange updates released last week) causes me to urge you to run and load your machines at this time.’ I agree, unless of course you visit the internet with older Microsoft browsers.
It’s a good idea for Windows users to have the habit of updating at least once a month, but for regular users (read: not businesses) it’s usually safe to wait a few days until after the patches have been released so Microsoft has time to iron out any twists in the new armor.
But before you update, please make sure you have a backup of your system and / or important files. It’s not uncommon for a Windows update package to save your system or prevent it from starting properly, and some updates are known to delete or corrupt files.
So do yourself a favor and back up before installing patches. Windows 10 even has some built-in tools to help you make it on a file / folder basis or by making a full and bootable copy of your hard drive at once.
And if you want to ensure that Windows is set to interrupt the update so that you can back up your files and / or system before the operating system decides to reboot and install their own program, see this guide.
As always, if you’ve been having trouble installing one of these patches this month, consider commenting below; there is a better chance than any other chance that other readers have experienced the same, and they can climb in here with some helpful tips.
Additional reading:
Martin Brinkman’s always comprehensive take.
The SANS Internet Storm Center no-frills outline of the fixes.
Tags: AskWoody.com, CVE-2021-26411, Dustin Childs, Exchange Server hack, Microsoft Patch Tuesday March 2021, Satnam Narang, Tenable, Windows DNS
This entry was posted on Tuesday, March 9th, 2021 at 8:42 pm and is filed under Others. You can follow any comments on this entry through the RSS 2.0 feed. You can go to the end and leave a comment. Ping is currently not allowed.