124 CVEs were found during the April Patch Tuesday updates
8 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- Once every month a report of all CVEs is released alongside the Patch Tuesday update.
- CVEs stand for Common Vulnerabilities and Exposures, and they apply to Microsoft and Adobe products.
- CVEs vary in difficulty, with some being rated as Important, while others are Critical.
- Once you've read our CVE report, you'll surely want to apply the latest security updates.
While Patch Tuesday is well-known as being that one time of the month Microsoft fixes and patches up its Windows OS, many people may also know that it is also when the monthly CVE reports come out.
Well, this happens to be today since the April Patch Tuesday updates are now live as well.
So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:
The April CVE report includes 124 identified CVEs
Vulnerabilities found in Adobe products
As far as Adobe products go, a total of 10 CVEs were identified that affected Adobe Photoshop, Digital Editions, RoboHelp, and Bridge.
The Bridge update alone fixed 6 of these CVE, so if you are uisng the program, getting the latest update is almost mandatory.
As far as severity gooes, the 10 Adobe-specific CVEs were rated as following:
- 6 CVEs were rated as Critical
- 4 CVEs were Bridge-related
- 2 CVEs were Photoshop-related
- 4 CVEs were rated as Important
Vulnerabilities found in Microsoft products
As always, the Microsoft products took the bulk of the detected CVEs, with their numbers alone passing the 100 mark.
These CVEs affected programs like Microsoft Windows, Edge (Chromium-based), Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server.
As far as sheer numbers, this is the highest number of CVEs found in 2021, reaching levels comparable to those of 2020.
As far as severity is concerned of these 114 bugs, they were rated as follows:
- 19 are rated as Critical
- 88 are rated Important
- One is rated Moderate in severity.
Which were some of the most severe CVEs?
As always, some CVEs stand out from the rest due to their severity, the way that they can be exploited, or simply by how hard they are to handle once they are taken advantage of.
- CVE-2021-28480/28481
- Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-28329
- Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2021-28444
- Windows Hyper-V Security Feature Bypass Vulnerability
For a complete list of CVEs, check out the table below:
CVE |
Title |
Severity |
CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | Important |
CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | Important |
CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Important |
CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability | Important |
CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability | Moderate |
CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical |
CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical |
CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | Important |
CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | Important |
CVE-2021-28459 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | Important |
CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | Important |
CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | Important |
CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | Important |
CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | Important |
CVE-2021-28450 | Microsoft SharePoint Denial of Service Update | Important |
CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | Important |
CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability | Important |
CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | Important |
CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | Important |
CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important |
CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Important |
CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | Important |
CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | Important |
CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | Important |
CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | Important |
CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | Important |
CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | Important |
CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | Important |
CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability | Important |
CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | Important |
CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | Important |
CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability | Important |
CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability | Important |
CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability | Important |
CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | Important |
CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability | Important |
CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability | Important |
CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | Important |
CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | Important |
CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability | Important |
CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability | Important |
CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability | Important |
CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability | Important |
CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability | Important |
CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability | Important |
CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | Important |
CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability | Important |
CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | Important |
CVE-2021-26413 | Windows Installer Spoofing Vulnerability | Important |
CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability | Important |
CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability | Important |
CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | Important |
CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability | Important |
CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability | Important |
CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability | Important |
CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability | Important |
CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | Important |
CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | Important |
This concludes our briefing over this month’s CVE report, and as you can see the numbers are rather constant, so if you’re using any of the aforementioned products, try to either update as soon as possible or install a third-party antivirus tool to help you out.
Keep in mind that these CVEs can be quite dangerous, especially when the updates are not applied and you are left as a target for events like the monthly Exploit Wednesday, which is a derogatory term given to the day after Patch Tuesday.
What do you think about this month’s CVE report by leaving your feedback in the comments section below.