The April security patch bundle from Microsoft resolves 108 vulnerabilities, 19 of them Critical and 5 are zero-day with one already under active attack.
The majority of the remote code execution vulnerabilities fixed this month are in the Windows Remote Procedure Call Runtime. 27 Critical or Important vulnerabilities have been resolved in this software that could otherwise allow an attacker to execute arbitrary code on Windows systems across the network.
An elevation of privilege zero-day vulnerability which is being exploited in the wild was also fixed (CVE-2021-28310) which affects Windows desktop and server software. Kaspersky Labs reported seeing this exploit being used as part of an attack from a known state backed group called BITTER.
Exchange Remote Code Execution vulnerabilities patched
Included in the patch bundle are fixes for four new critical remote code execution vulnerabilities discovered by the NSA. (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) Coming hot on the heels of the ProxyLogon vulnerabilities which kept Exchange administrators busy in March, April is shaping up to be another intense month for businesses running on-premise Exchange servers. Microsoft’s Exchange Team Blog provides more detail about these newly patched vulnerabilities and how to install the patches.
Two of these vulnerabilities (CVE-2021-28480, CVE-2021-28481) can be exploited pre-authentication which means they can be exploited without the attacker needing to know any login credentials for the Exchange server. With all the attention given to Exchange servers over the last month in the press and from malicious users, it is more likely these vulnerabilities will come under active attack quickly and so prompt patching is needed to protect your network.