April 2021 Patch Tuesday Index

D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in April's Patch Tuesday Index below.

April’s Patch Tuesday yields 108 new Microsoft security fixes, delivering the highest monthly total for 2021 (so far) and showing a return to the 100+ totals we consistently saw in 2020. This month’s haul includes 19 critical vulnerabilities and a high-severity zero-day that is actively being exploited in the wild.

Along with Microsoft’s release, we’ve also seen six browser related vulnerabilities that were addressed earlier in the month.

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.

Adobe has released fixes for 10 total vulnerabilities spanning across Adobe Photoshop, Bridge, Digital Editions, and RoboHelp.

Automox Patch Tuesday expert Justin Knapp will be breaking down all of April's Patch Tuesday releases tomorrow, April 14, 2021. Register here so you can prioritize the patches for your environment and ask any question you may have.

Updated Live. Last Update 01:19 PM EST April 13, 2021.

adobe Adobe
Product
Title
Identifier
Severity
Adobe Photoshop 2 Security Vulnerabilities fixed in Adobe Photoshop APSB21-28 Adobe Priority 3
Adobe Digital Editions 1 Security Vulnerability fixed in Adobe Digital Editions APSB21-26 Adobe Priority 3
Adobe Bridge 6 Security Vulnerabilities fixed in Adobe Bridge APSB21-23 Adobe Priority 3
RoboHelp 1 Security Vulnerability fixed in RoboHelp APSB21-20 Adobe Priority 3
apple Google
Product
Title
Identifier
Severity
Google Chrome Google Chrome and Microsoft Edge No Identifier Zero-Day
microsoft Microsoft
Product
Title
Identifier
Severity
Windows Media Player Windows Media Video Decoder Remote Code Execution Vulnerability CVE-2021-27095 Critical
Windows Media Player Windows Media Video Decoder Remote Code Execution Vulnerability CVE-2021-28315 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28329 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28330 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28331 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28332 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28333 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28334 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28335 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28336 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28337 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28338 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28339 Critical
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28343 Critical
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2021-28460 Critical
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-28480 Critical
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-28481 Critical
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-28482 Critical
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-28483 Critical
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-28310 High
Windows Registry RPC Endpoint Mapper Service Elevation of Privilege Vulnerability CVE-2021-27091 High
Windows Installer Windows Installer Information Disclosure Vulnerability CVE-2021-28437 High
Open Source Software Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability CVE-2021-28458 High
Windows Installer Windows Installer Spoofing Vulnerability CVE-2021-26413 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2021-26415 High
Role: Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2021-26416 High
Windows Overlay Filter Windows Overlay Filter Information Disclosure Vulnerability CVE-2021-26417 High
Visual Studio Visual Studio Installer Elevation of Privilege Vulnerability CVE-2021-27064 High
Azure DevOps Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability CVE-2021-27067 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2021-27072 High
Microsoft Windows Codecs Library Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 High
Windows Services and Controller App Windows Services and Controller App Elevation of Privilege Vulnerability CVE-2021-27086 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-27088 High
Microsoft Internet Messaging API Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 High
Windows Secure Kernel Mode Windows Secure Kernel Mode Elevation of Privilege Vulnerability CVE-2021-27090 High
Azure AD Web Sign-in Azure AD Web Sign-in Security Feature Bypass Vulnerability CVE-2021-27092 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2021-27093 High
Windows ELAM Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability CVE-2021-27094 High
Microsoft NTFS NTFS Elevation of Privilege Vulnerability CVE-2021-27096 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2021-28309 High
Windows Application Compatibility Cache Windows Application Compatibility Cache Denial of Service Vulnerability CVE-2021-28311 High
Windows Diagnostic Hub Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability CVE-2021-28313 High
Role: Hyper-V Windows Hyper-V Elevation of Privilege Vulnerability CVE-2021-28314 High
Windows WLAN Auto Config Service Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability CVE-2021-28316 High
Microsoft Windows Codecs Library Microsoft Windows Codecs Library Information Disclosure Vulnerability CVE-2021-28317 High
Microsoft Graphics Component Windows GDI+ Information Disclosure Vulnerability CVE-2021-28318 High
Windows TCP/IP Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-28319 High
Windows Resource Manager Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability CVE-2021-28320 High
Windows Diagnostic Hub Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability CVE-2021-28321 High
Windows Diagnostic Hub Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability CVE-2021-28322 High
Role: DNS Server Windows DNS Information Disclosure Vulnerability CVE-2021-28323 High
Windows SMB Server Windows SMB Information Disclosure Vulnerability CVE-2021-28324 High
Windows SMB Server Windows SMB Information Disclosure Vulnerability CVE-2021-28325 High
Windows AppX Deployment Extensions Windows AppX Deployment Server Denial of Service Vulnerability CVE-2021-28326 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28327 High
Role: DNS Server Windows DNS Information Disclosure Vulnerability CVE-2021-28328 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28340 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28341 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28342 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28344 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28345 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28346 High
Microsoft Windows Speech Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2021-28347 High
Microsoft Graphics Component Windows GDI+ Remote Code Execution Vulnerability CVE-2021-28348 High
Microsoft Graphics Component Windows GDI+ Remote Code Execution Vulnerability CVE-2021-28349 High
Microsoft Graphics Component Windows GDI+ Remote Code Execution Vulnerability CVE-2021-28350 High
Microsoft Windows Speech Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2021-28351 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28352 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28353 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28354 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28355 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28356 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28357 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28358 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28434 High
Windows Event Tracing Windows Event Tracing Information Disclosure Vulnerability CVE-2021-28435 High
Microsoft Windows Speech Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2021-28436 High
Windows Console Driver Windows Console Driver Denial of Service Vulnerability CVE-2021-28438 High
Windows TCP/IP Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-28439 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2021-28440 High
Role: Hyper-V Windows Hyper-V Information Disclosure Vulnerability CVE-2021-28441 High
Windows TCP/IP Windows TCP/IP Information Disclosure Vulnerability CVE-2021-28442 High
Windows Console Driver Windows Console Driver Denial of Service Vulnerability CVE-2021-28443 High
Role: Hyper-V Windows Hyper-V Security Feature Bypass Vulnerability CVE-2021-28444 High
Windows Network File System Windows Network File System Remote Code Execution Vulnerability CVE-2021-28445 High
Windows Portmapping Windows Portmapping Information Disclosure Vulnerability CVE-2021-28446 High
Windows Early Launch Antimalware Driver Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability CVE-2021-28447 High
Visual Studio Code - Kubernetes Tools Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability CVE-2021-28448 High
Microsoft Office Excel Microsoft Office Remote Code Execution Vulnerability CVE-2021-28449 High
Microsoft Office SharePoint Microsoft SharePoint Denial of Service Update CVE-2021-28450 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-28451 High
Microsoft Office Outlook Microsoft Outlook Memory Corruption Vulnerability CVE-2021-28452 High
Microsoft Office Word Microsoft Word Remote Code Execution Vulnerability CVE-2021-28453 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2021-28454 High
Microsoft Office Excel Microsoft Excel Information Disclosure Vulnerability CVE-2021-28456 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28457 High
Azure DevOps Azure DevOps Server and Team Foundation Services Spoofing Vulnerability CVE-2021-28459 High
Microsoft Windows Codecs Library VP9 Video Extensions Remote Code Execution Vulnerability CVE-2021-28464 High
Microsoft Windows Codecs Library Raw Image Extension Remote Code Execution Vulnerability CVE-2021-28466 High
Microsoft Windows Codecs Library Raw Image Extension Remote Code Execution Vulnerability CVE-2021-28468 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28469 High
Visual Studio Code - GitHub Pull Requests and Issues Extension Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability CVE-2021-28470 High
Visual Studio Code Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28471 High
Visual Studio Code - Maven for Java Extension Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability CVE-2021-28472 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28473 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28475 High
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28477 High
Microsoft NTFS Windows NTFS Denial of Service Vulnerability CVE-2021-28312 Medium



About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS and third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

More posts like this:

Patch TuesdayVulnerabilityWindows
# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?