Microsoft has released April Patch Tuesday, security updates with a total of 108 vulnerabilities in the family of Windows operating systems and related products. In the release by Microsoft, 19 were rated as Critical and 89 as Important. Six Chromium Edge vulnerabilities released earlier this month have not been included in these numbers.
There were five zero-day reported this month with Patch Tuesday updates that were publicly disclosed, with one known to be used in active attacks. Microsoft has also fixed four critical vulnerabilities in Microsoft Exchange that were discovered by NSA.
Among the five zero-day bugs reported, one flaw is found to be used in active attacks.
Win32k Elevation of Privilege Vulnerability, CVE-2021-28310
Kaspersky believes that the BITTER APT group exploited the CVE-2021-28310 bug. In a blog, Kaspersky said
We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access.
The other four zero-day flaws are,
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability, CVE-2021-27091
Windows NTFS Denial of Service Vulnerability, CVE-2021-28312
Windows Installer Information Disclosure Vulnerability, CVE-2021-28437
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability, CVE-2021-28458
Azure Sphere Unsigned Code Execution Vulnerability | CVE-2021-28460
A remote code execution vulnerability exists in Azure Sphere. Microsoft reported “Exploitation Less Likely” as the flaw exploitability is told to be difficult. At the time of writing the blog, there are neither technical details nor an exploit publicly available.
Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-28480
A remote code execution vulnerability exists in Microsoft Exchange Server. The flaw has been rated as critical with the CVSSv3 score of 9.8 by Microsoft. To exploit the flaw, an attacker does not require any privileges, i.e., a pre-authentication vulnerability. Microsoft reported the flaw to be as “Exploitation More Likely“.
Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-28329
A remote code execution vulnerability exists due to an error in remote procedure call runtime. The flaw allows remote authenticated attackers to execute arbitrary code on the affected system. Microsoft has assigned the flaw CVSSv3 score of 8.8.
Microsoft security bulletin summary for April 2021
- Azure Sphere
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Word
- Visual Studio
- Visual Studio Code
Product: Azure Sphere
Impact: Remote Code Execution
Product: Microsoft Office Excel
CVEs/Advisory: CVE-2021-27053, CVE-2021-27054, CVE-2021-27057, CVE-2021-28449, CVE-2021-28451, CVE-2021-28454, CVE-2021-28456
Impact: Remote Code Execution
KBs: 3017810, 4493233, 4493239, 4504707, 4504721, 4504735
Product: Microsoft Office SharePoint
CVEs/Advisory: CVE-2021-28450, CVE-2021-28453
Impact: Remote Code Execution, Denial of Service
KBs: 4493170, 4493201, 4504701, 4504709, 4504715, 4504716, 4504719, 4504723
Product: Visual Studio and Visual Studio Code
CVEs/Advisory: CVE-2021-27064, CVE-2021-28313, CVE-2021-28321, CVE-2021-28322, CVE-2021-28448, CVE-2021-28457, CVE-2021-28469, CVE-2021-28470, CVE-2021-28471, CVE-2021-28472, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477
Impact: Remote Code Execution, Elevation of Privilege
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow and keep your systems updated and secure.