April Patch Tuesday 2021 Addresses Over 100 Security Fixes

April Patch Tuesday 2021 Addresses Over 100 Security Fixes

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 19 Critical, 88 Important and 1 Moderate — fixes this month are for Microsoft Windows, Edge, Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server.

Year 2 Extended Support: Windows 7 and Windows Server 2008 (including R2) have received substantial updates this month surpassing all records since Windows 7 and 2008 ending their mainstream support.

  1. Windows 7 – 14 Critical and 36 Important vulnerabilities fixed
  2. Windows 2008 R2 – 14 Critical and 33 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “We have the largest Patch Tuesday release of the year and there are many very serious issues being addressed. We understand a lot of our customers will be concerned because of the reported Blue Screen / Stop Screens caused by the March Patch Tuesday, but we implore our customers to plan the remediation of these latest threats. Your patching strategy should include testing to provide the confidence of side wide remediation.”

Top April Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2021-28310 Win32k Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-28480 Microsoft Exchange Server Remote Code Execution

The vulnerability exists due to improper input validation in the Microsoft Exchange Server. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

The vulnerability exists due to application does not properly impose security restrictions in the RPC Endpoint Mapper Service, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

CVE Title Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Syxsense Recommended
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important 5.5 Yes No No Yes
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate 3.3 Yes No No Yes
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important 7.1 No No No
CVE-2021-28446 Windows Port mapping Information Disclosure Vulnerability Important 7.1 No No No
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important 7 No No No
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-26413 Windows Installer Spoofing Vulnerability Important 6.2 No No No
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important 6.1 No No No
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important 5.7 No No No
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No No