April Patch Tuesday 2021 Addresses Over 100 Security Fixes
April Patch Tuesday 2021 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.
Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats
There are 19 Critical, 88 Important and 1 Moderate — fixes this month are for Microsoft Windows, Edge, Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server.
Year 2 Extended Support: Windows 7 and Windows Server 2008 (including R2) have received substantial updates this month surpassing all records since Windows 7 and 2008 ending their mainstream support.
- Windows 7 – 14 Critical and 36 Important vulnerabilities fixed
- Windows 2008 R2 – 14 Critical and 33 Important vulnerabilities fixed
Robert Brown, Head of Customer Success for Syxsense said, “We have the largest Patch Tuesday release of the year and there are many very serious issues being addressed. We understand a lot of our customers will be concerned because of the reported Blue Screen / Stop Screens caused by the March Patch Tuesday, but we implore our customers to plan the remediation of these latest threats. Your patching strategy should include testing to provide the confidence of side wide remediation.”
Top April Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.
1. CVE-2021-28310 Win32k Elevation of Privilege Vulnerability
The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponized: Yes
- Public Aware: No
- Countermeasure: NoÂ
Syxscore Risk Alert
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): No
2. CVE-2021-28480 Microsoft Exchange Server Remote Code Execution
The vulnerability exists due to improper input validation in the Microsoft Exchange Server. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponized: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk Alert
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
3. CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
The vulnerability exists due to application does not properly impose security restrictions in the RPC Endpoint Mapper Service, which leads to security restrictions bypass and privilege escalation.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponized: No
- Public Aware: Yes
- Countermeasure: NoÂ
Syxscore Risk Alert
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): No
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Syxsense Recommendations
Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.
| CVE | Title | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Syxsense Recommended |
| CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | No | Yes |
| CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | No | Yes |
| CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability | Important | 5.5 | Yes | No | No | Yes |
| CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability | Moderate | 3.3 | Yes | No | No | Yes |
| CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 9.8 | No | No | No | Yes |
| CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 9.8 | No | No | No | Yes |
| CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 9 | No | No | No | Yes |
| CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | Critical | 8.1 | No | No | No | Yes |
| CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability | Important | 7.7 | No | No | No | |
| CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-28446 | Windows Port mapping Information Disclosure Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-26413 | Windows Installer Spoofing Vulnerability | Important | 6.2 | No | No | No | |
| CVE-2021-28459 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | 5.7 | No | No | No | |
| CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability | Important | 5.7 | No | No | No | |
| CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | Important | 5.5 | No | No | No |
