CSW Discovers its 50th Zero Day!

March 2021: Patch Watch Digest

Posted on Apr 19, 2021 | By Pavithra Shankar

Highlights of March Digest

Weaponized Vulnerabilities

We have 116 vulnerabilities with known exploits. Here is our analysis –

  • 2 CVEs are associated with DearCry ransomware, 10 APT Groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, Vicious Panda Group), and 2 malwares (PlugX & ShadowPad Malware).

  • 3 CVE has been alerted by CISA.

  • 9 CVEs have Privilege Escalation capabilities.

  • 13 CVEs are associated with Remote Code Execution.

  • 14 CVEs have Denial of Service.

  • 8 CVEs are linked to SQL Injection.

  • 47 CVEs are rated high.

Click here for our analysis and download patches.

Old Vulnerabilities Patched in March 2021

510 Old vulnerabilities have been issued security updates ranging from the year 2010 to 2020.

  • 3 CVEs are linked to BitPaymer and RansomExx ransomware.

  • 6 CVEs have been alerted by CISA.

  • 4 CVEs have PE capabilities.

  • 3 CVEs are RCE bugs.

  • 13 CVEs have Denial of Service.

  • 103 CVEs are critical and 320 medium severity.

  • Out of 510 Old vulnerabilities, 76 have known exploits.

Click here for our analysis and download patches.

Microsoft March Patches 2021

Microsoft issued patches for 89 security vulnerabilities, including two zero-day.

Check out our Microsoft Patch Watch edition here  

CISA Alerts

24 vulnerabilities have been red-flagged by CISA.

  • 3 CVEs have been weaponized with RCE/PE.

  • 4 CVEs are associated with DearCry ransomware, 10 APT Groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, Vicious Panda Group), and 2 malware (PlugX & ShadowPad Malware).

  • 9 CVEs are rated high, and 6 of medium severity.

Click here for our analysis and download patches.

Table: March 2021 Security Patches 

Threat actors need only one vulnerability to exploit and get into the system. Today, the only way to get around this problem is to apply patches whenever the vendor releases them. 


Worried about vulnerability management. Talk to us.

 

Test your defense to know how secure you are…