Lucene search

K
rapid7blogAdam BunnRAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26
HistoryApr 13, 2021 - 5:37 p.m.

Patch Tuesday - April 2021

2021-04-1317:37:00
Adam Bunn
blog.rapid7.com
96

Patch Tuesday - April 2021

Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical by Microsoft. Let’s dive in!

New Exchange Server Patches Available

If you were only going to patch one thing today, please let it be this. Exchange Server has been a hot topic since the vulnerabilities announced in the out-of-band advisory back at the beginning of March saw widespread exploitation. The vulnerabilities this month were reported to Microsoft via the NSA in the interest of national security. The Exchange team has [also released a very helpful blog post with instructions](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 >) on how to patch from any version to the latest secure version. While these have not been exploited in the wild at the time of writing it is only a matter of time before someone reverse engineers the patches and gets up to no good.

CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483

Windows RPC Runtime

Next up we have a relatively high number of patches in the Windows Remote Procedure Call Runtime. There were 27 remote code execution vulnerabilities fixed this month. Someone was busy finding bugs! The RPC Runtime is available on all versions of Windows so make sure both Servers and Clients get these updates. Many of these are critical (according to the CVSS3 vectors) requiring no user interaction and only network level access.

CVEs: CVE-2021-28329 to CVE-2021-28339 (please see the list below for a complete list)

Publicly Disclosed and Exploited

Lastly, we have a few vulnerabilities that have been disclosed publicly and one observed in the wild. A few of these are low severity but we rarely see vulnerabilities leveraged by themselves these days. Many attackers have shifted to using exploit chains in order to turn a few low severity bugs into a more complete compromise. Microsoft has also rated a few information disclosure vulnerabilities as “Exploitation More Likely” in SMB Server and the TCP/IP stack.

CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442

Summary Tables

Here are this month’s patched vulnerabilities split by the product family.

Azure Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability No No 8.1 Yes

Browser Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-21199 Chromium: CVE-2021-21199 Use Use after free in Aura No No N/A Yes
CVE-2021-21198 Chromium: CVE-2021-21198 Out of bounds read in IPC No No N/A Yes
CVE-2021-21197 Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip No No N/A Yes
CVE-2021-21196 Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip No No N/A Yes
CVE-2021-21195 Chromium: CVE-2021-21195 Use after free in V8 No No N/A Yes
CVE-2021-21194 Chromium: CVE-2021-21194 Use after free in screen capture No No N/A Yes

Developer Tools Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability No No 7 No
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability No No 6.1 No

Exchange Server Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability No No 9 Yes
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability No No 8.8 Yes

Microsoft Office Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28450 Microsoft SharePoint Denial of Service Update No No 5 No
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability No No 7.1 Yes
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability No No 5.5 Yes

Windows Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability No No 7.5 No
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28324 Windows SMB Information Disclosure Vulnerability No No 7.5 Yes
CVE-2021-28325 Windows SMB Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability No Yes 3.3 No
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability No No 5.7 Yes
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability No No 5.7 Yes
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability No No 7.7 Yes
CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability No No 4.4 No
CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability No No 4.4 No
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability No No 5.5 No
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability No No 6.5 No
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability No No 5.5 No
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability No No 7 No
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability No No 6.8 No

Windows Developer Tools Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability No No 7.8 No

Windows ESU Vulnerabilities

CVE Vulnerability Title Exploited Disclosed CVSS3 FAQ
CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability No No 4.2 No
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability No No 7.5 No
CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability No No 7.1 Yes
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability No No 8.1 No
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-26413 Windows Installer Spoofing Vulnerability No No 6.2 No
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability No Yes 5.5 Yes
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability No No 7 No
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability No No 7.8 No
CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability No No 6.5 Yes
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability No No 5.5 No
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 No
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability No Yes 7.8 No
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability No No 7.8 No
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability No No 5.5 Yes
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability No No 7.8 No

Summary Graphs

Patch Tuesday - April 2021Patch Tuesday - April 2021Patch Tuesday - April 2021Patch Tuesday - April 2021