Microsoft April Security Updates for Multiple High-Risk Product Vulnerabilities

Microsoft April Security Updates for Multiple High-Risk Product Vulnerabilities

April 25, 2021 | Jie Ji

Vulnerability Description

On April 14, 2020, Microsoft released April 2020 Security Updates that fix 114 vulnerabilities, including high-risk remote code execution and privilege escalation, in various products like Microsoft Windows, Office, Edge (Chromium-based), Visual Studio Code, Microsoft Exchange Server, Visual Studio, and Azure.

In these security updates, Microsoft fixes 19 critical vulnerabilities and 88 important ones.

Affected users should take preventive measures as soon as possible. For vulnerability details, see the Appendix Vulnerability List.

Reference link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr

Description of Critical Vulnerabilities

Based on the product popularity and vulnerability importance, we have selected the vulnerabilities with a huge impact from the updates for affected users.

Exchange Server Code Execution Vulnerability (CVE-2021-28480/CVE-2021-28481/CVE-2021-28482/CVE-2021-28483)

Attackers could exploit this vulnerability to bypass the authentication by the Exchange server, executing arbitrary commands without requiring user interactions. Both CVE-2021-28480 and CVE-2021-28481 are unauthorized remote code execution vulnerabilities that have a CVSS score of 9.8. An unauthenticated attacker could exploit these vulnerabilities for lateral movement in the internal Exchange server, producing harm similar to that of worm-level vulnerabilities.

For details of these vulnerabilities, visit the following links:

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28480

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28481

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28482

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28483

Windows Win32k Privilege Escalation Vulnerability (CVE-2021-28310)

Windows Win32k contains a privilege escalation vulnerability which allows attackers to execute arbitrary code with SYSTEM privileges on the target host. Currently, vulnerability details are made publicly available and its exploitation in the wild has been detected.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310

Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)

Attackers could exploit this vulnerability to bypass Hyper-V configured with Router Guard and configure Windows as a man-in-the-middle router to intercept traffic and modify data packets.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28444

Windows SMB Information Disclosure Vulnerability (CVE-2021-28324/CVE-2021-28325)

Windows SMB contains two information disclosure vulnerabilities (CVE-2021-28324 and CVE-2021-28325) which allow attackers to access the memory content in the kernel space. The exploitation of CVE-2021-28324 does not require any form of authentication. Attackers could exploit this vulnerability to gain unauthorized access to sensitive information of the target system.

For vulnerability details, visit the following link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28324 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28325

Scope of Impact

The following table lists affected product versions that require special attention. Please view Microsoft’s security updates for other products with the scope of impact of the vulnerabilities

Vulnerability IDAffected Version
CVE-2021-28480
CVE-2021-28481
CVE-2021-28482
CVE-2021-28483
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2013 Cumulative Update 23
CVE-2021-28310Windows Server, version  20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019    (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
CVE-2021-28444Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows 8.1 for x64-based systems
Windows Server 2016    (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server, version  20H2 (Server Core Installation)
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version  2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows Server, version  1909 (Server Core installation)
Windows 10 Version 1909 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1803 for x64-based Systems
CVE-2021-28324Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
CVE-2021-28325Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019    (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016    (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems

Mitigation

Patch Update

Currently, Microsoft has released security updates to fix the preceding vulnerabilities in product versions supported by Microsoft. Affected users are strongly advised to apply these updates as soon as possible. These updates are available at the following link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr

Note: Windows Update may fail due to network and computer environment issues. Therefore, users are advised to check whether the patches are successfully applied immediately upon installation.

Right-click the Start button and choose Settings (N) > Update & Security > Windows Update to view the message on the page. Alternatively, you can view historical updates by clicking View update history.

If an update fails to be successfully installed, you can click the update name to open the Microsoft’s official update download page. Users are advised to click the links on the page to visit the “Microsoft Update Catalog” website to download and install independent packages.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyberattacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.