A total of 108 vulnerabilities were fixed in Windows 10 this month’s Patch Tuesday activity

For ordinary users, there is nothing new in the Windows 10 cumulative update released this month’s Patch Tuesday event, mainly to optimize system security. But for Windows and Microsoft Exchange administrators, have been very busy in recent months. The cumulative update in April fixed 5 zero-day vulnerabilities and more Exchange vulnerabilities.

In today’s update, Microsoft has fixed a total of 108 vulnerabilities, of which 19 are marked as “Critial” and 89 are marked as “Important.” And these vulnerabilities do not include the six Chromium Edge vulnerabilities released earlier this month.

Join Our Microsoft Channel On Telegram

In addition, today Microsoft also fixed five publicly disclosed zero-day vulnerabilities, of which one is known to be used in cyber attacks. To make matters worse, Microsoft fixed four key Microsoft Exchange vulnerabilities discovered by the NSA. As part of today’s Patch Tuesday, Microsoft has fixed four publicly disclosed vulnerabilities and one actively exploited vulnerability. The following four vulnerabilities Microsoft stated that they have been exposed publicly, but there is no evidence that they have been exploited by hackers.

CVE-2021-27091 -RPC Endpoint Mapper Service Privilege Escalation Vulnerability
CVE-2021-28312 -Windows NTFS Denial of Service Vulnerability
CVE-2021-28437 -Windows Installer Information Disclosure Vulnerability-PolarBear
CVE-2021-28458 -Privilege escalation vulnerability in Azure ms-rest-nodeauth library

The following vulnerabilities discovered by Kaspersky researcher Boris Larin have been exploited by the hacker organization BITTER APT.

CVE-2021-28310 -Win32k Elevation of Privilege Vulnerability

Kaspersky explained in the blog post: “Unfortunately, we were unable to capture a complete chain, so we don’t know whether the vulnerability is used in conjunction with another browser zero-day, or with a known, patched Vulnerabilities are used together”. The administrators of Microsoft Exchange did not get any rest, because today another 4 critical remote code execution vulnerabilities discovered by the NSA have been fixed in Microsoft Exchange. Two of the vulnerabilities are pre-authentication, which means they do not require an attacker to log in to the server first.

CVE-2021-28480 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28481 -Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28482 -Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28483 -Microsoft Exchange Server Remote Code Execution Vulnerability

This report contains detail for the following vulnerabilities:

Tag	CVE ID	CVE Title	Severity
Azure AD Web Sign-in	CVE-2021-27092	Azure AD Web Sign-in Security Feature Bypass Vulnerability	Important
Azure DevOps	CVE-2021-28459	Azure DevOps Server Spoofing Vulnerability	Important
Azure DevOps	CVE-2021-27067	Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability	Important
Azure Sphere	CVE-2021-28460	Azure Sphere Unsigned Code Execution Vulnerability	Critical
Microsoft Edge (Chromium-based)	CVE-2021-21199	Chromium: CVE-2021-21199 Use Use after free in Aura	Unknown
Microsoft Edge (Chromium-based)	CVE-2021-21194	Chromium: CVE-2021-21194 Use after free in screen capture	Unknown
Microsoft Edge (Chromium-based)	CVE-2021-21197	Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip	Unknown
Microsoft Edge (Chromium-based)	CVE-2021-21198	Chromium: CVE-2021-21198 Out of bounds read in IPC	Unknown
Microsoft Edge (Chromium-based)	CVE-2021-21195	Chromium: CVE-2021-21195 Use after free in V8	Unknown
Microsoft Edge (Chromium-based)	CVE-2021-21196	Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip	Unknown
Microsoft Exchange Server	CVE-2021-28480	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Exchange Server	CVE-2021-28482	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Exchange Server	CVE-2021-28483	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Exchange Server	CVE-2021-28481	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Graphics Component	CVE-2021-28350	Windows GDI+ Remote Code Execution Vulnerability	Important
Microsoft Graphics Component	CVE-2021-28318	Windows GDI+ Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2021-28348	Windows GDI+ Remote Code Execution Vulnerability	Important
Microsoft Graphics Component	CVE-2021-28349	Windows GDI+ Remote Code Execution Vulnerability	Important
Microsoft Internet Messaging API	CVE-2021-27089	Microsoft Internet Messaging API Remote Code Execution Vulnerability	Important
Microsoft NTFS	CVE-2021-28312	Windows NTFS Denial of Service Vulnerability	Moderate
Microsoft NTFS	CVE-2021-27096	NTFS Elevation of Privilege Vulnerability	Important
Microsoft Office Excel	CVE-2021-28456	Microsoft Excel Information Disclosure Vulnerability	Important
Microsoft Office Excel	CVE-2021-28451	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-28454	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-28449	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office Outlook	CVE-2021-28452	Microsoft Outlook Memory Corruption Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-28450	Microsoft SharePoint Denial of Service Update	Important
Microsoft Office Word	CVE-2021-28453	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-28464	VP9 Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-28466	Raw Image Extension Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-27079	Windows Media Photo Codec Information Disclosure Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-28468	Raw Image Extension Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-28317	Microsoft Windows Codecs Library Information Disclosure Vulnerability	Important
Microsoft Windows DNS	CVE-2021-28323	Windows DNS Information Disclosure Vulnerability	Important
Microsoft Windows DNS	CVE-2021-28328	Windows DNS Information Disclosure Vulnerability	Important
Microsoft Windows Speech	CVE-2021-28351	Windows Speech Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows Speech	CVE-2021-28436	Windows Speech Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows Speech	CVE-2021-28347	Windows Speech Runtime Elevation of Privilege Vulnerability	Important
Open Source Software	CVE-2021-28458	Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability	Important
Role: Hyper-V	CVE-2021-28441	Windows Hyper-V Information Disclosure Vulnerability	Important
Role: Hyper-V	CVE-2021-28314	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Role: Hyper-V	CVE-2021-28444	Windows Hyper-V Security Feature Bypass Vulnerability	Important
Role: Hyper-V	CVE-2021-26416	Windows Hyper-V Denial of Service Vulnerability	Important
Visual Studio	CVE-2021-27064	Visual Studio Installer Elevation of Privilege Vulnerability	Important
Visual Studio Code	CVE-2021-28457	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-28471	Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-28475	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-28473	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-28477	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-28469	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code – GitHub Pull Requests and Issues Extension	CVE-2021-28470	Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability	Important
Visual Studio Code – Kubernetes Tools	CVE-2021-28448	Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability	Important
Visual Studio Code – Maven for Java Extension	CVE-2021-28472	Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability	Important
Windows Application Compatibility Cache	CVE-2021-28311	Windows Application Compatibility Cache Denial of Service Vulnerability	Important
Windows AppX Deployment Extensions	CVE-2021-28326	Windows AppX Deployment Server Denial of Service Vulnerability	Important
Windows Console Driver	CVE-2021-28438	Windows Console Driver Denial of Service Vulnerability	Important
Windows Console Driver	CVE-2021-28443	Windows Console Driver Denial of Service Vulnerability	Important
Windows Diagnostic Hub	CVE-2021-28313	Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability	Important
Windows Diagnostic Hub	CVE-2021-28321	Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability	Important
Windows Diagnostic Hub	CVE-2021-28322	Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability	Important
Windows Early Launch Antimalware Driver	CVE-2021-28447	Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability	Important
Windows ELAM	CVE-2021-27094	Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability	Important
Windows Event Tracing	CVE-2021-27088	Windows Event Tracing Elevation of Privilege Vulnerability	Important
Windows Event Tracing	CVE-2021-28435	Windows Event Tracing Information Disclosure Vulnerability	Important
Windows Installer	CVE-2021-26413	Windows Installer Spoofing Vulnerability	Important
Windows Installer	CVE-2021-28440	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Installer	CVE-2021-28437	Windows Installer Information Disclosure Vulnerability	Important
Windows Installer	CVE-2021-26415	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-27093	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2021-28309	Windows Kernel Information Disclosure Vulnerability	Important
Windows Media Player	CVE-2021-28315	Windows Media Video Decoder Remote Code Execution Vulnerability	Critical
Windows Media Player	CVE-2021-27095	Windows Media Video Decoder Remote Code Execution Vulnerability	Critical
Windows Network File System	CVE-2021-28445	Windows Network File System Remote Code Execution Vulnerability	Important
Windows Overlay Filter	CVE-2021-26417	Windows Overlay Filter Information Disclosure Vulnerability	Important
Windows Portmapping	CVE-2021-28446	Windows Portmapping Information Disclosure Vulnerability	Important
Windows Registry	CVE-2021-27091	RPC Endpoint Mapper Service Elevation of Privilege Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28336	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28335	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28334	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28338	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28434	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28337	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28333	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28327	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28329	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28330	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28332	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28331	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28354	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28339	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Remote Procedure Call Runtime	CVE-2021-28355	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28353	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28352	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28357	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28358	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28356	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28346	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28342	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28340	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28341	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28345	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28344	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important
Windows Remote Procedure Call Runtime	CVE-2021-28343	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical
Windows Resource Manager	CVE-2021-28320	Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability	Important
Windows Secure Kernel Mode	CVE-2021-27090	Windows Secure Kernel Mode Elevation of Privilege Vulnerability	Important
Windows Services and Controller App	CVE-2021-27086	Windows Services and Controller App Elevation of Privilege Vulnerability	Important
Windows SMB Server	CVE-2021-28325	Windows SMB Information Disclosure Vulnerability	Important
Windows SMB Server	CVE-2021-28324	Windows SMB Information Disclosure Vulnerability	Important
Windows TCP/IP	CVE-2021-28439	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows TCP/IP	CVE-2021-28442	Windows TCP/IP Information Disclosure Vulnerability	Important
Windows TCP/IP	CVE-2021-28319	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows Win32K	CVE-2021-27072	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K	CVE-2021-28310	Win32k Elevation of Privilege Vulnerability	Important
Windows WLAN Auto Config Service	CVE-2021-28316	Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability	Important

Source

If you like our news and you want to see such news even further, then follow RealMi Central on Telegram, Twitter, Facebook (Page) (Group) & Instagram.

Share this:

Leave a Comment Cancel reply