HIGHCVSS8.8

Actively Exploited

KB5000800: Windows Server Security Update (March 2021)

Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

Published Mar 11, 2021 · Updated May 16, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve partial data exposure, arbitrary modification of data, partial service disruption. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2021-11-17 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Use After Free (CWE-416) vulnerability in Microsoft Internet Explorer. Exploitation requires remote network access, low attack complexity, no authentication required, and user interaction required.

📧

Phishing link

→

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

●IT Security

●Running edge: -; internet explorer: 11, 9

Fixed inKB5000800, KB5000802, KB5000803, KB5000807, KB5000808, KB5000809, KB5000822, KB5000841, KB5000844, KB5000847, KB5000848 (applies to 56 product versions)

Real-world incidentsWhat we've seen

CISA confirms this CVE has been used in known ransomware campaigns. Added to the KEV catalog on 2021-11-03; federal agencies required to remediate by 2021-11-17.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB5000800

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

KB5000800 — https://support.microsoft.com/help/5000800

KB5000802 — https://support.microsoft.com/help/5000802

KB5000803 — https://support.microsoft.com/help/5000803

KB5000807 — https://support.microsoft.com/help/5000807

KB5000808 — https://support.microsoft.com/help/5000808

KB5000809 — https://support.microsoft.com/help/5000809

KB5000822 — https://support.microsoft.com/help/5000822

KB5000841 — https://support.microsoft.com/help/5000841

KB5000844 — https://support.microsoft.com/help/5000844

KB5000847 — https://support.microsoft.com/help/5000847

KB5000848 — https://support.microsoft.com/help/5000848

Supersedes: KB4601313, KB4601315, KB4601318, KB4601319, KB4601331, KB4601345, KB4601347, KB4601348, KB4601354, KB4601360, KB4601384

Affected Products

Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems

Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems

Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems

Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems

Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems

Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems

Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems

Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems

Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems

Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems

Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems

Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems

Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems

Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems

Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems

Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems

Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems

Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems

Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems

Internet Explorer 11 on Windows 10 for 32-bit Systems

(…36 more product versions)

Installation Methods

Windows Update (recommended)

Settings → Windows Update → Check for updates

The security update is offered if your system is in scope

Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

Open https://catalog.update.microsoft.com

Search for KB5000800

Download the package matching your OS architecture and Windows build

Run the .msu installer with administrator privileges

Restart when prompted

WSUS / SCCM / Intune

Approve KB5000800 for the affected products in your update management console.

Microsoft Download Center Links

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000800

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000802

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000803

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000807

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000808

(…6 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB5000800','KB5000802','KB5000803','KB5000807','KB5000808','KB5000809','KB5000822','KB5000841','KB5000844','KB5000847','KB5000848') }

References

Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411

KB article: https://support.microsoft.com/help/5000802

KB article: https://support.microsoft.com/help/5000803

KB article: https://support.microsoft.com/help/5000808

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2021-26411

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26411

Discovery Credit

yangkang(@dnpushme) & huangyi(@C0rk1_H), Enki

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2021-26411 ↗ MSRC Advisory ↗ NVD ↗ KBKB5000800