April 13, 2021

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

Nineteen of the vulnerabilities fixed this month earned Microsoft’s most-dire “Critical” label, meaning they could be used by malware or malcontents to seize remote control over vulnerable Windows systems without any help from users.

Microsoft released updates to fix four more flaws in Exchange Server versions 2013-2019 (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483). Interestingly, all four were reported by the U.S. National Security Agency, although Microsoft says it also found two of the bugs internally. A Microsoft blog post published along with today’s patches urges Exchange Server users to make patching their systems a top priority.

Satnam Narang, staff research engineer at Tenable, said these vulnerabilities have been rated ‘Exploitation More Likely’ using Microsoft’s Exploitability Index.

“Two of the four vulnerabilities (CVE-2021-28480, CVE-2021-28481) are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw,” Narang said. “With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately.”

Also patched today was a vulnerability in Windows (CVE-2021-28310) that’s being exploited in active attacks already. The flaw allows an attacker to elevate their privileges on a target system.

“This does mean that they will either need to log on to a system or trick a legitimate user into running the code on their behalf,” said Dustin Childs of Trend Micro. “Considering who is listed as discovering this bug, it is probably being used in malware. Bugs of this nature are typically combined with other bugs, such as browser bug of PDF exploit, to take over a system.”

In a technical writeup on what they’ve observed since finding and reporting attacks on CVE-2021-28310, researchers at Kaspersky Lab noted the exploit they saw was likely used together with other browser exploits to escape “sandbox” protections of the browser.

“Unfortunately, we weren’t able to capture a full chain, so we don’t know if the exploit is used with another browser zero-day, or coupled with known, patched vulnerabilities,” Kaspersky’s researchers wrote.

Allan Laska, senior security architect at Recorded Future, notes that there are several remote code execution vulnerabilities in Microsoft Office products released this month as well. CVE-2021-28454 and CVE-2021-28451 involve Excel, while CVE-2021-28453 is in Microsoft Word and CVE-2021-28449 is in Microsoft Office. All four vulnerabilities are labeled by Microsoft as “Important” (not quite as bad as “Critical”). These vulnerabilities impact all versions of their respective products, including Office 365.

Other Microsoft products that got security updates this month include Edge (Chromium-based), Azure and Azure DevOps Server, SharePoint Server, Hyper-V, Team Foundation Server, and Visual Studio.

Separately, Adobe has released security updates for Photoshop, Digital Editions, RoboHelp, and Bridge.

It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any kinks in the new armor.

But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.


30 thoughts on “Microsoft Patch Tuesday, April 2021 Edition

  1. The Sunshine State

    Their was also a upgrade for Waterfox browser (2021-03) and Chrome 64 ( 90.0.4430.70 )

    Reply
  2. Steve Snyder

    Believe it or not, I’m still getting updates for MS Office 2010.

    Reply
  3. Jeddioui abdelhafid

    110 and more unknown exploited security issues,Windows operating system is Never protected à 100% and cyber sniffers are always eager to find backdoors to our backyard, they will allways have granted access since it’s just a matter of time

    Reply
  4. Double Oh Seven

    Let’s hope this month’s patches are 1.) better regression tested and 2.) much friendlier to printing/printers than last month’s.

    Reply
  5. Tyler

    Brian’s new picture and banner looks great!

    I have a feeling these Exchange vulnerabilities are going to keep coming out after last month. Let’s hope not.

    Reply
  6. Ubuna

    Let me be clear, the windows 7 kb5001392 does not brought improvement and fixes of hybrid cloud networking and windows kernel. The kb5001335 brought of them. Mistake of microsoft web page information writing?

    Reply
  7. Sirk

    Patch Tuesday is the easiest day for Brian. He just gets to paste in the same copy he always uses, maybe tweak the numbers a little.

    Reply
    1. Cmon Man

      And yet you had the opportunity to put in the effort and add value for us by telling us something useful. …but this is what you chose.

      Reply
  8. Catwhisperer

    I swear to God the stupidest thing that Microsoft does is push out partial updates, especially with servers. I spend hours yesterday applying the updates to the virtual machines, then shut them down, apply all the available server updates to the Hyper-V server, then reboot the Hyper-V server and restart the machines. Only to come in this morning to have a god damn update pending on the Hyper-V server that again requires virtual machine shutdown, and reboot of the server. WTF is wrong with Microsoft?

    Reply
    1. mealy

      The reboot is the only way MS can do brain surgery on itself safely. Believe you me it used to be much worse
      in terms of sequential reboot requires, it used to take all day to get NT/XP/etc patched up from stock.

      Reply
    2. MS Lover

      You keep paying for a sub par backdoored OS, which has no benefit whatsoever to other options out there, other than giving server admins a job because Windows invariably breaks. If you keep paying for crap quality, why would they want to improve?

      Reply
      1. mealy

        And yet you don’t consciously decide that, you are locked in by other considerations.

        Reply
  9. Roland

    2021-04 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5001347) is failing on several of my servers. Anyone else having issue with this update?

    Reply
    1. David McKinnon

      Install SSU: KB5001402 before the CU – the SSU doesn’t require a reboot, usually:
      execute the following entries separately:
      get-windowsupdate -install -kbarticle ‘KB5001402’ -ignorereboot -confirm:$false
      get-windowsupdate -install -kbarticle ‘KB5001347’, -ignorereboot -confirm:$false

      Reply
      1. Bob-O

        Thanks David M. Our Server 2016 already has KB5001402 installed and KB5001347 still won’t install. Cleared Win Update cache but still no joy.
        Still looking for a solution…..

        Reply
    2. Bear

      YES!!! They need to get this sh*** straight. Took us 5 freaking hours to attempt to patch our SQL 2016 box and it just sat there at 70% with no movement. Eventually I had to reboot the dam VM and then kill the trustedinstaller to just get it back to a login screen..Fix it!!

      Reply
    3. B

      Yes – I have a 2016 Server that will not install KB5001347. “We couldn’t complete the updates…undoing changes. Don’t turn off your computer”. Event log shows: Package KB5001347 failed to be changed to the Installed state. Status: 0x800f0922.

      Reply
      1. B

        If anyone has found a fix for this, I’d love to know what it is…

        Reply
        1. B

          I was able to fix this and get KB5001347 installed on my Server 2016 box!
          I found one Microsoft article( https://docs.microsoft.com/en-us/troubleshoot/windows-server/deployment/error-0x800f0922-uninstall-role-feature ) where someone had gotten the same error(0x800f0922) when trying to uninstall a Windows Role or Feature – and Microsoft’s explanation was:
          “This issue can occur if there are more than 65,000 files in the Windows Temp directory.”. After I deleted the contents of the C:\Windows\Temp directory, the patch installed.

          Reply
    1. Lone Eg

      “Your Supply Chain is Bleeding”, about ten years ago.

      However there is a lot more money to be made out of privatized software for the bureaucrats at the Pentagon, so they spent most of the budget in areas where it’s needed, like marketing.

      Reply
  10. Adrian

    WhatsApp technical team recently addressed 2 security vulnerabilities (one of them (CVE-2021-24027)) in WhatsApp for Android. As per security researchers Remote attackers could have exploited these vulnerabilities to execute malicious code on a target device. see full article on WhatsApp vulnerabilities to Hack Mobile

    Reply
  11. mealy

    Customer : Updates failed.
    Oh?
    Customer : Real bad. Now it won’t turn on.
    Oh.
    Turns on, 20 trojans, 10 fake apps. 200 stored credentials, fake chrome browser, all of it. Healthy habit stuff.
    This isn’t going to work. Try an ipad?

    Reply
  12. Walter C

    KB5001330 (2021-04 Cumulative Update for Windows 10 20H2 x64) is failing to install for me. Over & over & over…

    From a few searches, I’ve got a fair amount of company (in various sorts of displeasure with KB5001330).

    Not yet owning a Mac, I am free to imagine that the grass would be far greener on that side…

    Reply
  13. mcdvoice

    I did a system restore and now the computer is working, but Windows keeps telling me that I need to restart to install the update, but every time I do a restart or a full shut down and turn the computer back on, it keeps telling me that it needs me to restart to finish installing the update. I have no clue what to do at this point. I have NEVER in my entire life had an issue with a Windows update.

    Reply
  14. timeless

    @Brian:
    > bug of [sic; s.b. or] PDF exploit

    I presume this is from their original content, so, I’d suggest keeping the `sic` 🙂

    Reply
  15. Todd

    Question:
    Since March patches I have a large percentage of my users seeing the 0x8024401f error now, none of the normal fixes for this freakin error have worked. Have any of you seen this if so how did you correct?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *