Site icon The Cybersecurity Daily News

Microsoft Patch Tuesday- April 2021 Carries Fixes For 108 Vulnerabilities, 5 Zero-Days

Microsoft Patch Tuesday

CyberDaily: Cybersecurity news

Microsoft has delivered its monthly update of security fixes for the Microsoft Patch Tuesday schedule, where a slew of critical and important vulnerabilities have been addressed. Patch Tuesday updates from Microsoft make it positively essential to dispose of new updates to remote endpoints. 

Myriad of vulnerabilities for Patch Tuesday:

A total of 108 vulnerabilities have been identified and addressed on the Microsoft Patch Tuesday that included several ‘critical’ and ‘important’ slated vulnerabilities as well. 

Also, 5 zero-day vulnerabilities, out of which four were publicly disclosed and one that was being actively exploited was addressed and released a patch for this month.

Also read,

5 Zero-days, 1 Actively exploited in Microsoft Patch Tuesday:

The below listing signifies the zero-day vulnerabilities addressed on Patch Tuesday and their tracking IDs:

  1. CVE-2021-28310: An actively exploited Win32k Elevation of Privilege Vulnerability.
  2. CVE-2021-28312: Windows NTFS Denial of Service Vulnerability.
  3. CVE-2021-27091: RPC Endpoint Mapper Service Elevation of Privilege Vulnerability.
  4. CVE-2021-28458: Azure ms-rest-node Authorization Library Elevation of Privilege Vulnerability.
  5. CVE-2021-28437: Windows Installer Information Disclosure Vulnerability – PolarBear.

 Microsoft has released security updates for the following products:

A list of critical vulnerabilities and their description:

Out of the 108 vulnerabilities addressed, below are the 18 critical slated vulnerabilities that were deployed as a security patch for:

Vulnerability IDSourceVulnerability Description
CVE-2021-28460Azure SphereAzure Sphere Unsigned Code Execution Vulnerability
CVE-2021-28480Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28481Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28482Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28483Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28315Windows Media PlayerWindows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27095Windows Media PlayerWindows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-28336Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28335Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28334Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28338Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28337Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28333Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28329Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28330Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28332Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28331Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28339Windows Remote Procedure Call RuntimeRemote Procedure Call Runtime Remote Code Execution Vulnerability
Exit mobile version