Microsoft Security Bulletin Coverage for April 2021

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2021. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2021-28310 Win32k Elevation of Privilege Vulnerability
ASPY 173 Malformed-File exe.MP.175

CVE-2021-28324 Windows SMB Information Disclosure Vulnerability
ASPY 175 Malformed-File exe.MP.178

CVE-2021-28325 Windows SMB Information Disclosure Vulnerability
ASPY 176 Malformed-File exe.MP.179

CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability
ASPY 174 Malformed-File exe.MP.177

Following vulnerabilities do not have exploits in the wild :

CVE-2021-26413 Windows Installer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28450 Microsoft SharePoint Denial of Service Update
There are no known exploits in the wild.
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.