Microsoft has been putting in a lot of effort for its monthly patch pack, which is released on the second Tuesday of every month. April Patch Tuesday addresses a total of 108 security flaws, 19 of which are considered serious and 89 of which are labeled major.
These figures do not include the 6 Chromium Edge flaws that were discovered earlier this month. There are also five publicly announced zero-day vulnerabilities that were fixed today, one of which is believed to be used in attacks. To complicate things worse, Microsoft patched four crucial Microsoft Exchange flaws found by the National Security Agency.
Microsoft April Security Patch : Five zero-day vulnerabilities fixed
As part of today’s Patch Tuesday, Microsoft has fixed four publicly disclosed vulnerabilities and one actively exploited vulnerability.
The following four vulnerabilities Microsoft states were publicly exposed but not exploited:
CVE-2021-27091 – RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2021-28312 – Windows NTFS Denial of Service Vulnerability
CVE-2021-28437 – Windows Installer Information Disclosure Vulnerability – PolarBear
CVE-2021-28458 – Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
The following vulnerability discovered by Kaspersky researcher Boris Larin was found exploited in the wild.
CVE-2021-28310 – Win32k Elevation of Privilege Vulnerability
To know more about the Microsoft April Security Patch – Visit here