Exploits & Vulnerabilities
April Patch Tuesday Sets Record High for 2021
April’s Patch Tuesday fixes 114 vulnerabilities in various Microsoft products, a slight increase from March’s 89. This is the most vulnerabilities fixed in a month for 2021 to date, as well as a slight increase from the same month last year.
April’s Patch Tuesday fixes 114 vulnerabilities in various Microsoft products, a slight increase from March’s 89. This is the most vulnerabilities fixed in a month for 2021 to date, as well as a slight increase from the same month last year.
Of these vulnerabilities, a total of 19 were classified as Critical by Microsoft. Four of these vulnerabilities were already publicly known, with a separate vulnerability already being exploited in the wild. Five vulnerabilities were submitted via the Zero-Day Initiative.
Critical Vulnerabilities Dominated by Exchange, Remote Procedure Call Runtime Vulnerabilities
Of the sixteen Critical vulnerabilities, the majority (twelve) were flaws in the Remote Procedure Call runtime. A further fifteen Important vulnerabilities in the same runtime were also patched this month. All of these vulnerabilities could allow the execution of arbitrary remote code on the affected system.
In addition to these RPC vulnerabilities, two Exchange Server vulnerabilities (CVE-2021-28480 and CVE-2021-28481) also rated as critical. Both have a CVSS score of 9.8 and can be spread via the network. Somewhat interestingly, both were credited to the National Security Agency. This suggests that these two bugs should be a high priority for system administrators to fix.
Aside from these, there are two vulnerabilities in the Windows Media Video decoder. These vulnerabilities (CVE-2021-27095 and CVE-2021-28315) could lead to the execution of arbitrary code if a specially crafted video file was opened on the affected system.
Important Vulnerabilities: Visual Studio hit by vulnerabilities
This month’s Important vulnerabilities cover a variety of Microsoft products, including various Windows components and Microsoft Office. What is relatively unusual is that a significant number of vulnerabilities affect Visual Studio, thus putting developers at higher risk. It is also worth noting that the sole actively exploited flaw (CVE-2021-28310) was rated as Important; this is a privilege escalation vulnerability in Win32k.
Several key networking components are also affected by vulnerabilities. Two (CVE-2021-28324 and CVE-2021-28325) are in the SMB component of Windows, affecting network file sharing. There are also multiple vulnerabilities in the TCP/IP driver, with two (CVE-2021-28319 and CVE-2021-28439) leading to denial of service, with a third TCP/IP flaw (CVE-2021-28442) leading to information disclosure.
Trend Micro Solutions
A proactive, multilayered approach to security is key against threats that exploit vulnerabilities — from the gateway, endpoints, networks, and servers.
The Trend Micro™ Deep Security™ solution provides network security, system security, and malware prevention. It can protect user systems from a wide range of upcoming threats that may target vulnerabilities. It protects users from exploits that target these vulnerabilities via the following rules:
- 1010898 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2021-28310)
- 1010900 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)
TippingPoint® is a network traffic solution that uses comprehensive and contextual awareness analysis for advanced threats that exploit vulnerabilities.
TippingPoint protects customers through the following rules:
- 39524: SMB2: Create File Request Lease RqLs with Durable Handle DH2Q Usage (CVE-2021-28325)
- 39553: HTTP: Microsoft Windows Win32k Privilege Escalation Vulnerability (CVE-2021-28310)