This month Patch Wednesday contains 82 CVEs, a fix for CVE-2021-26411, a remote code execution flaw in Microsoft Internet Explorer and a reminder to organizations to apply patches to address the Proxylogon and other Microsoft Exchange related zero-days. Please find below a comment from Satnam Narang, Staff Research Engineer, Tenable.
“This month’s Patch Wednesday release addressed 82 CVEs, 10 of which are rated critical. This month’s release contains a fix for CVE-2021-26411, a remote code execution flaw in Microsoft Internet Explorer that has been exploited in the wild as a zero-day. This is tied to a vulnerability that was publicly disclosed in early February by researchers at ENKI who claim it was one of the vulnerabilities used in a concerted campaign by nation-state actors to target security researchers. In the ENKI blog post, the researchers say they will publish proof-of-concept (PoC) details after the bug has been patched. As we’ve seen in the past, once PoC details become publicly available, attackers quickly incorporate those PoCs into their attack toolkits. We strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible.
“It’s imperative for organizations to ensure they’ve also applied patches to address the Proxylogon and other Microsoft Exchange related zero-days that were disclosed last week as part of an out-of-band advisory, which nation-state groups and other threat actors have exploited indiscriminately. In addition to patching, it is vital for organizations to do their due diligence and hunt for indicators of compromise to ensure attackers haven’t established a foothold within their networks.” — Satnam Narang, Staff Research Engineer, Tenable.