Webinar Library
Welcome to this April Patch Tuesday Bulletin. This month we have 114 unique CVE’s across 7 technologies, 3 technologies with critical vulnerabilities, 3 vulnerabilities publicly disclosed, and 1 vulnerability exploited in the wild. The big news this month is patching Exchange. None of the exchange vulnerabilities listed were publicly disclosed or exploited but they were all assessed as “Exploitation More Likely” and the NSA and Microsoft are urging users to patch. Microsoft states that customers should install patches as soon as possible given the recent adversary focus on Exchange. CVE-2021-28310 is an elevation of privilege vulnerability affecting Windows and was shown to be exploited in the wild so make sure this is a priority. CVE-2021-27091, CVE-2021-28312, and CVE-2021-28437 were all publicly disclosed but were rated as less likely to be exploited. Make sure these are addressed following the Exchange updates. Chromium-based Edge follows the Google Chrome release and uses Google’s release information for severity and vulnerability info.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Edge
Chromium-Based
High
CVE-2021-21194
CVE-2021-21195
CVE-2021-21196
CVE-2021-21197
CVE-2021-21198
CVE-2021-21199
*Workaround: No
**Public: No
Exploited: No
Use After Free
Heap Buffer Overflow
Out of Bound Read
Visual Studio
Visual Studio 2015, 2017, 2019
Team Foundation Server 2015, 2017, 2018
Visual Studio Code, GitHub Pull Requests and Issues Extension, Kubernetes Tools, Maven for Java Extension
Python Extension for Visual Studio Code
Important
CVE-2020-17163
CVE-2021-27064
CVE-2021-27067
CVE-2021-28313
CVE-2021-28321
CVE-2021-28322
CVE-2021-28448
CVE-2021-28457
CVE-2021-28469
CVE-2021-28470
CVE-2021-28471
CVE-2021-28472
CVE-2021-28473
CVE-2021-28475
CVE-2021-28477
Elevation of Privilege
Information Disclosure
Remote Code Execution
Azure DevOps
Azure DevOps Server 2019, 2020
CVE-2021-28459
Spoofing
Exchange Server
Exchange Server 2013, 2016, 2019
Critical
CVE-2021-28480
CVE-2021-28481
CVE-2021-28482
CVE-2021-28483
Azure
Azure Sphere
CVE-2021-28460
Office
365 Apps for Enterprise
Excel 2010, 2013, 2016
Office 2010, 2013, 2016, 2019, Online Server
Office Web Apps 2010, Sever 2013
Outlook 2010, 2013, 2016
SharePoint Enterprise Server 2013, 2016
SharePoint Foundation 2010
SharePoint Server 2010, 2019
Word 2010, 2013, 2016
CVE-2021-28449
CVE-2021-28450
CVE-2021-28451
CVE-2021-28452
CVE-2021-28453
CVE-2021-28454
CVE-2021-28456
Denial of Service
Windows
Windows 8.1, RT 8.1, 10
Server 2012, 2016, 2019
CVE-2021-26413
CVE-2021-26415
CVE-2021-26416
CVE-2021-26417
CVE-2021-27072
CVE-2021-27079
CVE-2021-27086
CVE-2021-27088
CVE-2021-27089
CVE-2021-27090
CVE-2021-27091**
CVE-2021-27092
CVE-2021-27093
CVE-2021-27094
CVE-2021-27095
CVE-2021-27096
CVE-2021-28309
CVE-2021-28310
CVE-2021-28311
CVE-2021-28312**
CVE-2021-28314
CVE-2021-28315
CVE-2021-28316
CVE-2021-28317
CVE-2021-28318
CVE-2021-28319
CVE-2021-28320
CVE-2021-28323
CVE-2021-28324
CVE-2021-28325
CVE-2021-28326
CVE-2021-28327
CVE-2021-28328
CVE-2021-28329
CVE-2021-28330
CVE-2021-28331
CVE-2021-28332
CVE-2021-28333
CVE-2021-28334
CVE-2021-28335
CVE-2021-28336
CVE-2021-28337
CVE-2021-28338
CVE-2021-28339
CVE-2021-28340
CVE-2021-28341
CVE-2021-28342
CVE-2021-28343
CVE-2021-28344
CVE-2021-28345
CVE-2021-28346
CVE-2021-28347
CVE-2021-28348
CVE-2021-28349
CVE-2021-28350
CVE-2021-28351
CVE-2021-28352
CVE-2021-28353
CVE-2021-28354
CVE-2021-28355
CVE-2021-28356
CVE-2021-28357
CVE-2021-28358
CVE-2021-28434
CVE-2021-28435
CVE-2021-28436
CVE-2021-28437**
CVE-2021-28438
CVE-2021-28439
CVE-2021-28440
CVE-2021-28441
CVE-2021-28442
CVE-2021-28443
CVE-2021-28444
CVE-2021-28445
CVE-2021-28446
CVE-2021-28447
CVE-2021-28464
CVE-2021-28466
CVE-2021-28468
**Public: Yes
Exploited: Yes
Security Feature Bypass