Patching Recap

Monthly Patching Recap March 2021

A big Microsoft Exchange vulnerability overshadowed everything in March. But there were also other security patches that needed attention.

At the end of each month, we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In March we tracked 221 patches in total.

Below is an overview of the affected software categories:

Patched Software Categories March 2021

The biggest patch of March came right at the start of the month: On March 2, Microsoft issued multiple out-of-bands patches for its Exchange email server. The urgency had a good reason: The underlying vulnerabilities were already being used by an attacker group in a large-scale campaign. According to threat intelligence company Volexity attacks started at least in January 2021, maybe even earlier. So although system administrators were quick in rolling out the patches (according to Microsoft after about two weeks more than 90 percent of Exchange servers have been patched), many systems probably have been compromised via this vulnerability. How the attackers will use the access they gained via the “ProxyLogon” vulnerability remains to be seen.

The big Exchange patch naturally overshadowed Microsoft’s traditional Patch Tuesday. But Windows sysadmins should make sure to not have overlooked the other important vulnerabilities that Microsoft fixed this month. The most important patches from Patch Tuesday were:

  • A memory corruption bug affecting Microsoft Edge and Internet Explorer with active exploitation going on (Advisory)
  • A remote code execution vulnerability in Windows DNS Server (Advisory)
  • A remote code execution vulnerability in Hyper-V (Advisory)

And as if multiple remote code execution vulnerabilities in Microsoft products were not enough F5 followed this up with a round of critical patches of its own. Special attention deserves two command execution vulnerabilities that mostly affect F5 BIG-IP devices and can lead a to complete takeover of an attacked device (Advisory 1, Advisory 2). The bugs are so serious that the Cybersecurity & Infrastructure and Security Agency (CISA) issued a statement urging system administrators to quickly apply the patches. F5 also published patches for two buffer overflow vulnerabilities that can be used for Denial-of-Service attacks and potentially remote code execution (Advisory 1, Advisory 2).

Another important patch in March came from the OpenSSL project, one of the most important toolkits for TLS encryption. The patch fixed two vulnerabilities that could lead to Denial-of-Service and improper certificate validation. A Denial-of-Service vulnerability in the TLS stack of your server is not what you want so these patches should be applied quickly. The easiest way to do that is probably via the updated packages of your Linux distribution.

Automate your patch management + get alerted about new patches

Patchdeck helps you stay on top of your patching with advanced automations, instant patch alerts, customizable notifications, API and more. Check out our cool features!