Tuesday, March 09, 2021

Microsoft March 2021 Security Updates

The Microsoft March 2021 security updates have been released and consist of 89 CVEs, including the seven Exchange CVEs released last week.  Of these 89 CVEs, 14 are rated Critical and 75 are rated Important in severity. At the time of release, two of the bugs are listed as publicly known and five are listed as under active attack.

The updates apply to the following
Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.

Important Note For Windows 10, Version 2004 and Windows 10, Version 20H2:

Before installing this update


Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). If you encounter the error, 0x800f0823 – CBS_E_NEW_SERVICING_STACK_REQUIRED, close the error message and install the last standalone SSU (KB4598481) before installing this LCU. You will not need to install this SSU (KB4598481) again for future updates. 

For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions. 

The KBs listed below contain information about known issues with the security updates:

KB Article Applies To
5000802 Windows 10, Version 2004, Windows Server, Version 2004
5000803 Windows 10, Version 1607, Windows Server 2016
5000808 Windows 10, Version 1909, Windows Server, Version 1909
5000822 Windows 10, Version 1809, Windows Server 2019
5000840 Windows Server 2012 (Security-only update)
5000841 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5000844 Windows Server 2008 (Monthly Rollup)
5000847 Windows Server 2012 (Monthly Rollup)
5000848 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5000851 Windows 7, Windows Server 2008 R2 (Security-only update)
5000853 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
5000856 Windows Server 2008 (Security-only update)
5000871 Microsoft Exchange Server 2019, 2016 and 2013
5000978 Microsoft Exchange Server 2010

 Recommended Reading 

See Dustin Childs review and analysis in Zero Day Initiative -- The March 2021 Security Update Review.

For more information about the updates released today, see the Security Update Guide.

REMINDER:  Adobe Flash Player is out of support.  For more information, see Adobe Flash end of support on December 31, 2020. Flash content is blocked from running in Flash Player today, January 12, 2021. For more information, see Adobe Flash Player EOL General Information Page.

Additional Update Notes:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: