March 10: CSW Patch Watch & Security Updates

Highlights of Patch Watch Issue 11

• 16 vendors released security patches for 566 vulnerabilities, including 45 CVEs with known exploits.

• 14 vulnerabilities that got patched in March are red flagged by  CISA.

• 323 old vulnerabilities have been patched.

• Microsoft fixed 89 bugs this month.

Weaponized Vulnerabilities

We have 46 vulnerabilities that are known exploits. Here is our analysis –

• 2 CVEs are targeted by 10 APT Groups, Dear Cry ransomware, and PlugX and ShadowPad malware.

• 5 CVEs are associated with RCE and PE respectively.

• 10 CVEs are linked to Denial of Service.

• 16 CVEs are rated high and 24 CVEs are of medium severity.

Click here for our analysis and download patches.

Old Vulnerabilities

323 Old vulnerabilities have been fixed ranging from the year 2010 to 2020.

• 3 CVEs are associated with RansomEXX and BitPaymer ransomware.

• 4 CVEs have featured in CISA Alerts.

• 36 old vulnerabilities are already weaponized and have known exploits

• 2 CVEs are RCE bugs and 2 CVEs have Privilege Escalation capabilities.

• 61 CVEs are rated high and 217 are of medium severity.

Click here for our analysis and download patches.

Microsoft March Patches 2021

Microsoft issued patches for 89 security vulnerabilities, including two zero-day vulnerabilities (CVE-2021-26411 & CVE-2021-27077) in Internet Explorer and Windows.

Check out our Microsoft patch edition for more findings.

CISA Alerts

CISA has issued an alert for 14 vulnerabilities.

• 2 CVEs have known exploits with RCE bugs.

• 5 CVEs are rated high and 2 are of medium severity.

• 4 CVEs are associated with 10 APT Groups, 2 malware, and DearCry ransomware.

Click here for our analysis and download patches.

Table: Security Patches March 2021

According to a survey, one in four cyber attacks that were remediated in 2020 were linked to ransomware. We know that security teams are inundated with patches and they have to race against time to reduce their attack surface. CSW’s Patchwatch is a good starting point for these security teams. Subscribe to our newsletter for regular updates.

Concerned about a cyber-attack?
Want to know more about Vulnerability Management as a Service. Talk to us.