Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical by Microsoft. Let's dive in!
New Exchange Server Patches Available
If you were only going to patch one thing today, please let it be this. Exchange Server has been a hot topic since the vulnerabilities announced in the out-of-band advisory back at the beginning of March saw widespread exploitation. The vulnerabilities this month were reported to Microsoft via the NSA in the interest of national security. The Exchange team has also released a very helpful blog post with instructions on how to patch from any version to the latest secure version. While these have not been exploited in the wild at the time of writing it is only a matter of time before someone reverse engineers the patches and gets up to no good.
CVEs: CVE-2021-28310, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
Windows RPC Runtime
Next up we have a relatively high number of patches in the Windows Remote Procedure Call Runtime. There were 27 remote code execution vulnerabilities fixed this month. Someone was busy finding bugs! The RPC Runtime is available on all versions of Windows so make sure both Servers and Clients get these updates. Many of these are critical (according to the CVSS3 vectors) requiring no user interaction and only network level access.
CVEs: CVE-2021-28329 to CVE-2021-28339 (please see the list below for a complete list)
Publicly Disclosed and Exploited
Lastly, we have a few vulnerabilities that have been disclosed publicly and one observed in the wild. A few of these are low severity but we rarely see vulnerabilities leveraged by themselves these days. Many attackers have shifted to using exploit chains in order to turn a few low severity bugs into a more complete compromise. Microsoft has also rated a few information disclosure vulnerabilities as "Exploitation More Likely" in SMB Server and the TCP/IP stack.
CVEs: CVE-2021-27091, CVE-2021-28310, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28324, CVE-2021-28442
Summary Tables
Here are this month's patched vulnerabilities split by the product family.
Azure Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | No | Yes | 7.8 | No |
| CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 8.1 | Yes |
Browser Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-21199 | Chromium: CVE-2021-21199 Use Use after free in Aura | No | No | N/A | Yes |
| CVE-2021-21198 | Chromium: CVE-2021-21198 Out of bounds read in IPC | No | No | N/A | Yes |
| CVE-2021-21197 | Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip | No | No | N/A | Yes |
| CVE-2021-21196 | Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip | No | No | N/A | Yes |
| CVE-2021-21195 | Chromium: CVE-2021-21195 Use after free in V8 | No | No | N/A | Yes |
| CVE-2021-21194 | Chromium: CVE-2021-21194 Use after free in screen capture | No | No | N/A | Yes |
Developer Tools Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7 | No |
| CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability | No | No | 6.1 | No |
Exchange Server Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes |
| CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes |
| CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9 | Yes |
| CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
Microsoft Office Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28450 | Microsoft SharePoint Denial of Service Update | No | No | 5 | No |
| CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | No | No | 7.1 | Yes |
| CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes |
Windows Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No |
| CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability | No | No | 7.5 | Yes |
| CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability | No | Yes | 3.3 | No |
| CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability | No | No | 5.7 | Yes |
| CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | No | No | 5.7 | Yes |
| CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability | No | No | 7.7 | Yes |
| CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | No | No | 4.4 | No |
| CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | No | No | 4.4 | No |
| CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability | No | No | 5.5 | No |
| CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability | No | No | 6.5 | No |
| CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability | No | No | 5.5 | No |
| CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | Yes | No | 7.8 | No |
| CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | No | No | 7 | No |
| CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | No | No | 6.8 | No |
Windows Developer Tools Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
Windows ESU Vulnerabilities
| CVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ |
|---|---|---|---|---|---|
| CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | No | No | 4.2 | No |
| CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No |
| CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability | No | No | 7.1 | Yes |
| CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | No | No | 8.1 | No |
| CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-26413 | Windows Installer Spoofing Vulnerability | No | No | 6.2 | No |
| CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability | No | Yes | 5.5 | Yes |
| CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | No | No | 7 | No |
| CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | No | No | 5.5 | No |
| CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | No | Yes | 7.8 | No |
| CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | No | No | 7.8 | No |
Summary Graphs
