[Tech-l] FW: MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, March 09, 2021 - PATCH: NOW - TLP: WHITE

Thor Sage sage at mveca.org
Wed Mar 10 07:26:35 EST 2021


Good morning.
Please see the below advisory from MS-ISAC regarding a multitude of vulnerabilities in Microsoft products.  Recommendations include the following:
•             Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
•             Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
•             Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
•             Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
•             Apply the Principle of Least Privilege to all systems and services.

It is critical that all patches and releases be applied.  MVECA support staff have been activitly working to address all vulnerabilities on hosted systems and servers.  Please let me know if you have questions.
Thank you,
Thor

Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/> [t] <https://twitter.com/mvecarcog> [f] <https://www.facebook.com/MVECA-707401659416692/>
Not-for-profit Technology Services for Education and Local Governments


From: MS-ISAC Advisory <MS-ISAC.Advisory at msisac.org>
Sent: Tuesday, March 9, 2021 2:20 PM
To: Michael Aliperti <Michael.Aliperti at cisecurity.org>
Subject: MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, March 09, 2021 - PATCH: NOW - TLP: WHITE
Importance: High


TLP: WHITE
MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER:
2021-032

DATE(S) ISSUED:
03/09/2021

SUBJECT:
Critical Patches Issued for Microsoft Products, March 09, 2021

OVERVIEW:
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:
There are reports of two vulnerabilities observed being exploited in the wild (CVE-2021-27077 and CVE-2021-26411). CVE-2021-27077 is an Windows Win32k elevation of privilege vulnerability which allowed an attacker to escalate their privileges. CVE-2021-26411 is an Internet Explorer memory corruption vulnerability which would allow an attacker to run malicious code on the affected system when a user visited a specially crafted HTMl file. Proof-of-concept code is available for both of these CVEs.

SYSTEMS AFFECTED:

  *   Application Virtualization
  *   Azure
  *   Azure DevOps
  *   Azure Sphere
  *   Internet Explorer
  *   Microsoft ActiveX
  *   Microsoft Exchange Server
  *   Microsoft Edge (Chromium-based)
  *   Microsoft Graphics Component
  *   Microsoft Office
  *   Microsoft Office Excel
  *   Microsoft Office PowerPoint
  *   Microsoft Office SharePoint
  *   Microsoft Office Visio
  *   Microsoft Windows Codecs Library
  *   Power BI
  *   Role: DNS Server
  *   Role: Hyper-V
  *   Visual Studio
  *   Visual Studio Code
  *   Windows Admin Center
  *   Windows Container Execution Agent
  *   Windows DirectX
  *   Windows Error Reporting
  *   Windows Event Tracing
  *   Windows Extensible Firmware Interface
  *   Windows Folder Redirection
  *   Windows Installer
  *   Windows Media
  *   Windows Overlay Filter
  *   Windows Print Spooler Components
  *   Windows Projected File System Filter Driver
  *   Windows Registry
  *   Windows Remote Access API
  *   Windows Storage Spaces Controller
  *   Windows Update Assistant
  *   Windows Update Stack
  *   Windows UPnP Device Host
  *   Windows User Profile Service
  *   Windows WalletService
  *   Windows Win32K

RISK:
Government:

  *   Large and medium government entities: High
  *   Small government entities: Medium
Businesses:

  *   Large and medium business entities: High
  *   Small business entities: Medium
Home users: Low

TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.

A full list of all vulnerabilities can be found at the link below:
https://msrc.microsoft.com/update-guide/en-us

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:
We recommend the following actions be taken:

  *   Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  *   Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  *   Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  *   Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
Microsoft:
https://portal.msrc.microsoft.com/en-us/security-guidance
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

BleepingComputer:
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/


24x7 Security Operations Center
Multi-State Information Sharing and Analysis Center (MS-ISAC)
Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
SOC at cisecurity.org<mailto:SOC at cisecurity.org> - 1-866-787-4722
[cid:image013.jpg at 01D6E8EF.4DA5FD40]
       [cid:image014.png at 01D6E8EF.4DA5FD40]     [cid:image015.png at 01D6E8EF.4DA5FD40]    [cid:image016.png at 01D6E8EF.4DA5FD40]     [cid:image017.png at 01D6E8EF.4DA5FD40]

TLP: WHITE
Disclosure is not limited. Subject to standard copyright rules, TLP: WHITE information may be distributed without restriction.
http://www.us-cert.gov/tlp/

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4128 bytes
Desc: image001.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1892 bytes
Desc: image002.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2176 bytes
Desc: image003.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1889 bytes
Desc: image004.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2058 bytes
Desc: image005.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image006.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image007.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 1197 bytes
Desc: image008.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.jpg
Type: image/jpeg
Size: 1194 bytes
Desc: image009.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20210310/a00d377d/attachment-0004.jpg>


More information about the Tech-l mailing list