Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The April 2021 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The April 2021 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

Itโ€™s the second Tuesday of the month, which means the latest security updates from Adobe and Microsoft are released. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings.

Adobe Patches for April 2021

For April, Adobe released four patches addressing 10 CVEs in Adobe Photoshop, Digital Editions, RoboHelp, and Bridge. The update for Bridge fixes six CVEs, all of which were reported through the ZDI program. Four of these bugs are rated Critical and could allow arbitrary code execution if exploited. The patch for Photoshop fixes two Critical-rated CVEs. Both of these buffer overflows could all arbitrary code execution. The update for Digital Editions fixes a Critical-rated privilege escalation bug that could lead to an arbitrary file system write. Finally, the patch for RoboHelp fixes a single privilege escalation bug. None of the CVEs addressed by Adobe are listed as publicly known or under active attack at the time of release.

Microsoft Patches for April 2021

For April, Microsoft released patches for 114 CVEs in Microsoft Windows, Edge (Chromium-based), Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server. This is the largest number of CVEs addressed in a month by Microsoft this year, and it is slightly higher than April of last year. A total of five of these bugs came through the ZDI program. None of the bugs being addressed this month were disclosed at the recent Pwn2Own contest. Of these 114 bugs, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Six additional bugs impact Edge (Chromium-based) and were ingested from a recent Chromium update. According to Microsoft, one bug is currently being exploited while four others are publicly known at the time of release.

Letโ€™s take a closer look at some of the more interesting updates for this month, starting with the bug listed as being under active attack:

-ย ย ย ย ย ย  CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability
This is the only vulnerability listed as being actively exploited being patched in April. The bug allows an attacker to escalate privileges by running a specially crafted program on a target system. This does mean that they will either need to log on to a system or trick a legitimate user into running the code on their behalf. Considering who is listed as discovering this bug, it is probably being used in malware. Bugs of this nature are typically combined with other bugs, such as a browser bug or PDF exploit, to take over a system.

-ย ย ย ย ย ย  CVE-2021-28480/28481 โ€“ Microsoft Exchange Server Remote Code Execution Vulnerability
Both of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as โ€œNetwork,โ€ it is likely these bugs are wormable โ€“ at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoftโ€™s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.

-ย ย ย ย ย ย  CVE-2021-28329 et al. โ€“ Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are 27 bugs in this monthโ€™s release with this title, and all have identical descriptions and CVSS scores. However, 12 are rated Critical while 15 are rated Important in severity. In RPC vulnerabilities seen in the past, an attacker would need to send a specially crafted RPC request to an affected system. Successful exploitation results in executing code in the context of another user. Perhaps the users involved in the Important-rated bugs have lower privileges than their Critical-rated counterparts, but that is not clear from the description. Either way, the researcher who reported these bugs certainly found quite the attack surface.

-ย ย ย ย ย ย  CVE-2021-28444 โ€“ Windows Hyper-V Security Feature Bypass Vulnerability
This security feature bypass allows an attacker to potentially bypass Router Guard configurations on Hyper-V. Router Guard is designed to prevent guest OSes from offering router services on the network. Many donโ€™t realize Windows can be set up as a router, and on physical or virtual systems, be configured to re-route packets to a rouge location (e.g. Man-in-the-Middle) or simply black hole the traffic. If youโ€™re running Hyper-V, even accidental misconfigurations could cause disruptions, so definitely donโ€™t ignore this patch.

Hereโ€™s the full list of CVEs released by Microsoft for April 2021, minus the Edge bugs ingested from Chromium.

๐Ÿ“– Komplette Nachricht lesen


๐Ÿ  Zur Startseite

๐Ÿ“Œ The April 2021 Security Update Review


๐Ÿ“ˆ 21.54 Punkte

๐Ÿ“Œ April, April: Die genialsten WhatsApp-Sprüche zum 1. April


๐Ÿ“ˆ 21.46 Punkte

๐Ÿ“Œ April, April: So wird die IT-Welt 2019 in den April geschickt


๐Ÿ“ˆ 21.46 Punkte

๐Ÿ“Œ April, April: Das sind die 5 besten April-Scherze 2023


๐Ÿ“ˆ 21.46 Punkte

๐Ÿ“Œ Microsoft kรผndigt Windows 10 April 2018 Update fรผr 30. April an [Update]


๐Ÿ“ˆ 19.34 Punkte

๐Ÿ“Œ Cyber Security Headlines โ€“ Week in Review โ€“ April 12-16, 2021


๐Ÿ“ˆ 19.02 Punkte

๐Ÿ“Œ The April 2019 Security Update Review


๐Ÿ“ˆ 18 Punkte

๐Ÿ“Œ The April 2020 Security Update Review


๐Ÿ“ˆ 18 Punkte

๐Ÿ“Œ The April 2022 Security Update Review


๐Ÿ“ˆ 18 Punkte

๐Ÿ“Œ The April 2023 Security Update Review


๐Ÿ“ˆ 18 Punkte

๐Ÿ“Œ April, April! Die besten Aprilscherze 2021 aus der Welt des Gaming


๐Ÿ“ˆ 17.85 Punkte

๐Ÿ“Œ Windows 10: Creators Update manuell ab 5. April, Mobil ab 25. April


๐Ÿ“ˆ 16.82 Punkte

๐Ÿ“Œ Creators Update bereits ab 5. April manuell verfรผgbar โ€“ Mobile folgt ab 25. April


๐Ÿ“ˆ 16.82 Punkte

๐Ÿ“Œ Windows 10 April 2018 Update is Coming On April 30


๐Ÿ“ˆ 16.82 Punkte

๐Ÿ“Œ The Surface Duo's April 2021 security and firmware update is here


๐Ÿ“ˆ 15.12 Punkte

๐Ÿ“Œ The January 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ The February 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ The March 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ The May 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ The June 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ The July 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ The August 2021 Security Update Review


๐Ÿ“ˆ 14.38 Punkte

๐Ÿ“Œ April, April: Die besten Aprilscherze der IT-Welt im Rรผckblick


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Samsung Galaxy S8 Pre-Orders to Start on April 7, to Hit the Shelves on April 21


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Coronavirus-themed attacks April 05 โ€“ April 11, 2020


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ heise online scherzt nicht mehr zum April, April


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ April, April: Die Scherzparade aus aller Welt


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ April, April? PlatinumGames und Hamster kรผndigen Shoot 'em up Sol Cresta an


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ April, April: Ideen fรผr Streiche via WhatsApp und Co.


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Apple BKC opens April 18 and Apple Saket opens April 20


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Coronavirus-themed attacks April 12 โ€“ April 18, 2020


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Coronavirus-themed attacks April 19 โ€“ April 25, 2020


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Apple opens two retail stores in India: Apple BKC in Mumbai on April 18th and Apple Saket in Delhi on April 20th


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ #TGIQF: April, April โ€“ welche News hagelten diese Woche auf uns herein?


๐Ÿ“ˆ 14.31 Punkte











matomo
CVE Title Severity CVSS Public Exploited Type
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important 7.8 Yes No EoP
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important 7.8 Yes No EoP
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important 5.5 Yes No Info
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate 3.3 Yes No DoS
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No RCE
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability Important 4.3 No No SFB
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important 6.1 No No Spoofing
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important 7.1 No No RCE
CVE-2021-28450 Microsoft SharePoint Denial of Service Update Important 5 No No DoS
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important 7 No No RCE
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important 4.4 No No SFB
CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important 4.4 No No SFB
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No DoS
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important 5.7 No No SFB
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2021-26413 Windows Installer Spoofing Vulnerability Important 6.2 No No Spoofing
CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.7 No No Info
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP