Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0051 Microsoft Patch Tuesday update for Windows for March 2021 10 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: HEVC Video Extensions Windows 10 Windows 8.1 Windows Admin Center Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-27077 CVE-2021-27070 CVE-2021-27066 CVE-2021-27063 CVE-2021-27062 CVE-2021-27061 CVE-2021-27051 CVE-2021-27050 CVE-2021-27049 CVE-2021-27048 CVE-2021-27047 CVE-2021-26902 CVE-2021-26901 CVE-2021-26900 CVE-2021-26899 CVE-2021-26898 CVE-2021-26897 CVE-2021-26896 CVE-2021-26895 CVE-2021-26894 CVE-2021-26893 CVE-2021-26892 CVE-2021-26891 CVE-2021-26890 CVE-2021-26889 CVE-2021-26887 CVE-2021-26886 CVE-2021-26885 CVE-2021-26884 CVE-2021-26882 CVE-2021-26881 CVE-2021-26880 CVE-2021-26879 CVE-2021-26878 CVE-2021-26877 CVE-2021-26876 CVE-2021-26875 CVE-2021-26874 CVE-2021-26873 CVE-2021-26872 CVE-2021-26871 CVE-2021-26870 CVE-2021-26869 CVE-2021-26868 CVE-2021-26867 CVE-2021-26866 CVE-2021-26865 CVE-2021-26864 CVE-2021-26863 CVE-2021-26862 CVE-2021-26861 CVE-2021-26860 CVE-2021-24110 CVE-2021-24107 CVE-2021-24095 CVE-2021-24090 CVE-2021-24089 CVE-2021-1729 CVE-2021-1640 OVERVIEW Microsoft has released its monthly security patch update for the month of March 2021. This update resolves 59 vulnerabilities across the following products: [1] HEVC Video Extensions Windows 10 Windows 8.1 Windows Admin Center Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-1640 Elevation of Privilege Important CVE-2021-1729 Elevation of Privilege Important CVE-2021-24089 Remote Code Execution Critical CVE-2021-24090 Elevation of Privilege Important CVE-2021-24095 Elevation of Privilege Important CVE-2021-24107 Information Disclosure Important CVE-2021-24110 Remote Code Execution Important CVE-2021-26860 Elevation of Privilege Important CVE-2021-26861 Remote Code Execution Important CVE-2021-26862 Elevation of Privilege Important CVE-2021-26863 Elevation of Privilege Important CVE-2021-26864 Elevation of Privilege Important CVE-2021-26865 Elevation of Privilege Important CVE-2021-26866 Elevation of Privilege Important CVE-2021-26867 Remote Code Execution Critical CVE-2021-26868 Elevation of Privilege Important CVE-2021-26869 Information Disclosure Important CVE-2021-26870 Elevation of Privilege Important CVE-2021-26871 Elevation of Privilege Important CVE-2021-26872 Elevation of Privilege Important CVE-2021-26873 Elevation of Privilege Important CVE-2021-26874 Elevation of Privilege Important CVE-2021-26875 Elevation of Privilege Important CVE-2021-26876 Remote Code Execution Critical CVE-2021-26877 Remote Code Execution Important CVE-2021-26878 Elevation of Privilege Important CVE-2021-26879 Denial of Service Important CVE-2021-26880 Elevation of Privilege Important CVE-2021-26881 Remote Code Execution Important CVE-2021-26882 Elevation of Privilege Important CVE-2021-26884 Information Disclosure Important CVE-2021-26885 Elevation of Privilege Important CVE-2021-26886 Denial of Service Important CVE-2021-26887 Elevation of Privilege Important CVE-2021-26889 Elevation of Privilege Important CVE-2021-26890 Remote Code Execution Important CVE-2021-26891 Elevation of Privilege Important CVE-2021-26892 Security Feature Bypass Important CVE-2021-26893 Remote Code Execution Important CVE-2021-26894 Remote Code Execution Important CVE-2021-26895 Remote Code Execution Important CVE-2021-26896 Denial of Service Important CVE-2021-26897 Remote Code Execution Critical CVE-2021-26898 Elevation of Privilege Important CVE-2021-26899 Elevation of Privilege Important CVE-2021-26900 Elevation of Privilege Important CVE-2021-26901 Elevation of Privilege Important CVE-2021-26902 Remote Code Execution Critical CVE-2021-27047 Remote Code Execution Important CVE-2021-27048 Remote Code Execution Important CVE-2021-27049 Remote Code Execution Important CVE-2021-27050 Remote Code Execution Important CVE-2021-27051 Remote Code Execution Important CVE-2021-27061 Remote Code Execution Critical CVE-2021-27062 Remote Code Execution Important CVE-2021-27063 Denial of Service Important CVE-2021-27066 Security Feature Bypass Important CVE-2021-27070 Elevation of Privilege Important CVE-2021-27077 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5000802, KB5000803, KB5000807, KB5000808, KB5000809 KB5000822, KB5000840, KB5000847, KB5000848, KB5000853 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYEgl5uNLKJtyKPYoAQiZlQ/+LeVasXCCxmVlQGdDrCM7D0H8QYGwwqCW QaZInSdsaGIEm3yLqv5Cz3R/LeOY1tnPQK7rXX/ieCNg63nOOjjyjwMFzMxrs5bG 39+870tjbunpczDr1mgkmvyUq2CtmFGWLNRbtqa/UNg+P6UBmoEQRyiFx7a26Z1W 4c53qFmKvsUWthYp48taBvqTMmRWEIaD4R4I+GuICZsKiNixLf/2NUji7qjkKIlq VIKBHf4eA0hnN3r0OEthESy4j6qmiIeqmsNrH3aSPWiCsgnyGNc+QnXbD8MlBZi/ teSysnVgxuzEWBRJ+H49yJqlSs5F5SkbrFpus0X5A6yWfuUDg3DCIb7qsteMk5jP 0ssIqEJv70gX+WtGgD1mQMfdInqCsXB4xKlyaIV40nDDEfkFIXpSFGVdqcNBa1VC +kLXGz7kQDCxtkpf/0HVneSc9J/I5yU12qUrwX5r694kKhvnx2fIuDku/vRCWbUe Wknlugk/MX8/qZNMukmx+qN89hKFb99vBwmUcPQF5tbXb1+S/SA0z2FzAmVZVyAj KcYGl8w/byRKc0Eo0PGcXW4+9c/+NT3MpC5CxBDZyRT8ZP6foMKdpp2edgJkXWZ1 1U73GtF3ROgoVP5yyf3y4ul9Hnt2hywaIr9+UKTTphawbTzpZAcYu3zphUYO0tbJ XyxrM+RVqWE= =Pc+q -----END PGP SIGNATURE-----