Microsoft has delivered its monthly update of security fixes for the Microsoft Patch Tuesday schedule, where a slew of critical and important vulnerabilities have been addressed. Patch Tuesday updates from Microsoft make it positively essential to dispose of new updates to remote endpoints.
Myriad of vulnerabilities for Patch Tuesday:
A total of 108 vulnerabilities have been identified and addressed on the Microsoft Patch Tuesday that included several ‘critical’ and ‘important’ slated vulnerabilities as well.
Also, 5 zero-day vulnerabilities, out of which four were publicly disclosed and one that was being actively exploited was addressed and released a patch for this month.
Also read,
5 Zero-days, 1 Actively exploited in Microsoft Patch Tuesday:
The below listing signifies the zero-day vulnerabilities addressed on Patch Tuesday and their tracking IDs:
- CVE-2021-28310: An actively exploited Win32k Elevation of Privilege Vulnerability.
- CVE-2021-28312: Windows NTFS Denial of Service Vulnerability.
- CVE-2021-27091: RPC Endpoint Mapper Service Elevation of Privilege Vulnerability.
- CVE-2021-28458: Azure ms-rest-node Authorization Library Elevation of Privilege Vulnerability.
- CVE-2021-28437: Windows Installer Information Disclosure Vulnerability – PolarBear.
Microsoft has released security updates for the following products:
- Microsoft Windows
- Microsoft Office
- Microsoft Windows Codecs Library
- Visual Studio Code
- Microsoft Edge on Chromium
- Microsoft Exchange Server
- Microsoft Graphics Component
A list of critical vulnerabilities and their description:
Out of the 108 vulnerabilities addressed, below are the 18 critical slated vulnerabilities that were deployed as a security patch for:
Vulnerability ID | Source | Vulnerability Description |
CVE-2021-28460 | Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability |
CVE-2021-28480 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2021-28481 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2021-28482 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2021-28483 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2021-28315 | Windows Media Player | Windows Media Video Decoder Remote Code Execution Vulnerability |
CVE-2021-27095 | Windows Media Player | Windows Media Video Decoder Remote Code Execution Vulnerability |
CVE-2021-28336 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28335 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28334 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28338 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28337 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28333 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28329 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28330 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28332 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28331 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2021-28339 | Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability |