Microsoft Security Bulletin April 2021 has released Patch Tuesday, security updates with a total of 108 vulnerabilities in the family of Windows operating systems and related products. In the release by Microsoft, 19 were rated as Critical and 89 as Important. Six Chromium Edge vulnerabilities released earlier this month have not been included in these numbers. A good vulnerability management tool can prevent these attacks.
There were five zero-day reported this month with Patch Tuesday updates that were publicly disclosed, with one known to be used in active attacks. Microsoft has also fixed four critical vulnerabilities in Microsoft Exchange that were discovered by NSA. Vulnerability Management System can resolve these issues.
Zero-day vulnerabilities
Among the five zero-day bugs reported, one flaw is found to be used in active attacks.
Win32k Elevation of Privilege Vulnerability, CVE-2021-28310
Kaspersky believes that the BITTER APT group exploited the CVE-2021-28310 bug. In a blog, Kaspersky said
We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access.
The other four zero-day flaws are,
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability, CVE-2021-27091
Windows NTFS Denial of Service Vulnerability, CVE-2021-28312
Windows Installer Information Disclosure Vulnerability, CVE-2021-28437
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability, CVE-2021-28458
Interesting Vulnerabilities
Azure Sphere Unsigned Code Execution Vulnerability | CVE-2021-28460
A remote code execution vulnerability exists in Azure Sphere. Microsoft reported “Exploitation Less Likely” as the flaw exploitability is told to be difficult. At the time of writing the blog, there are neither technical details nor an exploit publicly available.
Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2021-28480
A remote code execution vulnerability exists in Microsoft Exchange Server. The flaw has been rated as critical with the CVSSv3 score of 9.8 by Microsoft. To exploit the flaw, an attacker does not require any privileges, i.e., a pre-authentication vulnerability. Microsoft reported the flaw to be as “Exploitation More Likely“.
Three more Microsoft Exchange Server flaws were addressed by the company, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483.
Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2021-28329
A remote code execution vulnerability exists due to an error in remote procedure call runtime. The flaw allows remote authenticated attackers to execute arbitrary code on the affected system. Microsoft has assigned the flaw CVSSv3 score of 8.8.
Microsoft security bulletin summary for April 2021
- Azure Sphere
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Word
- Visual Studio
- Visual Studio Code
1)Product: Azure Sphere
CVEs/Advisory: CVE-2021-28460
Impact: Remote Code Execution
Severity: Critical
2)Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199
3)Product: Exchange Server
CVEs/Advisory: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
Impact: Remote Code Execution
Severity: Critical
KBs: 5001779
4)Product: Microsoft Office Excel
CVEs/Advisory: CVE-2021-27053, CVE-2021-27054, CVE-2021-27057, CVE-2021-28449, CVE-2021-28451, CVE-2021-28454, CVE-2021-28456
Impact: Remote Code Execution
Severity: Important
KBs: 3017810, 4493233, 4493239, 4504707, 4504721, 4504735
5)Product: Microsoft Office Outlook
CVEs/Advisory: CVE-2021-28452
Impact: Remote Code Execution
Severity: Important
KBs: 4493185, 4504712, 4504733
6)Product: Microsoft Office SharePoint
CVEs/Advisory: CVE-2021-28450, CVE-2021-28453
Impact: Remote Code Execution, Denial of Service
Severity: Important
KBs: 4493170, 4493201, 4504701, 4504709, 4504715, 4504716, 4504719, 4504723
7)Product: Microsoft Office Word
CVEs/Advisory: CVE-2021-28453
Impact: Remote Code Execution
Severity: Important
KBs: 4493198, 4493208, 4493218
8)Product: Visual Studio and Visual Studio Code
CVEs/Advisory: CVE-2021-27064, CVE-2021-28313, CVE-2021-28321, CVE-2021-28322, CVE-2021-28448, CVE-2021-28457, CVE-2021-28469, CVE-2021-28470, CVE-2021-28471, CVE-2021-28472, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477
Impact: Remote Code Execution, Elevation of Privilege
Severity: Important
KBs: 5001292
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow and keep your systems updated and secure.
