Description:

Microsoft has released a security updates to address several vulnerabilities in the following products:

• Application Virtualization
• Azure
• Azure DevOps
• Azure Sphere
• Internet Explorer
• Microsoft ActiveX
• Microsoft Exchange Server
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows Codecs Library
• Power BI
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Windows Admin Center
• Windows Container Execution Agent
• Windows DirectX
• Windows Error Reporting
• Windows Event Tracing
• Windows Extensible Firmware Interface
• Windows Folder Redirection
• Windows Installer
• Windows Media
• Windows Overlay Filter
• Windows Print Spooler Components
• Windows Projected File System Filter Driver
• Windows Registry
• Windows Remote Access API
• Windows Storage Spaces Controller
• Windows Update Assistant
• Windows Update Stack
• Windows UPnP Device Host
• Windows User Profile Service
• Windows WalletService
• Windows Win32K

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• Execute arbitrary code – remotely
• Unauthorized disclosure of information
• Elevation of Privilege
• Spoofing

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

Update Instructions:

• support.microsoft.com/ar-sa/help/323166/how-to-download-updates-that-include-drivers-and-hotfixes-from-the-win