Microsoft Patch Tuesday 2021 April: fix 114 security vulnerabilities
On April 13, 2021, Microsoft officially released the Patch Tuesday 2021 April. The security update patches for 114 vulnerabilities, mainly covering the following components: Windows operating system, Exchange Server, Azure, Office, SharePoint Server, Hyper-V, Visual Studio, and Chromium Microsoft Edge.
Some of the high-risk security vulnerabilities
CVE-2021-28480/CVE-2021-28481: Microsoft Exchange Server Remote Code Execution Vulnerability
Attackers can use the above vulnerabilities to bypass Exchange authentication and execute commands without user interaction. CVE-2021-28480 and CVE-2021-28481 have a CVSS score of 9.8. They are unauthorized remote code execution vulnerabilities.
CVE-2021-28310: Win32k Elevation of Privilege Vulnerability
Win32k has a privilege escalation vulnerability. Attackers can use this vulnerability to execute arbitrary code with SYSTEM privileges on the target host. The details of the vulnerability have been made public, and an attack in the wild has been detected.
CVE-2021-28444: Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2021-28324/CVE-2021-28325: Windows SMB Information Disclosure Vulnerability
By exploiting these vulnerabilities, attackers can access the memory content in the kernel space. CVE-2021-28324 does not require authentication. Attackers can use this vulnerability to gain unauthorized access to sensitive information of the target system.