Microsoft April 2021 Update Patch 108 flaws and 5 zero-days
Microsoft Tuesday patch of April month have just arrived and we highly recommend all our readers to update your Windows 10 with the all the security updates. This update is important because it comes with the patch of five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. These were the same critical Microsoft Exchange vulnerabilities which were exploited in wild by the cyber crooks last month.
On April update Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important. These numbers do not include the 6 Chromium Edge vulnerabilities released earlier this month. Including on this five zero-day vulnerabilities were also patched that were publicly disclosed, with one known to be used in attacks.
|Affected App||CVE ID||Vulnerability||Severity|
|Microsoft Exchange Server||CVE-2021-28480||Microsoft Exchange Server Remote Code Execution Vulnerability||Critical|
|Microsoft Exchange Server||CVE-2021-28481||Microsoft Exchange Server Remote Code Execution Vulnerability||Critical|
|Microsoft Exchange Server||CVE-2021-28482||Microsoft Exchange Server Remote Code Execution Vulnerability||Critical|
|Microsoft Exchange Server||CVE-2021-28483||Microsoft Exchange Server Remote Code Execution Vulnerability||Critical|
Other critical vulnerabilities Microsoft states were publicly exposed but not exploited:
- CVE-2021-27091 - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
- CVE-2021-28312 - Windows NTFS Denial of Service Vulnerability
- CVE-2021-28437 - Windows Installer Information Disclosure Vulnerability - PolarBear
- CVE-2021-28458 - Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
- CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability
- Adobe released security updates for Adobe Creative Cloud Desktop, Framemaker, and Connect.
- Android's April security updates were released last week.
- Apple released GarageBand securty updates but has not provided details as to what has been fixed.
- Cisco released security updates for numerous products this month.
- SAP released its April 2021 security updates.