Microsoft patches IE 0-day vulnerability with March security updates

On Tuesday March 9th, Microsoft released planned monthly security updates for its products. The updates contain fixes for 82 vulnerabilities - 10 critical and 72 dangerous. This does not include patches for 7 vulnerabilities in Microsoft Exchange and 33 vulnerabilities in Chromium Edge released earlier this month.

In particular, the March updates fix a zero-day vulnerability already exploited in attacks. Back in January 2021, Google announced that the Lazarus cybercriminal group was attacking security researchers through hacked Visual Studio installations and unknown vulnerabilities. As specialists from the South Korean information security company Enki found out a month later, the attackers exploited a zero-day vulnerability in Internet Explorer to install backdoors. This memory corruption vulnerability (CVE-2021-26411) was patched on March 9th.

The March update also fixes a Windows Win32k privilege escalation vulnerability ( CVE-2021-27077 ). The vulnerability was publicly disclosed by researchers at the Trend Micro Zero Day Initiative in January this year after Microsoft said it had no intention of fixing it.

The remaining vulnerabilities were fixed in Microsoft Windows components, as well as in Azure, Azure DevOps and Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office (services and web applications), SharePoint Server, Visual Studio and Windows Hyper-V ...

Previous Post Next Post