Microsoft April 2021 Patch Tuesday

Published: 2021-04-13. Last Updated: 2021-04-13 18:56:52 UTC
by Richard Porter (Version: 1)

This month's score includes 114 Vulnerabilities. There are 19 Criticals this month with 4 previously disclosed and 1 being exploited.

A quick snapshot of Renato's dashboard that can be found here: https://patchtuesdaydashboard.com.

The exploited vulnerability includes a privilege elevation component. The Win32k Elevation or Privilege vulnerability details can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28310.

Also of significant note are the Microsoft Exchange Server Remote Code Execution vulnerabilites across versons 2013 - 2019. No known exploits are being reported however the CVSS score sits at 9.8, tread carefully. With a Critical rating, and a high CVSS score, those patches are worth reviewing in depth.

There are Remote Procedure Call vulnerabilities in Windows 10 that are of note. They cross 32-bit and 64 bit Windows 10 instances and multiple versions (e.g., Windows 10 version 1607, Windows 10 version 1803, etc)...

Today's High Score goes to the series of Microsoft Exchange Server Remote Code Execution vulnerabilities at a 9.8 (as noted above).

April 2021 Security Updates

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVE-2021-27092	No	No	Less Likely	Less Likely	Important	6.8	5.9
Azure DevOps Server Spoofing Vulnerability
CVE-2021-28459	No	No	Less Likely	Less Likely	Important	6.1	5.3
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVE-2021-27067	No	No	Less Likely	Less Likely	Important	6.5	5.7
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-28460	No	No	Less Likely	Less Likely	Critical	8.1	7.3
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
CVE-2021-28458	Yes	No	Less Likely	Less Likely	Important	7.8	7.0
Chromium: CVE-2021-21194 Use after free in screen capture
CVE-2021-21194	No	No	-	-	-
Chromium: CVE-2021-21195 Use after free in V8
CVE-2021-21195	No	No	-	-	-
Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip
CVE-2021-21196	No	No	-	-	-
Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip
CVE-2021-21197	No	No	-	-	-
Chromium: CVE-2021-21198 Out of bounds read in IPC
CVE-2021-21198	No	No	-	-	-
Chromium: CVE-2021-21199 Use Use after free in Aura
CVE-2021-21199	No	No	-	-	-
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28321	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28322	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-28456	No	No	Less Likely	Less Likely	Important	5.5	5.0
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28454	No	No	Less Likely	Less Likely	Important	7.8	7.0
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480	No	No	More Likely	More Likely	Critical	9.8	8.5
CVE-2021-28481	No	No	More Likely	More Likely	Critical	9.8	8.5
CVE-2021-28482	No	No	More Likely	More Likely	Critical	8.8	7.7
CVE-2021-28483	No	No	More Likely	More Likely	Critical	9.0	7.8
Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVE-2021-27089	No	No	Less Likely	Less Likely	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-28449	No	No	Less Likely	Less Likely	Important	7.8	7.0
Microsoft Outlook Memory Corruption Vulnerability
CVE-2021-28452	No	No	Less Likely	Less Likely	Important	7.1	6.2
Microsoft SharePoint Denial of Service Update
CVE-2021-28450	No	No	Less Likely	Less Likely	Important	5.0	4.4
Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2021-28317	No	No	Less Likely	Less Likely	Important	5.5	4.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453	No	No	Less Likely	Less Likely	Important	7.8	6.8
NTFS Elevation of Privilege Vulnerability
CVE-2021-27096	No	No	Less Likely	Less Likely	Important	7.8	6.8
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2021-27091	Yes	No	Less Likely	Less Likely	Important	7.8	7.0
Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-28466	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28468	No	No	Less Likely	Less Likely	Important	7.8	6.8
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471	No	No	Less Likely	Less Likely	Important	7.8	6.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28327	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28329	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28330	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28331	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28332	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28333	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28334	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28335	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28336	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28337	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28338	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28339	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28340	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28341	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28342	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28343	No	No	Less Likely	Less Likely	Critical	8.8	7.7
CVE-2021-28344	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28345	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28346	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28352	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28353	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28354	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28355	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28356	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28357	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28358	No	No	Less Likely	Less Likely	Important	8.8	7.7
CVE-2021-28434	No	No	Less Likely	Less Likely	Important	8.8	7.7
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2021-28464	No	No	Less Likely	Less Likely	Important	7.8	6.8
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2021-28470	No	No	Less Likely	Less Likely	Important	7.8	6.8
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
CVE-2021-28448	No	No	Less Likely	Less Likely	Important	7.8	6.8
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
CVE-2021-28472	No	No	Less Likely	Less Likely	Important	7.8	6.8
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28469	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28475	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28477	No	No	Less Likely	Less Likely	Important	7.0	6.1
CVE-2021-28473	No	No	Less Likely	Less Likely	Important	7.8	6.8
Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2021-27064	No	No	Less Likely	Less Likely	Important	7.8	7.0
Win32k Elevation of Privilege Vulnerability
CVE-2021-27072	No	No	More Likely	More Likely	Important	7.0	6.1
CVE-2021-28310	No	Yes	Detected	Detected	Important	7.8	7.2
Windows AppX Deployment Server Denial of Service Vulnerability
CVE-2021-28326	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Application Compatibility Cache Denial of Service Vulnerability
CVE-2021-28311	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows Console Driver Denial of Service Vulnerability
CVE-2021-28438	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-28443	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows DNS Information Disclosure Vulnerability
CVE-2021-28323	No	No	Less Likely	Less Likely	Important	6.5	5.7
CVE-2021-28328	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-27094	No	No	Less Likely	Less Likely	Important	4.4	3.9
CVE-2021-28447	No	No	Less Likely	Less Likely	Important	4.4	3.9
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-27088	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Event Tracing Information Disclosure Vulnerability
CVE-2021-28435	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-28318	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28348	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28349	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28350	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2021-26416	No	No	Less Likely	Less Likely	Important	7.7	6.7
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-28314	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Hyper-V Information Disclosure Vulnerability
CVE-2021-28441	No	No	Less Likely	Less Likely	Important	6.5	5.7
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2021-28444	No	No	Less Likely	Less Likely	Important	5.7	5.0
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28440	No	No	Less Likely	Less Likely	Important	7.0	6.1
Windows Installer Information Disclosure Vulnerability
CVE-2021-28437	Yes	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Installer Spoofing Vulnerability
CVE-2021-26413	No	No	Less Likely	Less Likely	Important	6.2	5.4
Windows Kernel Information Disclosure Vulnerability
CVE-2021-27093	No	No	Less Likely	Less Likely	Important	5.5	4.8
CVE-2021-28309	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-27079	No	No	Less Likely	Less Likely	Important	5.7	5.0
Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27095	No	No	Less Likely	Less Likely	Critical	7.8	6.8
CVE-2021-28315	No	No	Less Likely	Less Likely	Critical	7.8	6.8
Windows NTFS Denial of Service Vulnerability
CVE-2021-28312	Yes	No	Less Likely	Less Likely	Moderate	3.3	3.1
Windows Network File System Remote Code Execution Vulnerability
CVE-2021-28445	No	No	Less Likely	Less Likely	Important	8.1	7.1
Windows Overlay Filter Information Disclosure Vulnerability
CVE-2021-26417	No	No	Less Likely	Less Likely	Important	5.5	4.8
Windows Portmapping Information Disclosure Vulnerability
CVE-2021-28446	No	No	Less Likely	Less Likely	Important	7.1	6.2
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2021-28320	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows SMB Information Disclosure Vulnerability
CVE-2021-28324	No	No	More Likely	More Likely	Important	7.5	6.5
CVE-2021-28325	No	No	More Likely	More Likely	Important	6.5	5.7
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2021-27090	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Services and Controller App Elevation of Privilege Vulnerability
CVE-2021-27086	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28347	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28351	No	No	Less Likely	Less Likely	Important	7.8	6.8
CVE-2021-28436	No	No	Less Likely	Less Likely	Important	7.8	6.8
Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28319	No	No	More Likely	More Likely	Important	7.5	6.5
CVE-2021-28439	No	No	Less Likely	Less Likely	Important	7.5	6.5
Windows TCP/IP Information Disclosure Vulnerability
CVE-2021-28442	No	No	More Likely	More Likely	Important	6.5	5.7
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
CVE-2021-28316	No	No	Less Likely	Less Likely	Important	4.2	3.7

Keywords: MSFT Patch Patch Tuesday Patch Tuesday Microsoft

0 comment(s)

Internet Storm Center

Microsoft April 2021 Patch Tuesday

Comments