Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft April 2021 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft April 2021 Patch Tuesday

This month's score includes 114 Vulnerabilities. There are 19 Criticals this month with 4 previously disclosed and 1 being exploited.

 A quick snapshot of Renato's dashboard that can be found here: https://patchtuesdaydashboard.com.

The exploited vulnerability includes a privilege elevation component. The Win32k Elevation or Privilege vulnerability details can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28310.

Also of significant note are the Microsoft Exchange Server Remote Code Execution vulnerabilites across versons 2013 - 2019. No known exploits are being reported however the CVSS score sits at 9.8, tread carefully. With a Critical rating, and a high CVSS score, those patches are worth reviewing in depth.

There are Remote Procedure Call vulnerabilities in Windows 10 that are of note. They cross 32-bit and 64 bit Windows 10 instances and multiple versions (e.g., Windows 10 version 1607, Windows 10 version 1803, etc)...

Today's High Score goes to the series of Microsoft Exchange Server Remote Code Execution vulnerabilities at a 9.8 (as noted above).

April 2021 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVE-2021-27092 No No Less Likely Less Likely Important 6.8 5.9
Azure DevOps Server Spoofing Vulnerability
CVE-2021-28459 No No Less Likely Less Likely Important 6.1 5.3
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVE-2021-27067 No No Less Likely Less Likely Important 6.5 5.7
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-28460 No No Less Likely Less Likely Critical 8.1 7.3
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
CVE-2021-28458 Yes No Less Likely Less Likely Important 7.8 7.0
Chromium: CVE-2021-21194 Use after free in screen capture
CVE-2021-21194 No No - - -    
Chromium: CVE-2021-21195 Use after free in V8
CVE-2021-21195 No No - - -    
Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip
CVE-2021-21196 No No - - -    
Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip
CVE-2021-21197 No No - - -    
Chromium: CVE-2021-21198 Out of bounds read in IPC
CVE-2021-21198 No No - - -    
Chromium: CVE-2021-21199 Use Use after free in Aura
CVE-2021-21199 No No - - -    
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28321 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28322 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-28456 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28454 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480 No No More Likely More Likely Critical 9.8 8.5
CVE-2021-28481 No No More Likely More Likely Critical 9.8 8.5
CVE-2021-28482 No No More Likely More Likely Critical 8.8 7.7
CVE-2021-28483 No No More Likely More Likely Critical 9.0 7.8
Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVE-2021-27089 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-28449 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Outlook Memory Corruption Vulnerability
CVE-2021-28452 No No Less Likely Less Likely Important 7.1 6.2
Microsoft SharePoint Denial of Service Update
CVE-2021-28450 No No Less Likely Less Likely Important 5.0 4.4
Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2021-28317 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453 No No Less Likely Less Likely Important 7.8 6.8
NTFS Elevation of Privilege Vulnerability
CVE-2021-27096 No No Less Likely Less Likely Important 7.8 6.8
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2021-27091 Yes No Less Likely Less Likely Important 7.8 7.0
Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-28466 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28468 No No Less Likely Less Likely Important 7.8 6.8
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471 No No Less Likely Less Likely Important 7.8 6.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28327 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28329 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28330 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28331 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28332 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28333 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28334 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28335 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28336 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28337 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28338 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28339 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28340 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28341 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28342 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28343 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-28344 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28345 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28346 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28352 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28353 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28354 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28355 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28356 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28357 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28358 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-28434 No No Less Likely Less Likely Important 8.8 7.7
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2021-28464 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2021-28470 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
CVE-2021-28448 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
CVE-2021-28472 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28469 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28475 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28477 No No Less Likely Less Likely Important 7.0 6.1
CVE-2021-28473 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2021-27064 No No Less Likely Less Likely Important 7.8 7.0
Win32k Elevation of Privilege Vulnerability
CVE-2021-27072 No No More Likely More Likely Important 7.0 6.1
CVE-2021-28310 No Yes Detected Detected Important 7.8 7.2
Windows AppX Deployment Server Denial of Service Vulnerability
CVE-2021-28326 No No Less Likely Less Likely Important 5.5 4.8
Windows Application Compatibility Cache Denial of Service Vulnerability
CVE-2021-28311 No No Less Likely Less Likely Important 6.5 5.7
Windows Console Driver Denial of Service Vulnerability
CVE-2021-28438 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-28443 No No Less Likely Less Likely Important 5.5 4.8
Windows DNS Information Disclosure Vulnerability
CVE-2021-28323 No No Less Likely Less Likely Important 6.5 5.7
CVE-2021-28328 No No Less Likely Less Likely Important 6.5 5.7
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-27094 No No Less Likely Less Likely Important 4.4 3.9
CVE-2021-28447 No No Less Likely Less Likely Important 4.4 3.9
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-27088 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Information Disclosure Vulnerability
CVE-2021-28435 No No Less Likely Less Likely Important 5.5 4.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-28318 No No Less Likely Less Likely Important 5.5 4.8
Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28348 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28349 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28350 No No Less Likely Less Likely Important 7.8 6.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2021-26416 No No Less Likely Less Likely Important 7.7 6.7
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-28314 No No Less Likely Less Likely Important 7.8 6.8
Windows Hyper-V Information Disclosure Vulnerability
CVE-2021-28441 No No Less Likely Less Likely Important 6.5 5.7
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2021-28444 No No Less Likely Less Likely Important 5.7 5.0
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28440 No No Less Likely Less Likely Important 7.0 6.1
Windows Installer Information Disclosure Vulnerability
CVE-2021-28437 Yes No Less Likely Less Likely Important 5.5 4.8
Windows Installer Spoofing Vulnerability
CVE-2021-26413 No No Less Likely Less Likely Important 6.2 5.4
Windows Kernel Information Disclosure Vulnerability
CVE-2021-27093 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-28309 No No Less Likely Less Likely Important 5.5 4.8
Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-27079 No No Less Likely Less Likely Important 5.7 5.0
Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27095 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2021-28315 No No Less Likely Less Likely Critical 7.8 6.8
Windows NTFS Denial of Service Vulnerability
CVE-2021-28312 Yes No Less Likely Less Likely Moderate 3.3 3.1
Windows Network File System Remote Code Execution Vulnerability
CVE-2021-28445 No No Less Likely Less Likely Important 8.1 7.1
Windows Overlay Filter Information Disclosure Vulnerability
CVE-2021-26417 No No Less Likely Less Likely Important 5.5 4.8
Windows Portmapping Information Disclosure Vulnerability
CVE-2021-28446 No No Less Likely Less Likely Important 7.1 6.2
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2021-28320 No No Less Likely Less Likely Important 7.8 6.8
Windows SMB Information Disclosure Vulnerability
CVE-2021-28324 No No More Likely More Likely Important 7.5 6.5
CVE-2021-28325 No No More Likely More Likely Important 6.5 5.7
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2021-27090 No No Less Likely Less Likely Important 7.8 6.8
Windows Services and Controller App Elevation of Privilege Vulnerability
CVE-2021-27086 No No Less Likely Less Likely Important 7.8 6.8
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28347 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28351 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-28436 No No Less Likely Less Likely Important 7.8 6.8
Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28319 No No More Likely More Likely Important 7.5 6.5
CVE-2021-28439 No No Less Likely Less Likely Important 7.5 6.5
Windows TCP/IP Information Disclosure Vulnerability
CVE-2021-28442 No No More Likely More Likely Important 6.5 5.7
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
CVE-2021-28316 No No Less Likely Less Likely Important 4.2 3.7
Richard

173 Posts
ISC Handler
Apr 13th 2021
Thread locked Subscribe Apr 13th 2021
7 months ago

Sign Up for Free or Log In to start participating in the conversation!