VERT Threat Alert: April 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s April 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-939 on Wednesday, April 14th.
In-The-Wild & Disclosed CVEs
CVE-2021-28310
Borin Larin of Kaspersky Lab discovered this vulnerability being actively used for exploitation and suspects that it is tied to the BITTER APT group. Larin and co-authors have released a detailed technical write-up on this vulnerability that impacts the Desktop Window Manager.
Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.
CVE-2021-28312
This publicly disclosed denial of service impacts the Windows NTFS file system. Windows 10 as well as Windows Server 2019 and Server version 20H2 are impacted.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-28437
A publicly disclosed information disclosure in the Windows Installer could allow attackers to read from the file system. Based on the Microsoft security guidance, all versions of Windows from Windows 7 to Windows 10 and their associated server platforms are vulnerable.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-28458
The final publicly exploited vuln this month is found in @azure/ms-rest-nodeauth, a node-js library for Azure authentication. The fix for this vulnerability was committed on March 23, 2021 and can reviewed on github.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE-2021-27091
This publicly disclosed privilege elevation vulnerability in the RPC Endpoint Mapper Service only affects older operating systems with patches available for Windows 7, Windows Server 2008 R2, and Windows Server 2012.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| Tag | CVE Count | CVEs |
| Visual Studio Code – Kubernetes Tools | 1 | CVE-2021-28448 |
| Microsoft NTFS | 2 | CVE-2021-27096, CVE-2021-28312 |
| Open Source Software | 1 | CVE-2021-28458 |
| Microsoft Office Word | 1 | CVE-2021-28453 |
| Microsoft Windows Speech | 3 | CVE-2021-28347, CVE-2021-28351, CVE-2021-28436 |
| Windows Resource Manager | 1 | CVE-2021-28320 |
| Windows Installer | 4 | CVE-2021-26413, CVE-2021-26415, CVE-2021-28437, CVE-2021-28440 |
| Visual Studio | 1 | CVE-2021-27064 |
| Visual Studio Code – GitHub Pull Requests and Issues Extension | 1 | CVE-2021-28470 |
| Windows Network File System | 1 | CVE-2021-28445 |
| Microsoft Office SharePoint | 1 | CVE-2021-28450 |
| Microsoft Windows Codecs Library | 5 | CVE-2021-27079, CVE-2021-28317, CVE-2021-28464, CVE-2021-28466, CVE-2021-28468 |
| Visual Studio Code | 6 | CVE-2021-28457, CVE-2021-28469, CVE-2021-28471, CVE-2021-28475, CVE-2021-28477, CVE-2021-28473 |
| Windows Application Compatibility Cache | 1 | CVE-2021-28311 |
| Visual Studio Code – Maven for Java Extension | 1 | CVE-2021-28472 |
| Microsoft Office Excel | 4 | CVE-2021-28449, CVE-2021-28451, CVE-2021-28454, CVE-2021-28456 |
| Microsoft Graphics Component | 4 | CVE-2021-28318, CVE-2021-28348, CVE-2021-28349, CVE-2021-28350 |
| Azure AD Web Sign-in | 1 | CVE-2021-27092 |
| Windows Event Tracing | 2 | CVE-2021-27088, CVE-2021-28435 |
| Windows Kernel | 2 | CVE-2021-27093, CVE-2021-28309 |
| Windows Services and Controller App | 1 | CVE-2021-27086 |
| Role: Hyper-V | 4 | CVE-2021-26416, CVE-2021-28314, CVE-2021-28441, CVE-2021-28444 |
| Microsoft Exchange Server | 4 | CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483 |
| Windows ELAM | 1 | CVE-2021-27094 |
| Windows Remote Procedure Call Runtime | 27 | CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434 |
| Microsoft Internet Messaging API | 1 | CVE-2021-27089 |
| Windows Registry | 1 | CVE-2021-27091 |
| Azure Sphere | 1 | CVE-2021-28460 |
| Windows AppX Deployment Extensions | 1 | CVE-2021-28326 |
| Windows Diagnostic Hub | 3 | CVE-2021-28313, CVE-2021-28321, CVE-2021-28322 |
| Windows Portmapping | 1 | CVE-2021-28446 |
| Windows Overlay Filter | 1 | CVE-2021-26417 |
| Windows Secure Kernel Mode | 1 | CVE-2021-27090 |
| Windows Win32K | 2 | CVE-2021-27072, CVE-2021-28310 |
| Microsoft Office Outlook | 1 | CVE-2021-28452 |
| Windows TCP/IP | 3 | CVE-2021-28319, CVE-2021-28439, CVE-2021-28442 |
| Windows Early Launch Antimalware Driver | 1 | CVE-2021-28447 |
| Microsoft Windows DNS | 2 | CVE-2021-28323, CVE-2021-28328 |
| Windows SMB Server | 2 | CVE-2021-28324, CVE-2021-28325 |
| Windows Media Player | 2 | CVE-2021-27095, CVE-2021-28315 |
| Microsoft Edge (Chromium-based) | 6 | CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199 |
| Windows WLAN Auto Config Service | 1 | CVE-2021-28316 |
| Azure DevOps | 2 | CVE-2021-27067, CVE-2021-28459 |
| Windows Console Driver | 2 | CVE-2021-28438, CVE-2021-28443 |
The post ” VERT Threat Alert: April 2021 Patch Tuesday Analysis” appeared first on TripWire
Source:TripWire – Tyler Reguly