San Francisco, March 10 : Microsoft has released 89 security fixes for software including the Edge browser, Office and Azure that patch critical issues including vectors for the remote execution of arbitrary code.
During the tech giant’s standard monthly patch round, Microsoft released a slew of patches to fix vulnerabilities in software including Azure, Microsoft Office products — such as PowerPoint, Excel, SharePoint, and Visio alongside the Edge browser and Internet Explorer.
This also includes seven out-of-band fixes for Microsoft Exchange Server which were released last week, four of which are classed as zero-days, reports ZDnet.
Security updates have also been issued for features and services including the Microsoft Windows Codecs Library, Windows Admin Center, DirectX, Event Tracing, Registry, Win32K, and Windows Remote Access API.
In total, 14 are described as critical and the majority lead to Remote Code Execution (RCE), whereas the rest are deemed important, the report said.
Among the fixes is the resolution of CVE-2021-26411, a memory corruption vulnerability in Internet Explorer that is being actively exploited in the wild, it added.
Other critical issues of note include CVE-2021-27074 and CVE-2021-27080, unsigned code execution bugs in Azure Sphere, and CVE-2021-26897, a critical RCE flaw in Windows DNS Server.
A total of 15 of the CVEs resolved were reported through the Trend Micro Zero Day Initiative. A separate set of vulnerability fixes was issued for the Chromium version of the Edge browser last week.
The latest round of security fixes follows the early emergency patches issued by Microsoft to resolve four zero-day vulnerabilities in Exchange Server, as well as three additional security flaws.
Microsoft also announced the end of Microsoft Edge Legacy desktop application support. The application will be removed and replaced with the new Microsoft Edge during April’s Windows 10 cumulative monthly security update.