Microsoft Security Bulletin Coverage for March 2021

March 9, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2021. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2021-24095 DirectX Elevation of Privilege Vulnerability
ASPY 5907: Malformed-File exe.MP.131

CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability
IPS 15430: Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)

CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability
IPS 15420: Microsoft Exchange Server Remote Code Execution ( CVE-2021-26855) 2

CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability
ASPY 158: Malformed-File xml.MP.4

CVE-2021-26863 Windows Win32k Elevation of Privilege Vulnerability
ASPY 160: Malformed-File exe.MP.171

CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 161: Malformed-File exe.MP.172

CVE-2021-26877 Windows DNS Server Remote Code Execution Vulnerability
IPS 15434: Windows DNS Server Remote Code Execution (CVE-2021-26877)

CVE-2021-26897 Windows DNS Server Remote Code Execution Vulnerability
IPS 15435: Windows DNS Server Remote Code Execution (CVE-2021-26897)

CVE-2021-27076 Microsoft SharePoint Server Remote Code Execution Vulnerability
ASPY 162: Malformed-File exe.MP.173

CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability
ASPY 163: Malformed-File ex.MP.174

CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability
IPS 15421: Microsoft Exchange Server Remote Code Execution 1

CVE-2021-27078 Microsoft Exchange Server Remote Code Execution Vulnerability
IPS 15421: Microsoft Exchange Server Remote Code Execution 1

Following vulnerabilities do not have exploits in the wild :
CVE-2021-1640 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1729 Windows Update Stack Setup Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-21300 Git for Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24089 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-24104 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-24108 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-24110 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26412 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26859 Microsoft Power BI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-26860 Windows App-V Overlay Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26861 Windows Graphics Component Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26862 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26864 Windows Virtual Registry Provider Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26865 Windows Container Execution Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26866 Windows Update Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26869 Windows ActiveX Installer Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-26870 Windows Projected File System Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26871 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26872 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26873 Windows User Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26874 Windows Overlay Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26875 Windows Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26876 OpenType Font Parsing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26878 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26879 Windows NAT Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26880 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26881 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26882 Remote Access API Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26884 Windows Media Photo Codec Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-26885 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26886 User Profile Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26887 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26889 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26890 Application Virtualization Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26891 Windows Container Execution Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-26893 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26894 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26895 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26896 Windows DNS Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26898 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26899 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26900 Windows Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26901 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26902 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27047 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27048 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27049 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27050 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27051 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27052 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27053 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27054 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27055 Microsoft Visio Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-27056 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27057 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27058 Microsoft Office ClickToRun Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27059 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27060 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27061 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27062 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27063 Windows DNS Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-27066 Windows Admin Center Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-27070 Windows 10 Update Assistant Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27074 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27075 Azure Virtual Machine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27080 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27081 Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27082 Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27083 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27084 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27085 Internet Explorer Remote Code Execution Vulnerability
There are no known exploits in the wild.