Automox Experts Weigh in on April 2021 Patch Tuesday Release

Hear what Automox Patch Tuesday experts have to say about this month’s Patch Tuesday releases. You can view a full list of the latest patches and updates from Microsoft and other third-party applications in our Patch Tuesday Index.

April 2021 Overview

Justin Knapp - Overview

April’s Patch Tuesday yields 108 new Microsoft security fixes, delivering the highest monthly total for 2021 (so far) and showing a return to the 100+ totals we consistently saw in 2020. This month’s haul includes 19 critical vulnerabilities and a high-severity zero-day that is actively being exploited in the wild. Along with Microsoft’s release, we’re also seeing multiple browser related vulnerabilities this month that should be addressed immediately. This represents an overall upward trend that’s expected to continue throughout the year and draw greater urgency around patching velocity to ensure organizations are not taking on unnecessary exposure, especially given the increased exploitation of known, dated vulnerabilities. With the dramatic shift to remote work in 2020 now becoming a permanent fixture in 2021, it’s also worth noting the significance of employing measures that can immediately push newly released security updates across a more decentralized, diverse set of assets and environments.

Chris Hass - CVE-2021-28310  Win32k Elevation of Privilege Vulnerability (Exploited)

CVE-2021-28310 is a locally exploited Windows Win32K elevation of privilege bug that is actively being exploited in the wild. To exploit this vulnerability, an attacker would first have to log on to the system, then run a specially crafted application. The exploitation of this vulnerability would allow an attacker to execute code in the context of the kernel and gain SYSTEM privileges, allowing the attacker access to critical Windows components and information. Because this vulnerability is already being used by attackers, patching this vulnerability as soon as possible is absolutely crucial.

Nick Colyer - CVE-2021-28460  Azure Sphere Unsigned Code Execution Vulnerability

CVE-2021-28460 is a critical remote code execution vulnerability that affects Azure Sphere Internet of Things (IoT) devices. As a default behavior, these devices upgrade regularly when connected to the internet and risk exposure should be limited to devices that have not connected to the internet since before the patch release or devices that have never connected to the internet for updates.

Jay Goodman - Adobe Patch Quotes

Adobe released four security updates covering seven critical vulnerabilities across Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. APSB21-28 addresses two critical arbitrary code execution vulnerabilities found in Adobe Photoshop while APSB21-23 tackles four additional arbitrary code execution vulnerabilities in Adobe Bridge. Arbitrary code execution, or ACE, vulnerabilities provide an adversary a platform to quickly execute additional code or applications on a target system, opening the door to lateral movement or quick exfiltration of system data. The final critical vulnerability is an arbitrary file system write vulnerability identified as part of APSB21-26 in the Adobe Digital Editions software. This vulnerability allows an attacker to force the target application to overwrite any file on a system as a privileged user. This can allow an attacker to take a system offline by overwriting critical system files. These vulnerabilities should be patched within the 72-hour window to ensure attackers do not have the time to weaponize them against your organization.

Jay Goodman - CVE-2021-28329, -28330, -28331, -28332, -28333, -28334, -28335, -28336, -28337, -28338, -28339, -28343  Remote Procedure Call Runtime Remote Code Execution Vulnerability - Critical

Microsoft identified 12 individual CVEs in Microsoft Windows Remote Procedure Call (RPC). RPC is a protocol used to request a service from a program that is located on another computer or device on the same network. The vulnerabilities allow for remote code execution (RCE) on the target system. The vulnerability may be exploited by sending a specially crafted RPC request. Depending on the user privileges, an attacker could install programs, change or delete data, or create additional user accounts with full user rights. Microsoft marks the vulnerability as “exploitation less likely”, however, it is highly recommended to quickly patch and remediate any RCE vulnerabilities on systems. Leaving latent vulnerabilities with RCE exploits can easily lead to a faster-spreading attack.

Eric Feldman - CVE-2021-27095, 28315  Windows Media Video Decoder Remote Code Execution Vulnerability

CVE-2021-27095 and 28315 are both critical vulnerabilities impacting the Microsoft Windows Media Video Decoder. Windows Media Video (WMV) is a series of video codecs and their corresponding video coding formats. The Windows Media Video decoder processes video streams that were encoded by the Windows Media Video Encoder. Windows Media Player leverages the decoder to play a video. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted media file. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Due to the popularity of sharing videos across a multitude of platforms, Automox recommends patching this vulnerability as soon as possible.

About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.