Microsoft Security Bulletin Coverage for April 2021

April 13, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2021. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2021-28310 Win32k Elevation of Privilege Vulnerability
ASPY 173 Malformed-File exe.MP.175

CVE-2021-28324 Windows SMB Information Disclosure Vulnerability
ASPY 175 Malformed-File exe.MP.178

CVE-2021-28325 Windows SMB Information Disclosure Vulnerability
ASPY 176 Malformed-File exe.MP.179

CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability
ASPY 174 Malformed-File exe.MP.177

Following vulnerabilities do not have exploits in the wild :

CVE-2021-26413 Windows Installer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28450 Microsoft SharePoint Denial of Service Update
There are no known exploits in the wild.
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.