Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won't be any easier, so please be nice to your IT staff today.

With today's update, Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important. These numbers do not include the 6 Chromium Edge vulnerabilities released earlier this month.

There are also five zero-day vulnerabilities patched today that were publicly disclosed, with one known to be used in attacks.

To make matters worse, Microsoft fixed four critical Microsoft Exchange vulnerabilities that the NSA discovered.

For information about the non-security Windows updates, you can read about today's Windows 10 KB5001330 & KB5001337 cumulative updates.

Five zero-day vulnerabilities fixed

As part of today's Patch Tuesday, Microsoft has fixed four publicly disclosed vulnerabilities and one actively exploited vulnerability.

The following four vulnerabilities Microsoft states were publicly exposed but not exploited:

  • CVE-2021-27091 - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
  • CVE-2021-28312 - Windows NTFS Denial of Service Vulnerability
  • CVE-2021-28437 - Windows Installer Information Disclosure Vulnerability - PolarBear
  • CVE-2021-28458 - Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

The following vulnerability discovered by Kaspersky researcher Boris Larin was found exploited in the wild.

Kaspersky believes the CVE-2021-28310 exploited was utilized by the BITTER APT group.

"We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access. "

"Unfortunately, we weren’t able to capture a full chain, so we don’t know if the exploit is used with another browser zero-day, or coupled with known, patched vulnerabilities," Kaspersky explained in new blog post.

NSA discovers Microsoft Exchange vulnerabilities

Microsoft Exchange admins are not getting any rest as four more Critical remote code execution vulnerabilities discovered by the NSA were fixed in Microsoft Exchange today. Two of these vulnerabilities are pre-authentication, which means they do not require attackers to log in to the server first.

None of these vulnerabilities are known to have been actively exploited and are tracked with the following CVEs:

  • CVE-2021-28480 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-28481 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-28482 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-28483 - Microsoft Exchange Server Remote Code Execution Vulnerability

Admins can find more information about these vulnerabilities here.

Recent updates from other companies

Other vendors who released updates in April include:

The April 2021 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the April 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
Azure AD Web Sign-in CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability Important
Azure DevOps CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability Important
Azure DevOps CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important
Azure Sphere CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical
Microsoft Edge (Chromium-based) CVE-2021-21199 Chromium: CVE-2021-21199 Use Use after free in Aura Unknown
Microsoft Edge (Chromium-based) CVE-2021-21194 Chromium: CVE-2021-21194 Use after free in screen capture Unknown
Microsoft Edge (Chromium-based) CVE-2021-21197 Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip Unknown
Microsoft Edge (Chromium-based) CVE-2021-21198 Chromium: CVE-2021-21198 Out of bounds read in IPC Unknown
Microsoft Edge (Chromium-based) CVE-2021-21195 Chromium: CVE-2021-21195 Use after free in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2021-21196 Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip Unknown
Microsoft Exchange Server CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Internet Messaging API CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important
Microsoft NTFS CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate
Microsoft NTFS CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important
Microsoft Office Excel CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important
Microsoft Office SharePoint CVE-2021-28450 Microsoft SharePoint Denial of Service Update Important
Microsoft Office Word CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important
Microsoft Windows DNS CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important
Microsoft Windows DNS CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important
Microsoft Windows Speech CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows Speech CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows Speech CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important
Open Source Software CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important
Role: Hyper-V CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important
Role: Hyper-V CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important
Role: Hyper-V CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important
Role: Hyper-V CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important
Visual Studio CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important
Visual Studio Code CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code - GitHub Pull Requests and Issues Extension CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important
Visual Studio Code - Kubernetes Tools CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important
Visual Studio Code - Maven for Java Extension CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important
Windows Application Compatibility Cache CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important
Windows AppX Deployment Extensions CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important
Windows Console Driver CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important
Windows Console Driver CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important
Windows Diagnostic Hub CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Early Launch Antimalware Driver CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important
Windows ELAM CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important
Windows Event Tracing CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability Important
Windows Installer CVE-2021-26413 Windows Installer Spoofing Vulnerability Important
Windows Installer CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important
Windows Installer CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability Important
Windows Media Player CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical
Windows Media Player CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical
Windows Network File System CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important
Windows Overlay Filter CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability Important
Windows Portmapping CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability Important
Windows Registry CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Resource Manager CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important
Windows Secure Kernel Mode CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important
Windows Services and Controller App CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important
Windows SMB Server CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important
Windows SMB Server CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important
Windows TCP/IP CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows TCP/IP CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability Important
Windows TCP/IP CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows Win32K CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important
Windows WLAN Auto Config Service CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability Important