Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Patch Tuesday, April 2021

April's Patch Tuesday is upon us and it is showering us with patches for a total of 108 CVEs. This includes 20 CVEs rated a "Critical", 87 rated as "Important", and one single CVE rated as "Moderate".

More than half of the list of Critical CVEs affect Microsoft's Remote Procedure Call (RPC) Runtime. Twelve vulnerabilities in total affect the RPC software and could result in the remote execution of arbitrary code on an affected system. Microsoft Exchange server is also back in the Critical list with four RCE CVEs affecting that server software. After the “Hafnium” zero-day vulnerabilities exploited for MS Exchange earlier this year, these will bring a lot of attention despite there being no “in the wild” exploitation at this point.

On the list of CVEs rated as "Important" add an additional 16 patches for RCE vulnerabilities in RPC. Multiple Hyper-V, Azure, and Visual Studio vulnerabilities are also patched on that list. There are also multiple Denial of Service vulnerabilities including two in the TCP/IP protocol stack and a couple of dozen Privilege Escalation vulnerabilities including one in the NTFS filesystem driver.

Luckily this release doesn't include any public exploits for these vulnerabilities, so get patching as soon as you can and stay ahead of the criminals.


Azure Sphere Unsigned Code Execution Vulnerability
Remote Code Execution

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
Remote Code Execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28343
Remote Code Execution

Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27095, CVE-2021-28315, CVE-2021-28445
Remote Code Execution


Azure AD Web Sign-in Security Feature Bypass Vulnerability
Security Feature Bypass

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Information Disclosure

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
Elevation of Privilege

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313, CVE-2021-28321, CVE-2021-28322
Elevation of Privilege

Microsoft Excel Information Disclosure Vulnerability
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451, CVE-2021-28454
Remote Code Execution

Microsoft Internet Messaging API Remote Code Execution Vulnerability
Remote Code Execution

Microsoft Office Remote Code Execution Vulnerability
Remote Code Execution

Microsoft Outlook Memory Corruption Vulnerability
Remote Code Execution

Microsoft SharePoint Denial of Service Update
Denial of Service

Microsoft Windows Codecs Library Information Disclosure Vulnerability
Information Disclosure

Microsoft Word Remote Code Execution Vulnerability
Remote Code Execution

NTFS Elevation of Privilege Vulnerability
Elevation of Privilege

Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-28466, CVE-2021-28468
Remote Code Execution

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Remote Code Execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28327, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434
Remote Code Execution

RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Elevation of Privilege

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
Remote Code Execution

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
Remote Code Execution

Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
Remote Code Execution

Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477
Remote Code Execution

Visual Studio Installer Elevation of Privilege Vulnerability
Elevation of Privilege

VP9 Video Extensions Remote Code Execution Vulnerability
Remote Code Execution

Win32k Elevation of Privilege Vulnerability
CVE-2021-27072, CVE-2021-28310
Elevation of Privilege

Windows Application Compatibility Cache Denial of Service Vulnerability
Denial of Service

Windows AppX Deployment Server Denial of Service Vulnerability
Denial of Service

Windows Console Driver Denial of Service Vulnerability
CVE-2021-28438, CVE-2021-28443
Denial of Service

Windows DNS Information Disclosure Vulnerability
CVE-2021-28323, CVE-2021-28328
Information Disclosure

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-27094, CVE-2021-28447
Security Feature Bypass

Windows Event Tracing Elevation of Privilege Vulnerability
Elevation of Privilege

Windows Event Tracing Information Disclosure Vulnerability
Information Disclosure

Windows GDI+ Information Disclosure Vulnerability
Information Disclosure

Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28348, CVE-2021-28349, CVE-2021-28350
Remote Code Execution

Windows Hyper-V Denial of Service Vulnerability
Denial of Service

Windows Hyper-V Elevation of Privilege Vulnerability
Elevation of Privilege

Windows Hyper-V Information Disclosure Vulnerability
Information Disclosure

Windows Hyper-V Security Feature Bypass Vulnerability
Security Feature Bypass

Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415, CVE-2021-28440
Elevation of Privilege

Windows Installer Information Disclosure Vulnerability
Information Disclosure

Windows Installer Spoofing Vulnerability

Windows Kernel Information Disclosure Vulnerability
CVE-2021-27093, CVE-2021-28309
Information Disclosure

Windows Media Photo Codec Information Disclosure Vulnerability
Information Disclosure

Windows Overlay Filter Information Disclosure Vulnerability
Information Disclosure

Windows Portmapping Information Disclosure Vulnerability
Information Disclosure

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
Elevation of Privilege

Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Elevation of Privilege

Windows Services and Controller App Elevation of Privilege Vulnerability
Elevation of Privilege

Windows SMB Information Disclosure Vulnerability
CVE-2021-28324, CVE-2021-28325
Information Disclosure

Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28347, CVE-2021-28351, CVE-2021-28436
Elevation of Privilege

Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28319, CVE-2021-28439
Denial of Service

Windows TCP/IP Information Disclosure Vulnerability
Information Disclosure

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
Security Feature Bypass


Windows NTFS Denial of Service Vulnerability
Denial of Service

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More