Microsoft April 2021 Update Patch 108 flaws and 5 zero-days

In addition to vulnerabilities in MS Exchange, the vendor has fixed a zero-day vulnerability in Windows.


Microsoft Tuesday patch of April month have just arrived and we highly recommend all our readers to update your Windows 10 with the all the security updates. This update is important because it comes with the patch of five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities.  These were the same critical Microsoft Exchange vulnerabilities which were exploited in wild by the cyber crooks last month. 

On April update Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important. These numbers do not include the 6 Chromium Edge vulnerabilities released earlier this month. Including on this five zero-day vulnerabilities were also patched that were publicly disclosed, with one known to be used in attacks.

Furthermore, Microsoft also fixed four critical Microsoft Exchange vulnerabilities that were discovered by NSA.
Affected App CVE ID Vulnerability Severity
Microsoft Exchange Server CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical

Other critical vulnerabilities Microsoft states were publicly exposed but not exploited:

  • CVE-2021-27091 - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
  • CVE-2021-28312 - Windows NTFS Denial of Service Vulnerability
  • CVE-2021-28437 - Windows Installer Information Disclosure Vulnerability - PolarBear
  • CVE-2021-28458 - Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
  • CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability
Apart from this there are other software vendors who have released the updates in April 
  • Adobe released security updates for Adobe Creative Cloud Desktop, Framemaker, and Connect.
  • Android's April security updates were released last week.
  • Apple released GarageBand securty updates but has not provided details as to what has been fixed.
  • Cisco released security updates for numerous products this month.
  • SAP released its April 2021 security updates.
You can read full details about the April update on Microsoft Security Page