Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

April's Patch Tuesday is upon us and it is showering us with patches for a total of 108 CVEs. This includes 20 CVEs rated a "Critical", 87 rated as "Important", and one single CVE rated as "Moderate".

More than half of the list of Critical CVEs affect Microsoft's Remote Procedure Call (RPC) Runtime. Twelve vulnerabilities in total affect the RPC software and could result in the remote execution of arbitrary code on an affected system. Microsoft Exchange server is also back in the Critical list with four RCE CVEs affecting that server software. After the “Hafnium” zero-day vulnerabilities exploited for MS Exchange earlier this year, these will bring a lot of attention despite there being no “in the wild” exploitation at this point.

On the list of CVEs rated as "Important" add an additional 16 patches for RCE vulnerabilities in RPC. Multiple Hyper-V, Azure, and Visual Studio vulnerabilities are also patched on that list. There are also multiple Denial of Service vulnerabilities including two in the TCP/IP protocol stack and a couple of dozen Privilege Escalation vulnerabilities including one in the NTFS filesystem driver.

Luckily this release doesn't include any public exploits for these vulnerabilities, so get patching as soon as you can and stay ahead of the criminals.

Critical

Azure Sphere Unsigned Code Execution Vulnerability
CVE-2021-28460
Remote Code Execution

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
Remote Code Execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28343
Remote Code Execution

Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27095, CVE-2021-28315, CVE-2021-28445
Remote Code Execution


Important

Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVE-2021-27092
Security Feature Bypass

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVE-2021-27067
Information Disclosure

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2021-28459
Spoofing

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
CVE-2021-28458
Elevation of Privilege

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313, CVE-2021-28321, CVE-2021-28322
Elevation of Privilege

Microsoft Excel Information Disclosure Vulnerability
CVE-2021-28456
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451, CVE-2021-28454
Remote Code Execution

Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVE-2021-27089
Remote Code Execution

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-28449
Remote Code Execution

Microsoft Outlook Memory Corruption Vulnerability
CVE-2021-28452
Remote Code Execution

Microsoft SharePoint Denial of Service Update
CVE-2021-28450
Denial of Service

Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2021-28317
Information Disclosure

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453
Remote Code Execution

NTFS Elevation of Privilege Vulnerability
CVE-2021-27096
Elevation of Privilege

Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-28466, CVE-2021-28468
Remote Code Execution

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471
Remote Code Execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28327, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434
Remote Code Execution

RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2021-27091
Elevation of Privilege

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2021-28470
Remote Code Execution

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
CVE-2021-28448
Remote Code Execution

Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
CVE-2021-28472
Remote Code Execution

Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477
Remote Code Execution

Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2021-27064
Elevation of Privilege

VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2021-28464
Remote Code Execution

Win32k Elevation of Privilege Vulnerability
CVE-2021-27072, CVE-2021-28310
Elevation of Privilege

Windows Application Compatibility Cache Denial of Service Vulnerability
CVE-2021-28311
Denial of Service

Windows AppX Deployment Server Denial of Service Vulnerability
CVE-2021-28326
Denial of Service

Windows Console Driver Denial of Service Vulnerability
CVE-2021-28438, CVE-2021-28443
Denial of Service

Windows DNS Information Disclosure Vulnerability
CVE-2021-28323, CVE-2021-28328
Information Disclosure

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-27094, CVE-2021-28447
Security Feature Bypass

Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-27088
Elevation of Privilege

Windows Event Tracing Information Disclosure Vulnerability
CVE-2021-28435
Information Disclosure

Windows GDI+ Information Disclosure Vulnerability
CVE-2021-28318
Information Disclosure

Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28348, CVE-2021-28349, CVE-2021-28350
Remote Code Execution

Windows Hyper-V Denial of Service Vulnerability
CVE-2021-26416
Denial of Service

Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-28314
Elevation of Privilege

Windows Hyper-V Information Disclosure Vulnerability
CVE-2021-28441
Information Disclosure

Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2021-28444
Security Feature Bypass

Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415, CVE-2021-28440
Elevation of Privilege

Windows Installer Information Disclosure Vulnerability
CVE-2021-28437
Information Disclosure

Windows Installer Spoofing Vulnerability
CVE-2021-26413
Spoofing

Windows Kernel Information Disclosure Vulnerability
CVE-2021-27093, CVE-2021-28309
Information Disclosure

Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-27079
Information Disclosure

Windows Overlay Filter Information Disclosure Vulnerability
CVE-2021-26417
Information Disclosure

Windows Portmapping Information Disclosure Vulnerability
CVE-2021-28446
Information Disclosure

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2021-28320
Elevation of Privilege

Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2021-27090
Elevation of Privilege

Windows Services and Controller App Elevation of Privilege Vulnerability
CVE-2021-27086
Elevation of Privilege

Windows SMB Information Disclosure Vulnerability
CVE-2021-28324, CVE-2021-28325
Information Disclosure

Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28347, CVE-2021-28351, CVE-2021-28436
Elevation of Privilege

Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28319, CVE-2021-28439
Denial of Service

Windows TCP/IP Information Disclosure Vulnerability
CVE-2021-28442
Information Disclosure

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
CVE-2021-28316
Security Feature Bypass


Moderate

Windows NTFS Denial of Service Vulnerability
CVE-2021-28312
Denial of Service

About the Author

Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20-year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo