Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Patch Tuesday, April 2021

April's Patch Tuesday is upon us and it is showering us with patches for a total of 108 CVEs. This includes 20 CVEs rated a "Critical", 87 rated as "Important", and one single CVE rated as "Moderate".

More than half of the list of Critical CVEs affect Microsoft's Remote Procedure Call (RPC) Runtime. Twelve vulnerabilities in total affect the RPC software and could result in the remote execution of arbitrary code on an affected system. Microsoft Exchange server is also back in the Critical list with four RCE CVEs affecting that server software. After the “Hafnium” zero-day vulnerabilities exploited for MS Exchange earlier this year, these will bring a lot of attention despite there being no “in the wild” exploitation at this point.

On the list of CVEs rated as "Important" add an additional 16 patches for RCE vulnerabilities in RPC. Multiple Hyper-V, Azure, and Visual Studio vulnerabilities are also patched on that list. There are also multiple Denial of Service vulnerabilities including two in the TCP/IP protocol stack and a couple of dozen Privilege Escalation vulnerabilities including one in the NTFS filesystem driver.

Luckily this release doesn't include any public exploits for these vulnerabilities, so get patching as soon as you can and stay ahead of the criminals.

Critical

Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-28460
Remote Code Execution

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
Remote Code Execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28343
Remote Code Execution

Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27095, CVE-2021-28315, CVE-2021-28445
Remote Code Execution


Important

Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVE-2021-27092
Security Feature Bypass

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVE-2021-27067
Information Disclosure

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2021-28459
Spoofing

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
CVE-2021-28458
Elevation of Privilege

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313, CVE-2021-28321, CVE-2021-28322
Elevation of Privilege

Microsoft Excel Information Disclosure Vulnerability
CVE-2021-28456
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451, CVE-2021-28454
Remote Code Execution

Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVE-2021-27089
Remote Code Execution

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-28449
Remote Code Execution

Microsoft Outlook Memory Corruption Vulnerability
CVE-2021-28452
Remote Code Execution

Microsoft SharePoint Denial of Service Update
CVE-2021-28450
Denial of Service

Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2021-28317
Information Disclosure

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453
Remote Code Execution

NTFS Elevation of Privilege Vulnerability
CVE-2021-27096
Elevation of Privilege

Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-28466, CVE-2021-28468
Remote Code Execution

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471
Remote Code Execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28327, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434
Remote Code Execution

RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2021-27091
Elevation of Privilege

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2021-28470
Remote Code Execution

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
CVE-2021-28448
Remote Code Execution

Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
CVE-2021-28472
Remote Code Execution

Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477
Remote Code Execution

Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2021-27064
Elevation of Privilege

VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2021-28464
Remote Code Execution

Win32k Elevation of Privilege Vulnerability
CVE-2021-27072, CVE-2021-28310
Elevation of Privilege

Windows Application Compatibility Cache Denial of Service Vulnerability
CVE-2021-28311
Denial of Service

Windows AppX Deployment Server Denial of Service Vulnerability
CVE-2021-28326
Denial of Service

Windows Console Driver Denial of Service Vulnerability
CVE-2021-28438, CVE-2021-28443
Denial of Service

Windows DNS Information Disclosure Vulnerability
CVE-2021-28323, CVE-2021-28328
Information Disclosure

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-27094, CVE-2021-28447
Security Feature Bypass

Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-27088
Elevation of Privilege

Windows Event Tracing Information Disclosure Vulnerability
CVE-2021-28435
Information Disclosure

Windows GDI+ Information Disclosure Vulnerability
CVE-2021-28318
Information Disclosure

Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28348, CVE-2021-28349, CVE-2021-28350
Remote Code Execution

Windows Hyper-V Denial of Service Vulnerability
CVE-2021-26416
Denial of Service

Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-28314
Elevation of Privilege

Windows Hyper-V Information Disclosure Vulnerability
CVE-2021-28441
Information Disclosure

Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2021-28444
Security Feature Bypass

Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415, CVE-2021-28440
Elevation of Privilege

Windows Installer Information Disclosure Vulnerability
CVE-2021-28437
Information Disclosure

Windows Installer Spoofing Vulnerability
CVE-2021-26413
Spoofing

Windows Kernel Information Disclosure Vulnerability
CVE-2021-27093, CVE-2021-28309
Information Disclosure

Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-27079
Information Disclosure

Windows Overlay Filter Information Disclosure Vulnerability
CVE-2021-26417
Information Disclosure

Windows Portmapping Information Disclosure Vulnerability
CVE-2021-28446
Information Disclosure

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2021-28320
Elevation of Privilege

Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2021-27090
Elevation of Privilege

Windows Services and Controller App Elevation of Privilege Vulnerability
CVE-2021-27086
Elevation of Privilege

Windows SMB Information Disclosure Vulnerability
CVE-2021-28324, CVE-2021-28325
Information Disclosure

Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28347, CVE-2021-28351, CVE-2021-28436
Elevation of Privilege

Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28319, CVE-2021-28439
Denial of Service

Windows TCP/IP Information Disclosure Vulnerability
CVE-2021-28442
Information Disclosure

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
CVE-2021-28316
Security Feature Bypass


Moderate

Windows NTFS Denial of Service Vulnerability
CVE-2021-28312
Denial of Service

Latest SpiderLabs Blogs

Ukrainian Intelligence Claims Successful Compromise of the Russian Ministry of Defense

On March 4, 2024, the Telegram channel of the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) was updated with assertions that they executed a successful cyberattack...

Read More

Cost Management Tips for Cyber Admins

As anyone who has filled out an expense report can tell you, cost management is everyone's responsibility. Organizations must apply a careful balance of budget planning and expenditures that are in...

Read More

Resurgence of BlackCat Ransomware

Updated March 8: Based on our experience, we believe that BlackCat's claim of shutting down due to law enforcement pressure is a hoax. We anticipate their return under a new guise or brand after...

Read More