Patch Tuesday April 2021

Microsoft’s April 2021 Patch Tuesday, comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities.

Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important. Excluding Chromium Edge Vulnerability released earlier this month

There are also five zero-day vulnerabilities patched today that were publicly disclosed, with one known to be used in attacks. Microsoft fixed four critical Microsoft Exchange vulnerabilities that the NSA discovered.

Five zero-day vulnerabilities fixed

Microsoft has fixed four publicly disclosed vulnerabilities and one actively exploited vulnerability.

CVE-2021-27091– Remote Mapper Service Elevation of Privilege Vulnerability
CVE-2021-28412 – Windows NTFS Denial of Service Vulnerability
CVE-2021-28437 – Windows Installer Information Disclosure Vulnerability – PolarBear
CVE-2021-28458 – Azure ms-rest-node auth Library Elevation of Privilege Vulnerability

Exploited in wild

CVE-2021-28310 – Win32k Elevation of Privilege Vulnerability

CVE-2021-28310 exploited was utilized by the BITTER APT group, Privilege escalation escaping sandboxing

Microsoft Exchange vulnerabilities

Microsoft Exchange admins are not getting any rest as four more Critical remote code execution vulnerabilities discovered by the NSA were fixed in Microsoft Exchange today. Two of these vulnerabilities are pre-authentication, which means they do not require attackers to log in to the server first.

CVE-2021-28480 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28481– Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28482 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28483 – Microsoft Exchange Server Remote Code Execution Vulnerability

On a Nutshell , This month update includes fixes for the products below