Microsoft Patch Tuesday 2021 April: fix 114 security vulnerabilities

by ·

On April 13, 2021, Microsoft officially released the Patch Tuesday 2021 April. The security update patches for 114 vulnerabilities, mainly covering the following components: Windows operating system, Exchange Server, Azure, Office, SharePoint Server, Hyper-V, Visual Studio, and Chromium Microsoft Edge.

September Patch Tuesday

Some of the high-risk security vulnerabilities

CVE-2021-28480/CVE-2021-28481: Microsoft Exchange Server Remote Code Execution Vulnerability

Attackers can use the above vulnerabilities to bypass Exchange authentication and execute commands without user interaction. CVE-2021-28480 and CVE-2021-28481 have a CVSS score of 9.8. They are unauthorized remote code execution vulnerabilities.

CVE-2021-28310: Win32k Elevation of Privilege Vulnerability

Win32k has a privilege escalation vulnerability. Attackers can use this vulnerability to execute arbitrary code with SYSTEM privileges on the target host. The details of the vulnerability have been made public, and an attack in the wild has been detected.

CVE-2021-28444: Windows Hyper-V Security Feature Bypass Vulnerability

An attacker can bypass Hyper-V configured with Router Guard and configure Windows as a man-in-the-middle router to intercept traffic and modify data packets.

CVE-2021-28324/CVE-2021-28325: Windows SMB Information Disclosure Vulnerability

By exploiting these vulnerabilities, attackers can access the memory content in the kernel space. CVE-2021-28324 does not require authentication. Attackers can use this vulnerability to gain unauthorized access to sensitive information of the target system.

Tags: