The 'Patch Tuesday' ('Tuesday of patches') is already a tradition of the greats of the American software industry: bundle your patches to release them all together on the second Tuesday of each month. I mean, last night.
This April, Microsoft's Patch Tuesday has resulted in no less than 114 patches, more than half of which come to solve some vulnerability that can be exploited for remote code execution by an attacker.
For a few hours, these patches have been available as cumulative updates on Windows Update. The name of said update will vary depending on the version of Windows 10 that we have installed in our team:
Patches affect not only Windows 10 itself, but also several of the company's main products: Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, Exchange Server, and Microsoft Edge (in the latter case, as a result of a recent Chromium update).
In total, a score of the patches released yesterday by Redmond have been classified as 'critical' ... and five of these patch zero-day vulnerabilities, that is to say that until now they were unknown by users:
- CVE-2021-27091 - RPC Endpoint Mapper service elevation of privilege.
- CVE-2021-28312: Windows NTFS denial of service vulnerability.
- CVE-2021-28437 - Windows Installer information disclosure vulnerability.
- CVE-2021-28458: elevation of privilege in Azure library ms-rest-nodeaut.
- CVE-2021-28310: elevation of privilege vulnerability with Win32k.sys.
The latter, which affects the Windows file subsystem kernel, is the most relevant on the list, as it is the only vulnerability that is listed as actively exploited.
Said vulnerability allows an attacker to escalate privileges by running a specially crafted program on a target system, which means that such an attacker will need to log into the system or trick a legitimate user into running the program.
And if we have to thank Kaspersky for detecting the previous vulnerability, the four that affect Microsoft Exchange. are listed as detected by the US National Security Agency (NSA).
How to stay up to date
Knowing all this, remember to update as soon as possible using Windows Update (Settings> Update and Security> Windows Update) or manually download the patches from the Windows Update Catalog.
And remember that the next Patch Tuesday will begin on the night of May 11, in case you want to be one of the first to update.
Via | Zero Day Initiative