Experts Insight On Critical Remote Code Execution Flaws, IE Zero-Day Fixed In Microsoft’s March Patch Tuesday

Microsoft has released 89 security fixes for software including the Edge browser, Office, and Azure that patch critical issues including vectors for the remote execution of arbitrary code. Experts below provide an insight on these critical patches.

Experts Comments

March 10, 2021
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys

While most IT teams are accustomed to regular patch updates and patch cycles, the current set of Microsoft Exchange Server updates include another important step – checking for signs of compromise. The four Exchange Server vulnerabilities contained in this month’s patch update are being actively exploited to form part of a cyber kill chain. This kill chain allows attackers to leave behind web shells that can then be used to further their attack. Since a web shell is nothing more than a

.....Read More

While most IT teams are accustomed to regular patch updates and patch cycles, the current set of Microsoft Exchange Server updates include another important step – checking for signs of compromise. The four Exchange Server vulnerabilities contained in this month’s patch update are being actively exploited to form part of a cyber kill chain. This kill chain allows attackers to leave behind web shells that can then be used to further their attack. Since a web shell is nothing more than a piece of malicious code that looks like a web interface and behaves like one, hiding malicious traffic flowing from one web interface is easy to accomplish on production servers like Microsoft Exchange. Of course, since the attackers define the rules of their engagement, what that web shell does is up to them. That means they could try anything from siphoning data from the server to using the server resources to run cryptomining software. In the case of these Exchange Server patches, simply patching the Exchange Server isn’t sufficient as if there are signs of compromise, you’ll need to trigger your incident response plan and perform some forensic analysis to determine the extent of any damage done.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.