Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in March's Patch Tuesday Index below.
Microsoft addresses 89 new vulnerabilities this month, representing a 60% increase from February. Of this total, 14 are rated as “critical” with 5 that are being actively exploited in the wild, 4 of which are specific to Microsoft Exchange Server. Last week, Microsoft released a critical security update rollup for Exchange Server addressing multiple zero-day exploits being used in the wild. Anyone running vulnerable Exchange servers should update as soon as possible.
Adobe has released fixes for 17 total vulnerabilities spanning across Adobe Connect, Framemaker, Animate, Photoshop, and the Adobe Creative Cloud Desktop Application.
Automox Patch Tuesday expert Eric Feldman will be breaking down all of March's Patch Tuesday releases tomorrow, March 10, 2021. Register here so you can prioritize the patches for your environment and ask any question you may have.
Updated Live. Last Update 12:15 PM EST March 09, 2021.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Firefox | 12 security vulnerabilities fixed in Firefox 86 | MFSA 2021-07 | High |
Firefox ESR | 4 security vulnerabilities fixed in Firefox ESR 78.8 | MFSA 2021-08 | High |
Thunderbird | 4 security vulnerabilities fixed in Thunderbird 78.8 | MFSA 2021-09 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe Connect | 4 Security Vulnerabilities fixed in Adobe Connect | APSB21-19 | Critical |
Adobe Creative Cloud | 3 Security Vulnerabilities fixed in Adobe Creative Cloud Desktop Application | APSB21-18 | Critical |
Adobe Photoshop | 2 Security Vulnerabilities fixed in Adobe Photoshop | APSB21-17 | Critical |
Adobe Animate | 7 Security Vulnerabilities fixed in Adobe Animate | APSB21-21 | Critical |
Adobe Framemaker | 1 Security Vulnerability fixed in Adobe Framemaker | APSB21-14 | Critical |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Google Chrome | Chrome 89.0.4389.72 | Multiple CVEs | Critical |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Visual Studio | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2021-21300 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-24089 | Critical |
Internet Explorer | Internet Explorer Memory Corruption Vulnerability | CVE-2021-26411 | Critical |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-26412 | Critical |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-26855 | Critical |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-26857 | Critical |
Role: Hyper-V | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2021-26867 | Critical |
Microsoft Graphics Component | OpenType Font Parsing Remote Code Execution Vulnerability | CVE-2021-26876 | Critical |
Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2021-26897 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-26902 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27061 | Critical |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-27065 | Critical |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2021-27074 | Critical |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2021-27080 | Critical |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-26858 | High |
Microsoft Graphics Component | Windows Win32k Elevation of Privilege Vulnerability | CVE-2021-27077 | High |
Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2021-1640 | High |
Windows Update Stack | Windows Update Stack Setup Elevation of Privilege Vulnerability | CVE-2021-1729 | High |
Windows Error Reporting | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2021-24090 | High |
Windows DirectX | DirectX Elevation of Privilege Vulnerability | CVE-2021-24095 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2021-24104 | High |
Windows Event Tracing | Windows Event Tracing Information Disclosure Vulnerability | CVE-2021-24107 | High |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2021-24108 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-24110 | High |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-26854 | High |
Power BI | Microsoft Power BI Information Disclosure Vulnerability | CVE-2021-26859 | High |
Windows Overlay Filter | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | CVE-2021-26860 | High |
Microsoft Graphics Component | Windows Photos App Remote Code Execution Vulnerability | CVE-2021-26861 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2021-26862 | High |
Microsoft Graphics Component | Windows Win32k Elevation of Privilege Vulnerability | CVE-2021-26863 | High |
Windows Registry | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | CVE-2021-26864 | High |
Windows Container Execution Agent | Windows Container Execution Agent Elevation of Privilege Vulnerability | CVE-2021-26865 | High |
Windows Update Stack | Windows Update Service Elevation of Privilege Vulnerability | CVE-2021-26866 | High |
Microsoft Graphics Component | Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2021-26868 | High |
Microsoft ActiveX | Windows ActiveX Installer Service Information Disclosure Vulnerability | CVE-2021-26869 | High |
Windows Projected File System Filter Driver | Windows Projected File System Elevation of Privilege Vulnerability | CVE-2021-26870 | High |
Windows WalletService | Windows WalletService Elevation of Privilege Vulnerability | CVE-2021-26871 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-26872 | High |
Windows User Profile Service | Windows User Profile Service Elevation of Privilege Vulnerability | CVE-2021-26873 | High |
Windows Overlay Filter | Windows Overlay Filter Elevation of Privilege Vulnerability | CVE-2021-26874 | High |
Microsoft Graphics Component | Windows Win32k Elevation of Privilege Vulnerability | CVE-2021-26875 | High |
Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2021-26877 | High |
Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2021-26878 | High |
Role: Hyper-V | Windows NAT Denial of Service Vulnerability | CVE-2021-26879 | High |
Windows Storage Spaces Controller | Storage Spaces Controller Elevation of Privilege Vulnerability | CVE-2021-26880 | High |
Windows Media | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | CVE-2021-26881 | High |
Windows Remote Access API | Remote Access API Elevation of Privilege Vulnerability | CVE-2021-26882 | High |
Microsoft Windows Codecs Library | Windows Media Photo Codec Information Disclosure Vulnerability | CVE-2021-26884 | High |
Windows WalletService | Windows WalletService Elevation of Privilege Vulnerability | CVE-2021-26885 | High |
Windows User Profile Service | User Profile Service Denial of Service Vulnerability | CVE-2021-26886 | High |
Windows Folder Redirection | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | CVE-2021-26887 | High |
Windows Update Stack | Windows Update Stack Elevation of Privilege Vulnerability | CVE-2021-26889 | High |
Application Virtualization | Application Virtualization Remote Code Execution Vulnerability | CVE-2021-26890 | High |
Windows Container Execution Agent | Windows Container Execution Agent Elevation of Privilege Vulnerability | CVE-2021-26891 | High |
Windows Extensible Firmware Interface | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | CVE-2021-26892 | High |
Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2021-26893 | High |
Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2021-26894 | High |
Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2021-26895 | High |
Role: DNS Server | Windows DNS Server Denial of Service Vulnerability | CVE-2021-26896 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-26898 | High |
Windows UPnP Device Host | Windows UPnP Device Host Elevation of Privilege Vulnerability | CVE-2021-26899 | High |
Windows Win32K | Windows Win32k Elevation of Privilege Vulnerability | CVE-2021-26900 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2021-26901 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27047 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27048 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27049 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27050 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27051 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Information Disclosure Vulnerability | CVE-2021-27052 | High |
Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-27053 | High |
Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2021-27054 | High |
Microsoft Office Visio | Microsoft Visio Security Feature Bypass Vulnerability | CVE-2021-27055 | High |
Microsoft Office PowerPoint | Microsoft PowerPoint Remote Code Execution Vulnerability | CVE-2021-27056 | High |
Microsoft Office Excel | Microsoft Office Remote Code Execution Vulnerability | CVE-2021-27057 | High |
Microsoft Office | Microsoft Office ClickToRun Remote Code Execution Vulnerability | CVE-2021-27058 | High |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2021-27059 | High |
Visual Studio Code | Visual Studio Code Remote Code Execution Vulnerability | CVE-2021-27060 | High |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2021-27062 | High |
Role: DNS Server | Windows DNS Server Denial of Service Vulnerability | CVE-2021-27063 | High |
Windows Admin Center | Windows Admin Center Security Feature Bypass Vulnerability | CVE-2021-27066 | High |
Windows Update Assistant | Windows 10 Update Assistant Elevation of Privilege Vulnerability | CVE-2021-27070 | High |
Azure | Azure Virtual Machine Information Disclosure Vulnerability | CVE-2021-27075 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2021-27076 | High |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-27078 | High |
Visual Studio Code | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | CVE-2021-27081 | High |
Visual Studio Code | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | CVE-2021-27082 | High |
Visual Studio Code | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | CVE-2021-27083 | High |
Visual Studio | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | CVE-2021-27084 | High |
Internet Explorer | Internet Explorer Remote Code Execution Vulnerability | CVE-2021-27085 | High |
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS and third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.