124 CVEs were found during the April Patch Tuesday updates

Teodor Nechita
by Teodor Nechita
Software Managing Editor
Eager to help those in need, Teodor writes articles daily on subjects regarding Windows, Xbox, and all things tech-related. When not working, you may usually find him either at the gym or taking a stroll...
Affiliate Disclosure
  • Once every month a report of all CVEs is released alongside the Patch Tuesday update.
  • CVEs stand for Common Vulnerabilities and Exposures, and they apply to Microsoft and Adobe products.
  • CVEs vary in difficulty, with some being rated as Important, while others are Critical.
  • Once you've read our CVE report, you'll surely want to apply the latest security updates.

While Patch Tuesday is well-known as being that one time of the month Microsoft fixes and patches up its Windows OS, many people may also know that it is also when the monthly CVE reports come out.

Well, this happens to be today since the April Patch Tuesday updates are now live as well.

So far, 2021 has been quite abundant in CVEs, with the following numbers being discovered each month:

  • January: 91
  • February: 106
  • March: 97

The April CVE report includes 124 identified CVEs

Vulnerabilities found in Adobe products

As far as Adobe products go, a total of 10 CVEs were identified that affected Adobe Photoshop, Digital Editions, RoboHelp, and Bridge.

The Bridge update alone fixed 6 of these CVE, so if you are uisng the program, getting the latest update is almost mandatory.

As far as severity gooes, the 10 Adobe-specific CVEs were rated as following:

  • 6 CVEs were rated as Critical
    • 4 CVEs were Bridge-related
    • 2 CVEs were Photoshop-related
  • 4 CVEs were rated as Important

Vulnerabilities found in Microsoft products

As always, the Microsoft products took the bulk of the detected CVEs, with their numbers alone passing the 100 mark.

These CVEs affected programs like Microsoft Windows, Edge (Chromium-based), Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server.

As far as sheer numbers, this is the highest number of CVEs found in 2021, reaching levels comparable to those of 2020.

As far as severity is concerned of these 114 bugs, they were rated as follows:

  • 19 are rated as Critical
  • 88 are rated Important
  • One is rated Moderate in severity.

Which were some of the most severe CVEs?

As always, some CVEs stand out from the rest due to their severity, the way that they can be exploited, or simply by how hard they are to handle once they are taken advantage of.

For a complete list of CVEs, check out the table below:

CVE

Title

Severity

CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical
CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability Important
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important
CVE-2021-28450 Microsoft SharePoint Denial of Service Update Important
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important
CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important
CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important
CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability Important
CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability Important
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important
CVE-2021-26413 Windows Installer Spoofing Vulnerability Important
CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability Important
CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability Important
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important
CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability Important
CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability Important
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important
CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important
CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability Important
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability Important
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability Important
CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability Important
CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability Important

This concludes our briefing over this month’s CVE report, and as you can see the numbers are rather constant, so if you’re using any of the aforementioned products, try to either update as soon as possible or install a third-party antivirus tool to help you out.

Keep in mind that these CVEs can be quite dangerous, especially when the updates are not applied and you are left as a target for events like the monthly Exploit Wednesday, which is a derogatory term given to the day after Patch Tuesday.

What do you think about this month’s CVE report by leaving your feedback in the comments section below.

This article covers:Topics:

There are no comments yet. Please leave a comment

add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *